From: Bastian Sebode via pve-user <pve-user@lists.proxmox.com>
To: pve-user@lists.proxmox.com
Cc: Bastian Sebode <b.sebode@linet-services.de>
Subject: Re: [PVE-User] Mapping of VLAN tags to Linux bridges: Is that possible?
Date: Mon, 22 Jul 2024 21:18:26 +0200 [thread overview]
Message-ID: <mailman.628.1721675915.331.pve-user@lists.proxmox.com> (raw)
In-Reply-To: <6aee1ef2-47f5-4d1c-8600-88cd796be6e7@dkfz-heidelberg.de>
[-- Attachment #1: Type: message/rfc822, Size: 6871 bytes --]
From: Bastian Sebode <b.sebode@linet-services.de>
To: pve-user@lists.proxmox.com
Subject: Re: [PVE-User] Mapping of VLAN tags to Linux bridges: Is that possible?
Date: Mon, 22 Jul 2024 21:18:26 +0200
Message-ID: <a17e803d-9c89-4b56-a0ee-bfe6bedd136d@linet-services.de>
Hello Frank,
you can achieve that with normal Linux networking already, without the
need of SDN.
Over the Network Tab of the Hosts GUI (interface names are examples):
- Create the Bond/LAG/Port Channel/Trunk on the switch, put the needed
VLANs tagged on it
- Create a "Linux Bond" `bond0` with the host interfaces `ens18 ens19`,
preferably with LACP on Host and Switch. No IP address necessary
- Create a "Linux VLAN" `bond0.90` with the "vlan raw device" `bond0`.
No IP address necessary
- Create a "Linux Bridge" `vmbr90` with the slave interface `bond0.90`.
No IP address necessary, only if you want to manage the server over it
- Attach the VMs to the VLAN bridge
- Repeat for every VLAN you need
There is also the possibility to have the VLAN Tags on the Linux bridge,
but I would always prefer the mentioned above.
Hope this helps and others can confirm that the are using such a setup.
Peace
Bastian
On 22.07.24 19:38, Frank Thommen wrote:
> Dear list members,
>
> our current three-node PVE cluster hosts VMs from three different
> subnets/VLANs. Each host has - besides the network ports for the Ceph
> cluster - eight physical network ports (two for the host itself and
> two for each of the three VLANs). Always two ports are configured like
> this:
>
> switch port - host port (1 Gbit) \
> +- bond - bridge
> switch port - host port (1 Gbit) /
>
> This is nice, because when configuring a VM, we can choose the
> appropriate bridge from the network menu, which also shows me the
> bridge's description, so that there can't be any mistakes as to which
> brigde has to be selected. However that comes with too many cables and
> too many NICs. Especially as we expect to have to support more subnets
> in the near future.
>
> Our networking department has suggested to move from dedicated switch
> ports to VLAN tags. This would reduce the eight 1 Gbit ports to two 25
> Gbit ports per host (LACP bonded), but as far as I can see, we would
> then have to - manually - enter the correct VLAN tag number for each
> virtual network device. I expect this to be very error prone and
> unintuitive. Best would be, if it would be possible to create Linux
> bridges which map to individual VLAN tags like this:
>
> switch port - host port (25 Gbit) \ / VLAN 12 - bridge1
> +- bond -- VLAN 56 - bridge2
> switch port - host port (25 Gbit) / \ VLAN 25 - bridge3
>
>
> but unfortunately with PVE 7.x I could not find a way to achieve this.
> Is such a setup possible at all?
>
> I've read, that PVE 8.x greatly enhances the SDN capabilities of PVE.
> Will these SDN capabilities enable us, to achieve the VLAN-bridge
> mapping?
>
> Thanks for any hint or pointer
> Frank
>
> _______________________________________________
> pve-user mailing list
> pve-user@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>
--
Bastian Sebode
Fachinformatiker Systemintegration
LINET Services GmbH | Cyriaksring 10a | 38118 Braunschweig
Tel. 0531-180508-0 | Fax 0531-180508-29 | http://www.linet-services.de
LINET in den sozialen Netzwerken:
www.twitter.com/linetservices | www.facebook.com/linetservices
Wissenswertes aus der IT-Welt: www.linet-services.de/blog/
Geschäftsführung: Timo Springmann, Mirko Savic und Moritz Bunkus
HR B 9170 Amtsgericht Braunschweig
USt-IdNr. DE 259 526 516
[-- Attachment #2: Type: text/plain, Size: 157 bytes --]
_______________________________________________
pve-user mailing list
pve-user@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user
next parent reply other threads:[~2024-07-22 19:18 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <6aee1ef2-47f5-4d1c-8600-88cd796be6e7@dkfz-heidelberg.de>
2024-07-22 19:18 ` Bastian Sebode via pve-user [this message]
2024-07-22 19:23 ` David der Nederlanden | ITTY via pve-user
2024-07-22 19:27 ` Gilberto Ferreira
2024-07-22 19:28 ` [PVE-User] [Extern] - " Frank Thommen
2024-07-22 19:27 ` Frank Thommen
2024-07-23 11:14 ` Stefan Radman via pve-user
[not found] ` <7de79cbf-90d0-40e2-87ec-dde2f6b21f0c@email.android.com>
2024-07-22 19:28 ` [PVE-User] " Bastian Sebode via pve-user
2024-07-22 18:39 David der Nederlanden | ITTY via pve-user
-- strict thread matches above, loose matches on Subject: below --
2024-07-22 18:39 David der Nederlanden | ITTY via pve-user
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=mailman.628.1721675915.331.pve-user@lists.proxmox.com \
--to=pve-user@lists.proxmox.com \
--cc=b.sebode@linet-services.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox