* Re: [PVE-User] Mapping of VLAN tags to Linux bridges: Is that possible?
@ 2024-07-22 18:39 David der Nederlanden | ITTY via pve-user
0 siblings, 0 replies; 6+ messages in thread
From: David der Nederlanden | ITTY via pve-user @ 2024-07-22 18:39 UTC (permalink / raw)
To: Proxmox VE user list; +Cc: David der Nederlanden | ITTY, PVE User List
[-- Attachment #1: Type: message/rfc822, Size: 14760 bytes --]
From: David der Nederlanden | ITTY <david@itty.nl>
To: Proxmox VE user list <pve-user@lists.proxmox.com>
Cc: PVE User List <pve-user@pve.proxmox.com>
Subject: Re: [PVE-User] Mapping of VLAN tags to Linux bridges: Is that possible?
Date: Mon, 22 Jul 2024 18:39:27 +0000
Message-ID: <6a5e5310-b807-4711-8625-e7e93b637047@email.android.com>
Hi Frank,
You can definitely accomplish this with SDN in PVE 8.x,
if you prefer a video explanation of it, I can recommend these two:
https://youtu.be/PyJXRwqg494?si=RAEZx5sbooqlzxiX
https://youtu.be/_lIk9p_SyvU?si=v9CAgKmG42xy1_ze
Also I recommend upgrading to PVE 8, 7 is EOL soon, which means it won't receive updates anymore, even though it will likely still work fine.
It brings great new features.
Kind regards
David der Nederlanden
On 22 Jul 2024 19:50, Frank Thommen <f.thommen@dkfz-heidelberg.de> wrote:
Dear list members,
our current three-node PVE cluster hosts VMs from three different
subnets/VLANs. Each host has - besides the network ports for the Ceph
cluster - eight physical network ports (two for the host itself and two
for each of the three VLANs). Always two ports are configured like this:
switch port - host port (1 Gbit) \
+- bond - bridge
switch port - host port (1 Gbit) /
This is nice, because when configuring a VM, we can choose the
appropriate bridge from the network menu, which also shows me the
bridge's description, so that there can't be any mistakes as to which
brigde has to be selected. However that comes with too many cables and
too many NICs. Especially as we expect to have to support more subnets
in the near future.
Our networking department has suggested to move from dedicated switch
ports to VLAN tags. This would reduce the eight 1 Gbit ports to two 25
Gbit ports per host (LACP bonded), but as far as I can see, we would
then have to - manually - enter the correct VLAN tag number for each
virtual network device. I expect this to be very error prone and
unintuitive. Best would be, if it would be possible to create Linux
bridges which map to individual VLAN tags like this:
switch port - host port (25 Gbit) \ / VLAN 12 - bridge1
+- bond -- VLAN 56 - bridge2
switch port - host port (25 Gbit) / \ VLAN 25 - bridge3
but unfortunately with PVE 7.x I could not find a way to achieve this.
Is such a setup possible at all?
I've read, that PVE 8.x greatly enhances the SDN capabilities of PVE.
Will these SDN capabilities enable us, to achieve the VLAN-bridge mapping?
Thanks for any hint or pointer
Frank
_______________________________________________
pve-user mailing list
pve-user@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user
[-- Attachment #2: Type: text/plain, Size: 157 bytes --]
_______________________________________________
pve-user mailing list
pve-user@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user
^ permalink raw reply [flat|nested] 6+ messages in thread[parent not found: <6aee1ef2-47f5-4d1c-8600-88cd796be6e7@dkfz-heidelberg.de>]
* Re: [PVE-User] Mapping of VLAN tags to Linux bridges: Is that possible?
[not found] <6aee1ef2-47f5-4d1c-8600-88cd796be6e7@dkfz-heidelberg.de>
@ 2024-07-22 19:18 ` Bastian Sebode via pve-user
2024-07-22 19:23 ` David der Nederlanden | ITTY via pve-user
[not found] ` <7de79cbf-90d0-40e2-87ec-dde2f6b21f0c@email.android.com>
0 siblings, 2 replies; 6+ messages in thread
From: Bastian Sebode via pve-user @ 2024-07-22 19:18 UTC (permalink / raw)
To: pve-user; +Cc: Bastian Sebode
[-- Attachment #1: Type: message/rfc822, Size: 6871 bytes --]
From: Bastian Sebode <b.sebode@linet-services.de>
To: pve-user@lists.proxmox.com
Subject: Re: [PVE-User] Mapping of VLAN tags to Linux bridges: Is that possible?
Date: Mon, 22 Jul 2024 21:18:26 +0200
Message-ID: <a17e803d-9c89-4b56-a0ee-bfe6bedd136d@linet-services.de>
Hello Frank,
you can achieve that with normal Linux networking already, without the
need of SDN.
Over the Network Tab of the Hosts GUI (interface names are examples):
- Create the Bond/LAG/Port Channel/Trunk on the switch, put the needed
VLANs tagged on it
- Create a "Linux Bond" `bond0` with the host interfaces `ens18 ens19`,
preferably with LACP on Host and Switch. No IP address necessary
- Create a "Linux VLAN" `bond0.90` with the "vlan raw device" `bond0`.
No IP address necessary
- Create a "Linux Bridge" `vmbr90` with the slave interface `bond0.90`.
No IP address necessary, only if you want to manage the server over it
- Attach the VMs to the VLAN bridge
- Repeat for every VLAN you need
There is also the possibility to have the VLAN Tags on the Linux bridge,
but I would always prefer the mentioned above.
Hope this helps and others can confirm that the are using such a setup.
Peace
Bastian
On 22.07.24 19:38, Frank Thommen wrote:
> Dear list members,
>
> our current three-node PVE cluster hosts VMs from three different
> subnets/VLANs. Each host has - besides the network ports for the Ceph
> cluster - eight physical network ports (two for the host itself and
> two for each of the three VLANs). Always two ports are configured like
> this:
>
> switch port - host port (1 Gbit) \
> +- bond - bridge
> switch port - host port (1 Gbit) /
>
> This is nice, because when configuring a VM, we can choose the
> appropriate bridge from the network menu, which also shows me the
> bridge's description, so that there can't be any mistakes as to which
> brigde has to be selected. However that comes with too many cables and
> too many NICs. Especially as we expect to have to support more subnets
> in the near future.
>
> Our networking department has suggested to move from dedicated switch
> ports to VLAN tags. This would reduce the eight 1 Gbit ports to two 25
> Gbit ports per host (LACP bonded), but as far as I can see, we would
> then have to - manually - enter the correct VLAN tag number for each
> virtual network device. I expect this to be very error prone and
> unintuitive. Best would be, if it would be possible to create Linux
> bridges which map to individual VLAN tags like this:
>
> switch port - host port (25 Gbit) \ / VLAN 12 - bridge1
> +- bond -- VLAN 56 - bridge2
> switch port - host port (25 Gbit) / \ VLAN 25 - bridge3
>
>
> but unfortunately with PVE 7.x I could not find a way to achieve this.
> Is such a setup possible at all?
>
> I've read, that PVE 8.x greatly enhances the SDN capabilities of PVE.
> Will these SDN capabilities enable us, to achieve the VLAN-bridge
> mapping?
>
> Thanks for any hint or pointer
> Frank
>
> _______________________________________________
> pve-user mailing list
> pve-user@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>
--
Bastian Sebode
Fachinformatiker Systemintegration
LINET Services GmbH | Cyriaksring 10a | 38118 Braunschweig
Tel. 0531-180508-0 | Fax 0531-180508-29 | http://www.linet-services.de
LINET in den sozialen Netzwerken:
www.twitter.com/linetservices | www.facebook.com/linetservices
Wissenswertes aus der IT-Welt: www.linet-services.de/blog/
Geschäftsführung: Timo Springmann, Mirko Savic und Moritz Bunkus
HR B 9170 Amtsgericht Braunschweig
USt-IdNr. DE 259 526 516
[-- Attachment #2: Type: text/plain, Size: 157 bytes --]
_______________________________________________
pve-user mailing list
pve-user@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user
^ permalink raw reply [flat|nested] 6+ messages in thread* Re: [PVE-User] Mapping of VLAN tags to Linux bridges: Is that possible?
2024-07-22 19:18 ` Bastian Sebode via pve-user
@ 2024-07-22 19:23 ` David der Nederlanden | ITTY via pve-user
2024-07-22 19:27 ` Gilberto Ferreira
[not found] ` <7de79cbf-90d0-40e2-87ec-dde2f6b21f0c@email.android.com>
1 sibling, 1 reply; 6+ messages in thread
From: David der Nederlanden | ITTY via pve-user @ 2024-07-22 19:23 UTC (permalink / raw)
To: Proxmox VE user list; +Cc: David der Nederlanden | ITTY
[-- Attachment #1: Type: message/rfc822, Size: 10869 bytes --]
From: David der Nederlanden | ITTY <david@itty.nl>
To: Proxmox VE user list <pve-user@lists.proxmox.com>
Subject: Re: [PVE-User] Mapping of VLAN tags to Linux bridges: Is that possible?
Date: Mon, 22 Jul 2024 19:23:34 +0000
Message-ID: <7de79cbf-90d0-40e2-87ec-dde2f6b21f0c@email.android.com>
Hi Bastian,
This is a good way too indeed, but it has to be done on each node and be exactly the same, now with SDN you can manage this from a cluster perspective, which is a great advancement and makes it less complex (I think, as we manage it per VM).
Kind regards
David
On 22 Jul 2024 21:18, Bastian Sebode via pve-user <pve-user@lists.proxmox.com> wrote:
_______________________________________________
pve-user mailing list
pve-user@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user
[-- Attachment #2: Type: text/plain, Size: 157 bytes --]
_______________________________________________
pve-user mailing list
pve-user@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user
^ permalink raw reply [flat|nested] 6+ messages in thread* Re: [PVE-User] Mapping of VLAN tags to Linux bridges: Is that possible?
2024-07-22 19:23 ` David der Nederlanden | ITTY via pve-user
@ 2024-07-22 19:27 ` Gilberto Ferreira
0 siblings, 0 replies; 6+ messages in thread
From: Gilberto Ferreira @ 2024-07-22 19:27 UTC (permalink / raw)
To: Proxmox VE user list
Hi.
I also think with the SDN is a better way to go, if you want to replicate
the setting throughout the cluster.
Cheers
---
Gilbert
Em seg., 22 de jul. de 2024 às 16:24, David der Nederlanden | ITTY via
pve-user <pve-user@lists.proxmox.com> escreveu:
>
>
>
> ---------- Forwarded message ----------
> From: "David der Nederlanden | ITTY" <david@itty.nl>
> To: Proxmox VE user list <pve-user@lists.proxmox.com>
> Cc:
> Bcc:
> Date: Mon, 22 Jul 2024 19:23:34 +0000
> Subject: Re: [PVE-User] Mapping of VLAN tags to Linux bridges: Is that
> possible?
> Hi Bastian,
>
> This is a good way too indeed, but it has to be done on each node and be
> exactly the same, now with SDN you can manage this from a cluster
> perspective, which is a great advancement and makes it less complex (I
> think, as we manage it per VM).
>
> Kind regards
> David
>
> On 22 Jul 2024 21:18, Bastian Sebode via pve-user <
> pve-user@lists.proxmox.com> wrote:
> _______________________________________________
> pve-user mailing list
> pve-user@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>
>
>
> ---------- Forwarded message ----------
> From: "David der Nederlanden | ITTY via pve-user" <
> pve-user@lists.proxmox.com>
> To: Proxmox VE user list <pve-user@lists.proxmox.com>
> Cc: "David der Nederlanden | ITTY" <david@itty.nl>
> Bcc:
> Date: Mon, 22 Jul 2024 19:23:34 +0000
> Subject: Re: [PVE-User] Mapping of VLAN tags to Linux bridges: Is that
> possible?
> _______________________________________________
> pve-user mailing list
> pve-user@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>
_______________________________________________
pve-user mailing list
pve-user@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user
^ permalink raw reply [flat|nested] 6+ messages in thread
[parent not found: <7de79cbf-90d0-40e2-87ec-dde2f6b21f0c@email.android.com>]
* Re: [PVE-User] Mapping of VLAN tags to Linux bridges: Is that possible?
[not found] ` <7de79cbf-90d0-40e2-87ec-dde2f6b21f0c@email.android.com>
@ 2024-07-22 19:28 ` Bastian Sebode via pve-user
0 siblings, 0 replies; 6+ messages in thread
From: Bastian Sebode via pve-user @ 2024-07-22 19:28 UTC (permalink / raw)
To: David der Nederlanden | ITTY, Proxmox VE user list; +Cc: Bastian Sebode
[-- Attachment #1: Type: message/rfc822, Size: 4709 bytes --]
From: Bastian Sebode <b.sebode@linet-services.de>
To: David der Nederlanden | ITTY <david@itty.nl>, Proxmox VE user list <pve-user@lists.proxmox.com>
Subject: Re: [PVE-User] Mapping of VLAN tags to Linux bridges: Is that possible?
Date: Mon, 22 Jul 2024 21:28:49 +0200
Message-ID: <d3239b7f-8128-4358-a9f8-5f7eddad2d3e@linet-services.de>
Hi David,
thanks for the clarification. Off course it has to be done on all nodes.
I should have a closer look on SDN soon. ;-)
Regards
Bastian
On 22.07.24 21:23, David der Nederlanden | ITTY wrote:
> Hi Bastian,
>
> This is a good way too indeed, but it has to be done on each node and
> be exactly the same, now with SDN you can manage this from a cluster
> perspective, which is a great advancement and makes it less complex (I
> think, as we manage it per VM).
>
> Kind regards
> David
>
> On 22 Jul 2024 21:18, Bastian Sebode via pve-user
> <pve-user@lists.proxmox.com> wrote:
> _______________________________________________
> pve-user mailing list
> pve-user@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user
--
Bastian Sebode
Fachinformatiker Systemintegration
LINET Services GmbH | Cyriaksring 10a | 38118 Braunschweig
Tel. 0531-180508-0 | Fax 0531-180508-29 | http://www.linet-services.de
LINET in den sozialen Netzwerken:
www.twitter.com/linetservices | www.facebook.com/linetservices
Wissenswertes aus der IT-Welt: www.linet-services.de/blog/
Geschäftsführung: Timo Springmann, Mirko Savic und Moritz Bunkus
HR B 9170 Amtsgericht Braunschweig
USt-IdNr. DE 259 526 516
[-- Attachment #2: Type: text/plain, Size: 157 bytes --]
_______________________________________________
pve-user mailing list
pve-user@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PVE-User] Mapping of VLAN tags to Linux bridges: Is that possible?
@ 2024-07-22 18:39 David der Nederlanden | ITTY via pve-user
0 siblings, 0 replies; 6+ messages in thread
From: David der Nederlanden | ITTY via pve-user @ 2024-07-22 18:39 UTC (permalink / raw)
To: Proxmox VE user list; +Cc: David der Nederlanden | ITTY, PVE User List
[-- Attachment #1: Type: message/rfc822, Size: 14753 bytes --]
From: David der Nederlanden | ITTY <david@itty.nl>
To: Proxmox VE user list <pve-user@lists.proxmox.com>
Cc: PVE User List <pve-user@pve.proxmox.com>
Subject: Re: [PVE-User] Mapping of VLAN tags to Linux bridges: Is that possible?
Date: Mon, 22 Jul 2024 18:39:27 +0000
Message-ID: <6a5e5310-b807-4711-8625-e7e93b637047@email.android.com>
Hi Frank,
You can definitely accomplish this with SDN in PVE 8.x,
if you prefer a video explanation of it, I can recommend these two:
https://youtu.be/PyJXRwqg494?si=RAEZx5sbooqlzxiX
https://youtu.be/_lIk9p_SyvU?si=v9CAgKmG42xy1_ze
Also I recommend upgrading to PVE 8, 7 is EOL soon, which means it won't receive updates anymore, even though it will likely still work fine.
It brings great new features.
Kind regards
David der Nederlanden
On 22 Jul 2024 19:50, Frank Thommen <f.thommen@dkfz-heidelberg.de> wrote:
Dear list members,
our current three-node PVE cluster hosts VMs from three different
subnets/VLANs. Each host has - besides the network ports for the Ceph
cluster - eight physical network ports (two for the host itself and two
for each of the three VLANs). Always two ports are configured like this:
switch port - host port (1 Gbit) \
+- bond - bridge
switch port - host port (1 Gbit) /
This is nice, because when configuring a VM, we can choose the
appropriate bridge from the network menu, which also shows me the
bridge's description, so that there can't be any mistakes as to which
brigde has to be selected. However that comes with too many cables and
too many NICs. Especially as we expect to have to support more subnets
in the near future.
Our networking department has suggested to move from dedicated switch
ports to VLAN tags. This would reduce the eight 1 Gbit ports to two 25
Gbit ports per host (LACP bonded), but as far as I can see, we would
then have to - manually - enter the correct VLAN tag number for each
virtual network device. I expect this to be very error prone and
unintuitive. Best would be, if it would be possible to create Linux
bridges which map to individual VLAN tags like this:
switch port - host port (25 Gbit) \ / VLAN 12 - bridge1
+- bond -- VLAN 56 - bridge2
switch port - host port (25 Gbit) / \ VLAN 25 - bridge3
but unfortunately with PVE 7.x I could not find a way to achieve this.
Is such a setup possible at all?
I've read, that PVE 8.x greatly enhances the SDN capabilities of PVE.
Will these SDN capabilities enable us, to achieve the VLAN-bridge mapping?
Thanks for any hint or pointer
Frank
_______________________________________________
pve-user mailing list
pve-user@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user
[-- Attachment #2: Type: text/plain, Size: 157 bytes --]
_______________________________________________
pve-user mailing list
pve-user@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2024-07-22 19:28 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-07-22 18:39 [PVE-User] Mapping of VLAN tags to Linux bridges: Is that possible? David der Nederlanden | ITTY via pve-user
[not found] <6aee1ef2-47f5-4d1c-8600-88cd796be6e7@dkfz-heidelberg.de>
2024-07-22 19:18 ` Bastian Sebode via pve-user
2024-07-22 19:23 ` David der Nederlanden | ITTY via pve-user
2024-07-22 19:27 ` Gilberto Ferreira
[not found] ` <7de79cbf-90d0-40e2-87ec-dde2f6b21f0c@email.android.com>
2024-07-22 19:28 ` Bastian Sebode via pve-user
-- strict thread matches above, loose matches on Subject: below --
2024-07-22 18:39 David der Nederlanden | ITTY via pve-user
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox