--- pve-network.adoc | 88 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 88 insertions(+)
diff --git a/pve-network.adoc b/pve-network.adoc index d221c32..c5d5b40 100644 --- a/pve-network.adoc +++ b/pve-network.adoc @@ -344,6 +344,94 @@ iface vmbr0 inet static ---- +VLAN 802.1Q +~~~~~~~~~~~ + +A virtual LAN (VLAN) is any broadcast domain that is partitioned and isolated in network at layer 2. +So it is possible to have multiple networks (4096) in a pysical network. +VLANs uses tags on network package to identify the affinity to the virtual network in the network. + +One or more VLANs can be used on any network device (Nic, Bond, Bridge). +There are several ways to configure VLANs. +Here only those based on linux network (not OpenvSwitch) recommended by us, +which we have selected according to the following points. +Simple configuration and clarity. +Of course, there are scenarios that are not possible with this configuration +but it will work for most standard setups. + +There are two basic usage scenarios in which you can find VLANs. + +1.) VLAN on the host, to bring the host communication to a isolated network. +As already mentioned, it is possible to apply the VLAN to all network devices. +In general, you should configure the VLAN as close as possible to the physical NIC. +For example, in a default configuration in which you want to place the host management address on a separate VLAN, consider the VLAN on the physical NIC, not the bridge (vmbr0). + +.Example: Use VLAN 5 as managment IP +---- +auto lo +iface lo inet loopback + +iface eno1 inet manual + +auto eno1.5 +iface eno1.5 inet static + address 10.10.10.2 + netmask 255.255.255.0 + gateway 10.10.10.1 + +auto vmbr0 +iface vmbr0 inet static + bridge_ports eno1 + bridge_stp off + bridge_fd 0 + +---- + +If you want to make this network fail-safe (bonding), +does the VLAN have to be created on the bond? + +.Example: Use VLAN 5 as managment IP on bond0 +---- +auto lo +iface lo inet loopback + +iface eno1 inet manual + +iface eno2 inet manual + +auto bond0 +iface bond0 inet manual + slaves eno1 eno2 + bond_miimon 100 + bond_mode 802.3ad + bond_xmit_hash_policy layer2+3 + +auto bond0.5 +iface bond0.5 inet static + address 10.10.10.2 + netmask 255.255.255.0 + gateway 10.10.10.1 + +auto vmbr0 +iface vmbr0 inet static + bridge_ports bond0 + bridge_stp off + bridge_fd 0 + +---- + +2.) VLAN for the guests. +Proxmox supports 3 different ways of using VLAN in guests. + +* *VLAN with VLAN awareness on the Linux Bridge:* In this case, each guest's virtual network card is assigned a VLAN tag, which is transparently supported by the Linux Bridge. +This requires a guest who wants to use multiple VLANs to have multiple virtual NICs. +This method is the procedure recommended by Proxmox. + +* *VLAN with "traditional" VLAN on the Linux bridge:* In contrast to the VLAN awareness method, this method is not transparent and creates a VLAN device with associated bridge for each VLAN. That is, if e.g. in our default network, a guest VLAN 5 is used to create ens1.5 and vmbr0v5, which remains until rebooting. + +* *VLAN in guest:* There, the VLANs are assigned in the guest. +In this case, the setup is in the guest and can not be influenced from the outside. + //// TODO: explain IPv6 support? TODO: explain OVS -- 2.11.0 _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel