From: Bastian Sebode via pve-user <pve-user@lists.proxmox.com>
To: pve-user@lists.proxmox.com
Cc: Bastian Sebode <b.sebode@linet-services.de>
Subject: Re: [PVE-User] Mapping of VLAN tags to Linux bridges: Is that possible?
Date: Mon, 22 Jul 2024 21:18:26 +0200 [thread overview]
Message-ID: <mailman.628.1721675915.331.pve-user@lists.proxmox.com> (raw)
In-Reply-To: <6aee1ef2-47f5-4d1c-8600-88cd796be6e7@dkfz-heidelberg.de>
[-- Attachment #1: Type: message/rfc822, Size: 6871 bytes --]
From: Bastian Sebode <b.sebode@linet-services.de>
To: pve-user@lists.proxmox.com
Subject: Re: [PVE-User] Mapping of VLAN tags to Linux bridges: Is that possible?
Date: Mon, 22 Jul 2024 21:18:26 +0200
Message-ID: <a17e803d-9c89-4b56-a0ee-bfe6bedd136d@linet-services.de>
Hello Frank,
you can achieve that with normal Linux networking already, without the
need of SDN.
Over the Network Tab of the Hosts GUI (interface names are examples):
- Create the Bond/LAG/Port Channel/Trunk on the switch, put the needed
VLANs tagged on it
- Create a "Linux Bond" `bond0` with the host interfaces `ens18 ens19`,
preferably with LACP on Host and Switch. No IP address necessary
- Create a "Linux VLAN" `bond0.90` with the "vlan raw device" `bond0`.
No IP address necessary
- Create a "Linux Bridge" `vmbr90` with the slave interface `bond0.90`.
No IP address necessary, only if you want to manage the server over it
- Attach the VMs to the VLAN bridge
- Repeat for every VLAN you need
There is also the possibility to have the VLAN Tags on the Linux bridge,
but I would always prefer the mentioned above.
Hope this helps and others can confirm that the are using such a setup.
Peace
Bastian
On 22.07.24 19:38, Frank Thommen wrote:
> Dear list members,
>
> our current three-node PVE cluster hosts VMs from three different
> subnets/VLANs. Each host has - besides the network ports for the Ceph
> cluster - eight physical network ports (two for the host itself and
> two for each of the three VLANs). Always two ports are configured like
> this:
>
> switch port - host port (1 Gbit) \
> +- bond - bridge
> switch port - host port (1 Gbit) /
>
> This is nice, because when configuring a VM, we can choose the
> appropriate bridge from the network menu, which also shows me the
> bridge's description, so that there can't be any mistakes as to which
> brigde has to be selected. However that comes with too many cables and
> too many NICs. Especially as we expect to have to support more subnets
> in the near future.
>
> Our networking department has suggested to move from dedicated switch
> ports to VLAN tags. This would reduce the eight 1 Gbit ports to two 25
> Gbit ports per host (LACP bonded), but as far as I can see, we would
> then have to - manually - enter the correct VLAN tag number for each
> virtual network device. I expect this to be very error prone and
> unintuitive. Best would be, if it would be possible to create Linux
> bridges which map to individual VLAN tags like this:
>
> switch port - host port (25 Gbit) \ / VLAN 12 - bridge1
> +- bond -- VLAN 56 - bridge2
> switch port - host port (25 Gbit) / \ VLAN 25 - bridge3
>
>
> but unfortunately with PVE 7.x I could not find a way to achieve this.
> Is such a setup possible at all?
>
> I've read, that PVE 8.x greatly enhances the SDN capabilities of PVE.
> Will these SDN capabilities enable us, to achieve the VLAN-bridge
> mapping?
>
> Thanks for any hint or pointer
> Frank
>
> _______________________________________________
> pve-user mailing list
> pve-user@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>
--
Bastian Sebode
Fachinformatiker Systemintegration
LINET Services GmbH | Cyriaksring 10a | 38118 Braunschweig
Tel. 0531-180508-0 | Fax 0531-180508-29 | http://www.linet-services.de
LINET in den sozialen Netzwerken:
www.twitter.com/linetservices | www.facebook.com/linetservices
Wissenswertes aus der IT-Welt: www.linet-services.de/blog/
Geschäftsführung: Timo Springmann, Mirko Savic und Moritz Bunkus
HR B 9170 Amtsgericht Braunschweig
USt-IdNr. DE 259 526 516
[-- Attachment #2: Type: text/plain, Size: 157 bytes --]
_______________________________________________
pve-user mailing list
pve-user@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user
next parent reply other threads:[~2024-07-22 19:18 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <6aee1ef2-47f5-4d1c-8600-88cd796be6e7@dkfz-heidelberg.de>
2024-07-22 19:18 ` Bastian Sebode via pve-user [this message]
2024-07-22 19:23 ` David der Nederlanden | ITTY via pve-user
2024-07-22 19:27 ` Gilberto Ferreira
2024-07-22 19:28 ` [PVE-User] [Extern] - " Frank Thommen
2024-07-22 19:27 ` Frank Thommen
2024-07-23 11:14 ` Stefan Radman via pve-user
[not found] ` <7de79cbf-90d0-40e2-87ec-dde2f6b21f0c@email.android.com>
2024-07-22 19:28 ` [PVE-User] " Bastian Sebode via pve-user
2024-07-22 18:39 David der Nederlanden | ITTY via pve-user
-- strict thread matches above, loose matches on Subject: below --
2024-07-22 18:39 David der Nederlanden | ITTY via pve-user
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=mailman.628.1721675915.331.pve-user@lists.proxmox.com \
--to=pve-user@lists.proxmox.com \
--cc=b.sebode@linet-services.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal