Discussion:
[PVE-User] Multiple bridge on single physical interface
Jean-mathieu CHANTREIN
2017-09-20 14:37:53 UTC
Permalink
Hello.

I try to make this:

(1)
<physical_interface0>-----<vmbr0>-----<subnetwork1>
|
|--------------------<vmbr1>-----<subnetwork2>

But apparently, one physical interface can't have 2 virtual bridge. So I try this:

(2)
<physical_interface0>-----<vmbr0>-----<subnetwork1>
|
<virtual_interface_on_physical_interface0>--------------------<vmbr1>-----<subnetwork2>

But my virtual interface is not recognize, because I have to fixe an ip address to the virtual interface and I don't want make this trick.

Globally, I want to make this:

|-----<host1>
| |-----<physical_interface0>-----<vmbr0>-----<subnetwork1>
| |
| |--------------------<vmbr1>-----<subnetwork2>
|
|-----<host2>
| |-----<physical_interface0>-----<vmbr0>-----<subnetwork1>
| |
| |--------------------<vmbr1>-----<subnetwork2>
|
|-----<host...>
...


VM in subnetwork1(resp.2) on host1 must be communicate with VM in subnetwork1(resp.2) on host2 via just one single interface and my host must be not reacheable by subnetwork.

How I can make this ?

I tryed to address my virtual_interface or enable proxy_arp on the physical interface but without success...

If you have any idea...

Best regards.

Jean-Mathieu
Silvestre Figueroa
2017-09-20 14:54:23 UTC
Permalink
Hi Jean!

2017-09-20 11:37 GMT-03:00 Jean-mathieu CHANTREIN <
Post by Jean-mathieu CHANTREIN
Hello.
(1)
<physical_interface0>-----<vmbr0>-----<subnetwork1>
|
|--------------------<vmbr1>-----<subnetwork2>
(2)
<physical_interface0>-----<vmbr0>-----<subnetwork1>
|
<virtual_interface_on_physical_interface0>----------
----------<vmbr1>-----<subnetwork2>
But my virtual interface is not recognize, because I have to fixe an ip
address to the virtual interface and I don't want make this trick.
|-----<host1>
| |-----<physical_interface0>-----<vmbr0>-----<subnetwork1>
| |
| |--------------------<vmbr1>-----<subnetwork2>
|
|-----<host2>
| |-----<physical_interface0>-----<vmbr0>-----<subnetwork1>
| |
| |--------------------<vmbr1>-----<subnetwork2>
|
|-----<host...>
...
VM in subnetwork1(resp.2) on host1 must be communicate with VM in
subnetwork1(resp.2) on host2 via just one single interface and my host must
be not reacheable by subnetwork.
How I can make this ?
if i understood correctly, you need to use single ethernet interface as a
trunk.

If you have a L3 switch with vlans support, you can make a bond to eth
interface, then assign the bond to a single vmbr and use this vmbr in all
your vms.

When configuring the VM network, you can specify different vlan tag to
separate the networks at server side.

Then, at Switch side, you must to separate networks (vlans) using untagged
vlan ports.

but this schemma is possible if you have vlans support at Switch.

<hos1>vlan100 ----vmbr1----bond0-------eth1-----\
/----port_for_vlan100

+----Switch------X
<host2>vlan200 ----vmbr1----bond0-------eth1-----/
/----port_for_vlan200

Switch port for server uplink needs to be configured as trunk.

Sorry for my english!
Post by Jean-mathieu CHANTREIN
I tryed to address my virtual_interface or enable proxy_arp on the
physical interface but without success...
If you have any idea...
Best regards.
Jean-Mathieu
_______________________________________________
pve-user mailing list
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
--
ING. SILVESTRE E. FIGUEROA
IT Consultant
Mobile: +542616462632
Skype: silvestrefigueroa
Jean-mathieu CHANTREIN
2017-09-20 15:24:52 UTC
Permalink
Hi Silvestre.

Thanks for your reply.

I don't want to make a bond, I want to use just one physical interface for traffic off at least 2 isolate subnetwork behind at least 2 virtual bridge.

It's perfectly work when I use just one virtual bridge on one physical interface. I just want to add another subnetwork to the virtual bridge or an another virtual bridge behind the same physical interface than the first virtual bridge.

But, with your answers I have a doubt, can I have setup vlan on a virtual bridge ?

Sorry for my english to.

Regards.

Jean-Mathieu

----- Mail original -----
Envoyé: Mercredi 20 Septembre 2017 16:54:23
Objet: Re: [PVE-User] Multiple bridge on single physical interface
Hi Jean!
2017-09-20 11:37 GMT-03:00 Jean-mathieu CHANTREIN <
Post by Jean-mathieu CHANTREIN
Hello.
(1)
<physical_interface0>-----<vmbr0>-----<subnetwork1>
|
|--------------------<vmbr1>-----<subnetwork2>
(2)
<physical_interface0>-----<vmbr0>-----<subnetwork1>
|
<virtual_interface_on_physical_interface0>----------
----------<vmbr1>-----<subnetwork2>
But my virtual interface is not recognize, because I have to fixe an ip
address to the virtual interface and I don't want make this trick.
|-----<host1>
| |-----<physical_interface0>-----<vmbr0>-----<subnetwork1>
| |
| |--------------------<vmbr1>-----<subnetwork2>
|
|-----<host2>
| |-----<physical_interface0>-----<vmbr0>-----<subnetwork1>
| |
| |--------------------<vmbr1>-----<subnetwork2>
|
|-----<host...>
...
VM in subnetwork1(resp.2) on host1 must be communicate with VM in
subnetwork1(resp.2) on host2 via just one single interface and my host must
be not reacheable by subnetwork.
How I can make this ?
if i understood correctly, you need to use single ethernet interface as a
trunk.
If you have a L3 switch with vlans support, you can make a bond to eth
interface, then assign the bond to a single vmbr and use this vmbr in all
your vms.
When configuring the VM network, you can specify different vlan tag to
separate the networks at server side.
Then, at Switch side, you must to separate networks (vlans) using untagged
vlan ports.
but this schemma is possible if you have vlans support at Switch.
<hos1>vlan100 ----vmbr1----bond0-------eth1-----\
/----port_for_vlan100
+----Switch------X
<host2>vlan200 ----vmbr1----bond0-------eth1-----/
/----port_for_vlan200
Switch port for server uplink needs to be configured as trunk.
Sorry for my english!
Post by Jean-mathieu CHANTREIN
I tryed to address my virtual_interface or enable proxy_arp on the
physical interface but without success...
If you have any idea...
Best regards.
Jean-Mathieu
_______________________________________________
pve-user mailing list
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
--
ING. SILVESTRE E. FIGUEROA
IT Consultant
Mobile: +542616462632
Skype: silvestrefigueroa
_______________________________________________
pve-user mailing list
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
Silvestre Figueroa
2017-09-20 17:38:02 UTC
Permalink
2017-09-20 12:24 GMT-03:00 Jean-mathieu CHANTREIN <
Post by Jean-mathieu CHANTREIN
Hi Silvestre.
Thanks for your reply.
I don't want to make a bond, I want to use just one physical interface for
traffic off at least 2 isolate subnetwork behind at least 2 virtual bridge.
my bad... I see slowly your mail and got the idea. But I think that the two
premises are excludents.

You want to do some but you don want to do this with proxmox rules lol
(joke tone)

my know-how about that is limited for my expirience... maybe somebody at
list can help better than me.

Anyway I hope that my entromision has been a good try for help :)
Post by Jean-mathieu CHANTREIN
It's perfectly work when I use just one virtual bridge on one physical
interface. I just want to add another subnetwork to the virtual bridge or
an another virtual bridge behind the same physical interface than the first
virtual bridge.
But, with your answers I have a doubt, can I have setup vlan on a virtual bridge ?
mmm actually I have not references to do it.. not from UI..
At /etc/network/interfaces config file you can specify some things like
this.
I dont known if the vlan option for vmbr (bridge) is compatible with
proxmox.. at UI this not appear as an option.
Post by Jean-mathieu CHANTREIN
Sorry for my english to.
Regards.
Jean-Mathieu
----- Mail original -----
Envoyé: Mercredi 20 Septembre 2017 16:54:23
Objet: Re: [PVE-User] Multiple bridge on single physical interface
Hi Jean!
2017-09-20 11:37 GMT-03:00 Jean-mathieu CHANTREIN <
Post by Jean-mathieu CHANTREIN
Hello.
(1)
<physical_interface0>-----<vmbr0>-----<subnetwork1>
|
|--------------------<vmbr1>-----<subnetwork2>
(2)
<physical_interface0>-----<vmbr0>-----<subnetwork1>
|
<virtual_interface_on_physical_interface0>----------
----------<vmbr1>-----<subnetwork2>
But my virtual interface is not recognize, because I have to fixe an ip
address to the virtual interface and I don't want make this trick.
|-----<host1>
| |-----<physical_interface0>-----<vmbr0>-----<subnetwork1>
| |
| |--------------------<vmbr1>-----<subnetwork2>
|
|-----<host2>
| |-----<physical_interface0>-----<vmbr0>-----<subnetwork1>
| |
| |--------------------<vmbr1>-----<subnetwork2>
|
|-----<host...>
...
VM in subnetwork1(resp.2) on host1 must be communicate with VM in
subnetwork1(resp.2) on host2 via just one single interface and my host
must
Post by Jean-mathieu CHANTREIN
be not reacheable by subnetwork.
How I can make this ?
if i understood correctly, you need to use single ethernet interface as a
trunk.
If you have a L3 switch with vlans support, you can make a bond to eth
interface, then assign the bond to a single vmbr and use this vmbr in all
your vms.
When configuring the VM network, you can specify different vlan tag to
separate the networks at server side.
Then, at Switch side, you must to separate networks (vlans) using
untagged
vlan ports.
but this schemma is possible if you have vlans support at Switch.
<hos1>vlan100 ----vmbr1----bond0-------eth1-----\
/----port_for_vlan100
+----Switch------X
<host2>vlan200 ----vmbr1----bond0-------eth1-----/
/----port_for_vlan200
Switch port for server uplink needs to be configured as trunk.
Sorry for my english!
Post by Jean-mathieu CHANTREIN
I tryed to address my virtual_interface or enable proxy_arp on the
physical interface but without success...
If you have any idea...
Best regards.
Jean-Mathieu
_______________________________________________
pve-user mailing list
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
--
ING. SILVESTRE E. FIGUEROA
IT Consultant
Mobile: +542616462632
Skype: silvestrefigueroa
_______________________________________________
pve-user mailing list
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
_______________________________________________
pve-user mailing list
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
--
ING. SILVESTRE E. FIGUEROA
IT Consultant
Mobile: +542616462632
Skype: silvestrefigueroa
Yannis Milios
2017-09-21 10:24:48 UTC
Permalink
Post by Jean-mathieu CHANTREIN
VM in subnetwork1(resp.2) on host1 must be communicate with VM in
subnetwork1(resp.2) on host2 via just one single interface and my host must
be not reacheable by subnetwork.
How I can make this ?
Isolation at layer 2 can be achieved either by using 2 separate physical
network cards or by utilising VLANs.
I have done something similar by using openvswitch on pve. You can have a
look if you want:

https://pve.proxmox.com/wiki/Open_vSwitch
Jean-mathieu CHANTREIN
2017-09-25 10:41:21 UTC
Permalink
Hello.

----- Mail original -----
Envoyé: Jeudi 21 Septembre 2017 12:24:48
Objet: Re: [PVE-User] Multiple bridge on single physical interface
Post by Jean-mathieu CHANTREIN
VM in subnetwork1(resp.2) on host1 must be communicate with VM in
subnetwork1(resp.2) on host2 via just one single interface and my host must
be not reacheable by subnetwork.
How I can make this ?
Isolation at layer 2 can be achieved either by using 2 separate physical
network cards or by utilising VLANs.
I have done something similar by using openvswitch on pve. You can have a
https://pve.proxmox.com/wiki/Open_vSwitch
Thanks for you reply.

I was a little afraid to put my hands in openvswitch... I have tried and it's totally answer to my problematic. However, I think that there is a conflict between network-manager and openvswitch at the boot of host: Network manager fails with a timeout (5 minutes) to active interfaces and virtual bridges.

Once logged on host, I have to make this to active all interfaces:
systemctl start networking.service # No time out anymore..., active all "regular" interface and "classic" bridge linux
systemctl stop networking.service
systemctl start networking.service # No time out again, active all interfaces!

I have install net-tools package (apparently ifconfig is need by OVS...) and I have enable openvswitch-switch.service with systemctl:
systemctl enable openvswitch-switch.service

Is anyone ever encountering that?

Best regards.

Jean-Mathieu
Yannis Milios
2017-09-25 16:32:11 UTC
Permalink
No, I haven't experienced this issue on my setup. Can you post your
/etc/network/interfaces file and package versions (pveversion -v) ?

On Mon, Sep 25, 2017 at 11:41 AM, Jean-mathieu CHANTREIN <
Post by Jean-mathieu CHANTREIN
Hello.
----- Mail original -----
Envoyé: Jeudi 21 Septembre 2017 12:24:48
Objet: Re: [PVE-User] Multiple bridge on single physical interface
Post by Jean-mathieu CHANTREIN
VM in subnetwork1(resp.2) on host1 must be communicate with VM in
subnetwork1(resp.2) on host2 via just one single interface and my host
must
Post by Jean-mathieu CHANTREIN
be not reacheable by subnetwork.
How I can make this ?
Isolation at layer 2 can be achieved either by using 2 separate physical
network cards or by utilising VLANs.
I have done something similar by using openvswitch on pve. You can have a
https://pve.proxmox.com/wiki/Open_vSwitch
Thanks for you reply.
I was a little afraid to put my hands in openvswitch... I have tried and
it's totally answer to my problematic. However, I think that there is a
Network manager fails with a timeout (5 minutes) to active interfaces and
virtual bridges.
systemctl start networking.service # No time out anymore..., active all
"regular" interface and "classic" bridge linux
systemctl stop networking.service
systemctl start networking.service # No time out again, active all interfaces!
I have install net-tools package (apparently ifconfig is need by OVS...)
systemctl enable openvswitch-switch.service
Is anyone ever encountering that?
Best regards.
Jean-Mathieu
_______________________________________________
pve-user mailing list
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
Jean-mathieu CHANTREIN
2018-03-30 08:24:21 UTC
Permalink
Hello.


it is necessary to use the OVS packages of the testing version because they are compatible with systemd, which is not the case of the packages of the stable version.

----- Mail original -----
Envoyé: Lundi 25 Septembre 2017 12:41:21
Objet: Re: [PVE-User] Openvswicth conflict with network manager on host boot [was Multiple bridge on single physical
interface]
Hello.
----- Mail original -----
Envoyé: Jeudi 21 Septembre 2017 12:24:48
Objet: Re: [PVE-User] Multiple bridge on single physical interface
Post by Jean-mathieu CHANTREIN
VM in subnetwork1(resp.2) on host1 must be communicate with VM in
subnetwork1(resp.2) on host2 via just one single interface and my host must
be not reacheable by subnetwork.
How I can make this ?
Isolation at layer 2 can be achieved either by using 2 separate physical
network cards or by utilising VLANs.
I have done something similar by using openvswitch on pve. You can have a
https://pve.proxmox.com/wiki/Open_vSwitch
Thanks for you reply.
I was a little afraid to put my hands in openvswitch... I have tried and it's
totally answer to my problematic. However, I think that there is a conflict
between network-manager and openvswitch at the boot of host: Network manager
fails with a timeout (5 minutes) to active interfaces and virtual bridges.
systemctl start networking.service # No time out anymore..., active all
"regular" interface and "classic" bridge linux
systemctl stop networking.service
systemctl start networking.service # No time out again, active all interfaces!
I have install net-tools package (apparently ifconfig is need by OVS...) and I
systemctl enable openvswitch-switch.service
Is anyone ever encountering that?
Best regards.
Jean-Mathieu
Jean-mathieu CHANTREIN
2018-03-30 08:27:47 UTC
Permalink
Hello.

It's old subject, but maybe it will be useful to someone or possibly to add to the documentation.

It is necessary to use the OVS packages of the debian testing version because they are compatible with systemd, which is not the case of the packages of the stable version(systemv).

Regards.

Jean-Mathieu


----- Mail original -----
Envoyé: Lundi 25 Septembre 2017 12:41:21
Objet: Re: [PVE-User] Openvswicth conflict with network manager on host boot [was Multiple bridge on single physical
interface]
Hello.
----- Mail original -----
Envoyé: Jeudi 21 Septembre 2017 12:24:48
Objet: Re: [PVE-User] Multiple bridge on single physical interface
Post by Jean-mathieu CHANTREIN
VM in subnetwork1(resp.2) on host1 must be communicate with VM in
subnetwork1(resp.2) on host2 via just one single interface and my host must
be not reacheable by subnetwork.
How I can make this ?
Isolation at layer 2 can be achieved either by using 2 separate physical
network cards or by utilising VLANs.
I have done something similar by using openvswitch on pve. You can have a
https://pve.proxmox.com/wiki/Open_vSwitch
Thanks for you reply.
I was a little afraid to put my hands in openvswitch... I have tried and it's
totally answer to my problematic. However, I think that there is a conflict
between network-manager and openvswitch at the boot of host: Network manager
fails with a timeout (5 minutes) to active interfaces and virtual bridges.
systemctl start networking.service # No time out anymore..., active all
"regular" interface and "classic" bridge linux
systemctl stop networking.service
systemctl start networking.service # No time out again, active all interfaces!
I have install net-tools package (apparently ifconfig is need by OVS...) and I
systemctl enable openvswitch-switch.service
Is anyone ever encountering that?
Best regards.
Jean-Mathieu
Loading...