* Re: [PVE-User] Mapping of VLAN tags to Linux bridges: Is that possible? [not found] <6aee1ef2-47f5-4d1c-8600-88cd796be6e7@dkfz-heidelberg.de> @ 2024-07-22 19:18 ` Bastian Sebode via pve-user 2024-07-22 19:23 ` David der Nederlanden | ITTY via pve-user ` (2 more replies) 0 siblings, 3 replies; 7+ messages in thread From: Bastian Sebode via pve-user @ 2024-07-22 19:18 UTC (permalink / raw) To: pve-user; +Cc: Bastian Sebode [-- Attachment #1: Type: message/rfc822, Size: 6871 bytes --] From: Bastian Sebode <b.sebode@linet-services.de> To: pve-user@lists.proxmox.com Subject: Re: [PVE-User] Mapping of VLAN tags to Linux bridges: Is that possible? Date: Mon, 22 Jul 2024 21:18:26 +0200 Message-ID: <a17e803d-9c89-4b56-a0ee-bfe6bedd136d@linet-services.de> Hello Frank, you can achieve that with normal Linux networking already, without the need of SDN. Over the Network Tab of the Hosts GUI (interface names are examples): - Create the Bond/LAG/Port Channel/Trunk on the switch, put the needed VLANs tagged on it - Create a "Linux Bond" `bond0` with the host interfaces `ens18 ens19`, preferably with LACP on Host and Switch. No IP address necessary - Create a "Linux VLAN" `bond0.90` with the "vlan raw device" `bond0`. No IP address necessary - Create a "Linux Bridge" `vmbr90` with the slave interface `bond0.90`. No IP address necessary, only if you want to manage the server over it - Attach the VMs to the VLAN bridge - Repeat for every VLAN you need There is also the possibility to have the VLAN Tags on the Linux bridge, but I would always prefer the mentioned above. Hope this helps and others can confirm that the are using such a setup. Peace Bastian On 22.07.24 19:38, Frank Thommen wrote: > Dear list members, > > our current three-node PVE cluster hosts VMs from three different > subnets/VLANs. Each host has - besides the network ports for the Ceph > cluster - eight physical network ports (two for the host itself and > two for each of the three VLANs). Always two ports are configured like > this: > > switch port - host port (1 Gbit) \ > +- bond - bridge > switch port - host port (1 Gbit) / > > This is nice, because when configuring a VM, we can choose the > appropriate bridge from the network menu, which also shows me the > bridge's description, so that there can't be any mistakes as to which > brigde has to be selected. However that comes with too many cables and > too many NICs. Especially as we expect to have to support more subnets > in the near future. > > Our networking department has suggested to move from dedicated switch > ports to VLAN tags. This would reduce the eight 1 Gbit ports to two 25 > Gbit ports per host (LACP bonded), but as far as I can see, we would > then have to - manually - enter the correct VLAN tag number for each > virtual network device. I expect this to be very error prone and > unintuitive. Best would be, if it would be possible to create Linux > bridges which map to individual VLAN tags like this: > > switch port - host port (25 Gbit) \ / VLAN 12 - bridge1 > +- bond -- VLAN 56 - bridge2 > switch port - host port (25 Gbit) / \ VLAN 25 - bridge3 > > > but unfortunately with PVE 7.x I could not find a way to achieve this. > Is such a setup possible at all? > > I've read, that PVE 8.x greatly enhances the SDN capabilities of PVE. > Will these SDN capabilities enable us, to achieve the VLAN-bridge > mapping? > > Thanks for any hint or pointer > Frank > > _______________________________________________ > pve-user mailing list > pve-user@lists.proxmox.com > https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user > -- Bastian Sebode Fachinformatiker Systemintegration LINET Services GmbH | Cyriaksring 10a | 38118 Braunschweig Tel. 0531-180508-0 | Fax 0531-180508-29 | http://www.linet-services.de LINET in den sozialen Netzwerken: www.twitter.com/linetservices | www.facebook.com/linetservices Wissenswertes aus der IT-Welt: www.linet-services.de/blog/ Geschäftsführung: Timo Springmann, Mirko Savic und Moritz Bunkus HR B 9170 Amtsgericht Braunschweig USt-IdNr. DE 259 526 516 [-- Attachment #2: Type: text/plain, Size: 157 bytes --] _______________________________________________ pve-user mailing list pve-user@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PVE-User] Mapping of VLAN tags to Linux bridges: Is that possible? 2024-07-22 19:18 ` [PVE-User] Mapping of VLAN tags to Linux bridges: Is that possible? Bastian Sebode via pve-user @ 2024-07-22 19:23 ` David der Nederlanden | ITTY via pve-user 2024-07-22 19:27 ` Gilberto Ferreira 2024-07-22 19:28 ` [PVE-User] [Extern] - " Frank Thommen 2024-07-22 19:27 ` Frank Thommen [not found] ` <7de79cbf-90d0-40e2-87ec-dde2f6b21f0c@email.android.com> 2 siblings, 2 replies; 7+ messages in thread From: David der Nederlanden | ITTY via pve-user @ 2024-07-22 19:23 UTC (permalink / raw) To: Proxmox VE user list; +Cc: David der Nederlanden | ITTY [-- Attachment #1: Type: message/rfc822, Size: 10869 bytes --] From: David der Nederlanden | ITTY <david@itty.nl> To: Proxmox VE user list <pve-user@lists.proxmox.com> Subject: Re: [PVE-User] Mapping of VLAN tags to Linux bridges: Is that possible? Date: Mon, 22 Jul 2024 19:23:34 +0000 Message-ID: <7de79cbf-90d0-40e2-87ec-dde2f6b21f0c@email.android.com> Hi Bastian, This is a good way too indeed, but it has to be done on each node and be exactly the same, now with SDN you can manage this from a cluster perspective, which is a great advancement and makes it less complex (I think, as we manage it per VM). Kind regards David On 22 Jul 2024 21:18, Bastian Sebode via pve-user <pve-user@lists.proxmox.com> wrote: _______________________________________________ pve-user mailing list pve-user@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user [-- Attachment #2: Type: text/plain, Size: 157 bytes --] _______________________________________________ pve-user mailing list pve-user@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PVE-User] Mapping of VLAN tags to Linux bridges: Is that possible? 2024-07-22 19:23 ` David der Nederlanden | ITTY via pve-user @ 2024-07-22 19:27 ` Gilberto Ferreira 2024-07-22 19:28 ` [PVE-User] [Extern] - " Frank Thommen 1 sibling, 0 replies; 7+ messages in thread From: Gilberto Ferreira @ 2024-07-22 19:27 UTC (permalink / raw) To: Proxmox VE user list Hi. I also think with the SDN is a better way to go, if you want to replicate the setting throughout the cluster. Cheers --- Gilbert Em seg., 22 de jul. de 2024 às 16:24, David der Nederlanden | ITTY via pve-user <pve-user@lists.proxmox.com> escreveu: > > > > ---------- Forwarded message ---------- > From: "David der Nederlanden | ITTY" <david@itty.nl> > To: Proxmox VE user list <pve-user@lists.proxmox.com> > Cc: > Bcc: > Date: Mon, 22 Jul 2024 19:23:34 +0000 > Subject: Re: [PVE-User] Mapping of VLAN tags to Linux bridges: Is that > possible? > Hi Bastian, > > This is a good way too indeed, but it has to be done on each node and be > exactly the same, now with SDN you can manage this from a cluster > perspective, which is a great advancement and makes it less complex (I > think, as we manage it per VM). > > Kind regards > David > > On 22 Jul 2024 21:18, Bastian Sebode via pve-user < > pve-user@lists.proxmox.com> wrote: > _______________________________________________ > pve-user mailing list > pve-user@lists.proxmox.com > https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user > > > > ---------- Forwarded message ---------- > From: "David der Nederlanden | ITTY via pve-user" < > pve-user@lists.proxmox.com> > To: Proxmox VE user list <pve-user@lists.proxmox.com> > Cc: "David der Nederlanden | ITTY" <david@itty.nl> > Bcc: > Date: Mon, 22 Jul 2024 19:23:34 +0000 > Subject: Re: [PVE-User] Mapping of VLAN tags to Linux bridges: Is that > possible? > _______________________________________________ > pve-user mailing list > pve-user@lists.proxmox.com > https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user > _______________________________________________ pve-user mailing list pve-user@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PVE-User] [Extern] - Re: Mapping of VLAN tags to Linux bridges: Is that possible? 2024-07-22 19:23 ` David der Nederlanden | ITTY via pve-user 2024-07-22 19:27 ` Gilberto Ferreira @ 2024-07-22 19:28 ` Frank Thommen 1 sibling, 0 replies; 7+ messages in thread From: Frank Thommen @ 2024-07-22 19:28 UTC (permalink / raw) To: pve-user Ah, good to know. This is indeed a good incentive to migrate to PVE 8.x :-) On 22.07.24 21:23, David der Nederlanden | ITTY via pve-user wrote: > Hi Bastian, > > This is a good way too indeed, but it has to be done on each node and be > exactly the same, now with SDN you can manage this from a cluster > perspective, which is a great advancement and makes it less complex (I > think, as we manage it per VM). > > Kind regards > David _______________________________________________ pve-user mailing list pve-user@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PVE-User] [Extern] - Re: Mapping of VLAN tags to Linux bridges: Is that possible? 2024-07-22 19:18 ` [PVE-User] Mapping of VLAN tags to Linux bridges: Is that possible? Bastian Sebode via pve-user 2024-07-22 19:23 ` David der Nederlanden | ITTY via pve-user @ 2024-07-22 19:27 ` Frank Thommen 2024-07-23 11:14 ` Stefan Radman via pve-user [not found] ` <7de79cbf-90d0-40e2-87ec-dde2f6b21f0c@email.android.com> 2 siblings, 1 reply; 7+ messages in thread From: Frank Thommen @ 2024-07-22 19:27 UTC (permalink / raw) To: pve-user Hi Bastian, maybe I am missing the point: Where is the VLAN tag in your example? Is it encapsulated in the bond name "bond0.90' being for VLAN 90? Frank On 22.07.24 21:18, Bastian Sebode via pve-user wrote: > Hello Frank, > > you can achieve that with normal Linux networking already, without the > need of SDN. > > Over the Network Tab of the Hosts GUI (interface names are examples): > > - Create the Bond/LAG/Port Channel/Trunk on the switch, put the needed > VLANs tagged on it > - Create a "Linux Bond" `bond0` with the host interfaces `ens18 ens19`, > preferably with LACP on Host and Switch. No IP address necessary > - Create a "Linux VLAN" `bond0.90` with the "vlan raw device" `bond0`. > No IP address necessary > - Create a "Linux Bridge" `vmbr90` with the slave interface `bond0.90`. > No IP address necessary, only if you want to manage the server over it > - Attach the VMs to the VLAN bridge > - Repeat for every VLAN you need > > There is also the possibility to have the VLAN Tags on the Linux bridge, > but I would always prefer the mentioned above. > > Hope this helps and others can confirm that the are using such a setup. > > Peace > Bastian _______________________________________________ pve-user mailing list pve-user@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PVE-User] [Extern] - Re: Mapping of VLAN tags to Linux bridges: Is that possible? 2024-07-22 19:27 ` Frank Thommen @ 2024-07-23 11:14 ` Stefan Radman via pve-user 0 siblings, 0 replies; 7+ messages in thread From: Stefan Radman via pve-user @ 2024-07-23 11:14 UTC (permalink / raw) To: Proxmox VE user list; +Cc: Stefan Radman [-- Attachment #1: Type: message/rfc822, Size: 5987 bytes --] From: Stefan Radman <stefan.radman@me.com> To: Proxmox VE user list <pve-user@lists.proxmox.com> Subject: Re: [PVE-User] [Extern] - Re: Mapping of VLAN tags to Linux bridges: Is that possible? Date: Tue, 23 Jul 2024 13:14:27 +0200 Message-ID: <6A5F81D8-DC7D-401E-909E-43D781859AF9@me.com> > Where is the VLAN tag in your example? Is it encapsulated in the bond name "bond0.90' being for VLAN 90? Yes, correct. The number behind the dot indicates the VLAN tag to be added before sending a frame to the bond0 interface. I use the same approach and typically have bond0 (without tag) attached to vmbr0. That keeps the cluster management traffic untagged (trunk native VLAN). Stefan Sent from my fingertips > On 22.07.2024, at 21:50, Frank Thommen <f.thommen@dkfz-heidelberg.de> wrote: > > Hi Bastian, > > maybe I am missing the point: Where is the VLAN tag in your example? Is it encapsulated in the bond name "bond0.90' being for VLAN 90? > > Frank > > >> On 22.07.24 21:18, Bastian Sebode via pve-user wrote: >> Hello Frank, >> you can achieve that with normal Linux networking already, without the need of SDN. >> Over the Network Tab of the Hosts GUI (interface names are examples): >> - Create the Bond/LAG/Port Channel/Trunk on the switch, put the needed VLANs tagged on it >> - Create a "Linux Bond" `bond0` with the host interfaces `ens18 ens19`, preferably with LACP on Host and Switch. No IP address necessary >> - Create a "Linux VLAN" `bond0.90` with the "vlan raw device" `bond0`. No IP address necessary >> - Create a "Linux Bridge" `vmbr90` with the slave interface `bond0.90`. No IP address necessary, only if you want to manage the server over it >> - Attach the VMs to the VLAN bridge >> - Repeat for every VLAN you need >> There is also the possibility to have the VLAN Tags on the Linux bridge, but I would always prefer the mentioned above. >> Hope this helps and others can confirm that the are using such a setup. >> Peace >> Bastian > > _______________________________________________ > pve-user mailing list > pve-user@lists.proxmox.com > https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user > [-- Attachment #2: Type: text/plain, Size: 157 bytes --] _______________________________________________ pve-user mailing list pve-user@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user ^ permalink raw reply [flat|nested] 7+ messages in thread
[parent not found: <7de79cbf-90d0-40e2-87ec-dde2f6b21f0c@email.android.com>]
* Re: [PVE-User] Mapping of VLAN tags to Linux bridges: Is that possible? [not found] ` <7de79cbf-90d0-40e2-87ec-dde2f6b21f0c@email.android.com> @ 2024-07-22 19:28 ` Bastian Sebode via pve-user 0 siblings, 0 replies; 7+ messages in thread From: Bastian Sebode via pve-user @ 2024-07-22 19:28 UTC (permalink / raw) To: David der Nederlanden | ITTY, Proxmox VE user list; +Cc: Bastian Sebode [-- Attachment #1: Type: message/rfc822, Size: 4709 bytes --] From: Bastian Sebode <b.sebode@linet-services.de> To: David der Nederlanden | ITTY <david@itty.nl>, Proxmox VE user list <pve-user@lists.proxmox.com> Subject: Re: [PVE-User] Mapping of VLAN tags to Linux bridges: Is that possible? Date: Mon, 22 Jul 2024 21:28:49 +0200 Message-ID: <d3239b7f-8128-4358-a9f8-5f7eddad2d3e@linet-services.de> Hi David, thanks for the clarification. Off course it has to be done on all nodes. I should have a closer look on SDN soon. ;-) Regards Bastian On 22.07.24 21:23, David der Nederlanden | ITTY wrote: > Hi Bastian, > > This is a good way too indeed, but it has to be done on each node and > be exactly the same, now with SDN you can manage this from a cluster > perspective, which is a great advancement and makes it less complex (I > think, as we manage it per VM). > > Kind regards > David > > On 22 Jul 2024 21:18, Bastian Sebode via pve-user > <pve-user@lists.proxmox.com> wrote: > _______________________________________________ > pve-user mailing list > pve-user@lists.proxmox.com > https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user -- Bastian Sebode Fachinformatiker Systemintegration LINET Services GmbH | Cyriaksring 10a | 38118 Braunschweig Tel. 0531-180508-0 | Fax 0531-180508-29 | http://www.linet-services.de LINET in den sozialen Netzwerken: www.twitter.com/linetservices | www.facebook.com/linetservices Wissenswertes aus der IT-Welt: www.linet-services.de/blog/ Geschäftsführung: Timo Springmann, Mirko Savic und Moritz Bunkus HR B 9170 Amtsgericht Braunschweig USt-IdNr. DE 259 526 516 [-- Attachment #2: Type: text/plain, Size: 157 bytes --] _______________________________________________ pve-user mailing list pve-user@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2024-07-23 11:19 UTC | newest] Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- [not found] <6aee1ef2-47f5-4d1c-8600-88cd796be6e7@dkfz-heidelberg.de> 2024-07-22 19:18 ` [PVE-User] Mapping of VLAN tags to Linux bridges: Is that possible? Bastian Sebode via pve-user 2024-07-22 19:23 ` David der Nederlanden | ITTY via pve-user 2024-07-22 19:27 ` Gilberto Ferreira 2024-07-22 19:28 ` [PVE-User] [Extern] - " Frank Thommen 2024-07-22 19:27 ` Frank Thommen 2024-07-23 11:14 ` Stefan Radman via pve-user [not found] ` <7de79cbf-90d0-40e2-87ec-dde2f6b21f0c@email.android.com> 2024-07-22 19:28 ` [PVE-User] " Bastian Sebode via pve-user
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox