[pve-devel] bridge on top of bridge?

Andrew Thrift andrew at networklabs.co.nz
Sun Feb 15 23:28:54 CET 2015 

Hi Stefan,

We use bonded 10gigabit, our config is below.

Note eth0 and eth1 are not used.

We put customer VM's inside the relevant vmbr and tag them with a vlan.
So say they are on vmbr0 and we set the vlan in PVE to 55 they would have
an outer tag of 101 and an inner tag of 55.

This works very nicely.



auto lo
iface lo inet loopback

auto eth0
iface eth0 inet manual

auto eth1
iface eth1 inet manual

auto eth2
iface eth2 inet manual
#post-up for i in rx tx sg tso gso gro; do ethtool -K $IFACE $i off; done

auto eth3
iface eth3 inet manual
#post-up for i in rx tx sg tso gso gro; do ethtool -K $IFACE $i off; done

auto bond0
iface bond0 inet manual
        # bonding confuration
        bond_mode 802.3ad
        bond_miimon 100
        bond-lacp-rate 1
        bond-xmit-hash-policy layer3+4
        bond_slaves eth2 eth3
        post-up ifconfig $IFACE mtu 9000

#Cust01 vlan
auto bond0.101
iface bond0.101 inet manual

#Cust02 vlan
auto bond0.102
iface bond0.102 inet manual

#Cust03 vlan
auto bond0.103
iface bond0.103 inet manual

#Cust04 vlan
auto bond0.104
iface bond0.104 inet manual

#MgmtServers vlan
auto bond0.200
iface bond0.200 inet manual

#Bridge configuration
auto mgmtbr0
iface mgmtbr0 inet static
        address 10.99.99.104
        netmask 255.255.255.0
        gateway 10.99.99.254
        post-up ifconfig $IFACE mtu 1500
        bridge_ports bond0.200
        bridge_stp off
        bridge_fd 0

auto vmbr0
iface vmbr0 inet manual
        bridge_ports bond0.101
        bridge_stp off
        bridge_fd 0

auto vmbr1
iface vmbr1 inet manual
        bridge_ports bond0.102
        bridge_stp off
        bridge_fd 0

auto vmbr2
iface vmbr2 inet manual
        bridge_ports bond0.103
        bridge_stp off
        bridge_fd 0

auto vmbr3
iface vmbr3 inet manual
        bridge_ports bond0.104
        bridge_stp off
        bridge_fd 0

On Sat, Feb 14, 2015 at 9:11 PM, Stefan Priebe <s.priebe at profihost.ag>
wrote:

> Hi,
>
> how does your interfaces file looks like?
>
> Thanks!
>
> Stefan
>
> Am 11.02.2015 um 22:28 schrieb Andrew Thrift:
>
>> Hi Stefan,
>>
>> I posted a patch to do this a while back:
>>
>> http://pve.proxmox.com/pipermail/pve-devel/2013-April/006995.html
>>
>> It will need a few changes to work on pve-test but we have been running
>> it in production for a few years now.
>>
>>
>>
>>
>> On Thu, Feb 12, 2015 at 8:44 AM, Stefan Priebe <s.priebe at profihost.ag
>> <mailto:s.priebe at profihost.ag>> wrote:
>>
>>
>>     Am 11.02.2015 um 20:25 schrieb Alexandre DERUMIER:
>>
>>                 does anybody know a way to have two bridges on top of
>>                 one bond?
>>
>>
>>         AFAIK, it's not possible to put a single interfaces on 2 bridge.
>>
>>         It's possible with tagged interfaces.
>>
>>
>>     Yes but the problem is i just would like to have a PVID - so no
>>     untagged traffic on that bridge but there may be other tap devices
>>     with a vid.
>>
>>         But I think that mixing 1 interface - 1 brige
>>                                   1 internface.tag - 1 another bridge
>>
>>         is not working
>>         (maybe a linux bug).
>>
>>     That may work but won't help me as the "another" bridge may contain
>>     multiple other tags.
>>
>>         I think it's work with openvswitch.
>>         (I think it work also with an ovs on top of another ovs with
>>         tagged port)
>>
>>
>>     That sounds great. Never touched openvswitch? Is there a howto for
>>     proxmox? What's the advantage over normal linux bridges?
>>
>>     Greets,
>>     Stefan
>>
>>
>>
>>         ----- Mail original -----
>>         De: "Stefan Priebe" <s.priebe at profihost.ag
>>         <mailto:s.priebe at profihost.ag>>
>>         À: "pve-devel" <pve-devel at pve.proxmox.com
>>         <mailto:pve-devel at pve.proxmox.com>>
>>         Envoyé: Mercredi 11 Février 2015 13:41:58
>>         Objet: [pve-devel] bridge on top of bridge?
>>
>>         Hi,
>>
>>         does anybody know a way to have two bridges on top of one bond?
>>         I woulod
>>         like to use the PVID feature for another bridge than the default
>> one
>>         (private LAN without the need to enable tagging on the tap
>> device).
>>
>>         I already tried to add the 2nd bridge on top of the bond or to
>>         put the
>>         2nd bridge into the first bridge. Both does not work.
>>
>>         Greets,
>>         Stefan
>>         _________________________________________________
>>         pve-devel mailing list
>>         pve-devel at pve.proxmox.com <mailto:pve-devel at pve.proxmox.com>
>>         http://pve.proxmox.com/cgi-__bin/mailman/listinfo/pve-devel
>>         <http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>
>>
>>     _________________________________________________
>>     pve-devel mailing list
>>     pve-devel at pve.proxmox.com <mailto:pve-devel at pve.proxmox.com>
>>     http://pve.proxmox.com/cgi-__bin/mailman/listinfo/pve-devel
>>     <http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>
>>
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.proxmox.com/pipermail/pve-devel/attachments/20150216/614a7782/attachment.htm>

More information about the pve-devel mailing list