link bridge VLANed nic doesn't work

Issues related to configuring your network
Post Reply
lebrun78
Posts: 5
Joined: 2019/12/04 09:09:52

link bridge VLANed nic doesn't work

Post by lebrun78 » 2020/02/03 09:11:26

Hello
I have several TP machines hosting VMs.
These machines have only one network card and use the native network connection for their operation.
On the other hand, the VM that each of the physical machines hosts is connected via a bridge to a VLAN 11 subnet
The VMs must therefore operate on VLAN 11.
When I do a tcpdump on the VM and on the bridge I can see for example its DHCP requests but my requests are not visible on the VLAN11 interface.
I do not see where to look.

ifcfg-Connexion_pont_1

Code: Select all

STP=no
TYPE=Bridge
PROXY_METHOD=none
BROWSER_ONLY=no
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=no
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_PRIVACY=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=netplan-br_vlan11
UUID=3e575491-bd47-427d-b378-9bff84f2f171
DEVICE=br_vlan11
ONBOOT=yes
BOOTPROTO=autoip
ifcfg-enp0s31f6

Code: Select all

TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=dhcp
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=no
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME=netplan-enp0s31f6
UUID=8f70a841-880c-41c1-8613-9b59b7a03cdb
DEVICE=enp0s31f6
ONBOOT=yes
ifcfg-vlan11_1

Code: Select all

VLAN=yes
TYPE=Vlan
PHYSDEV=enp0s31f6
VLAN_ID=11
REORDER_HDR=yes
GVRP=no
MVRP=no
HWADDR=
NAME="vlan11 1"
UUID=d1f083ce-2833-4539-aee7-40b3598c13ea
DEVICE=vlan11
ONBOOT=yes
BRIDGE=br_vlan11
Top
User avatar
jlehtone
Posts: 4530
Joined: 2007/12/11 08:17:33
Location: Finland

Re: link bridge VLANed nic doesn't work

Post by jlehtone » 2020/02/03 10:10:11

lebrun78 wrote:
2020/02/03 09:11:26
These machines have only one network card and use the native network connection for their operation.
On the other hand, the VM that each of the physical machines hosts is connected via a bridge to a VLAN 11 subnet
First a note:
One network card, one cable to host from outside. Two networks, "native" and "11", on the cable.
It is more clear, if both networks have tagged packets in the trunk cable. Have the switch tag both vlanid "native" and vlanid "11". On the host add vlanid "native" interface for the host.

I have given up reading config files. NetworkManager writes, reads, and shows the config.

Code: Select all

nmcli
nmcli c s
nmcli c s 3e575491-bd47-427d-b378-9bff84f2f171
bridge vlan show
(Not sure of the UUID.)
Top
lebrun78
Posts: 5
Joined: 2019/12/04 09:09:52

Re: link bridge VLANed nic doesn't work

Post by lebrun78 » 2020/02/03 10:33:49

Here is the conf

nmcli connection show

Code: Select all

NAME               UUID                                  TYPE      DEVICE    
netplan-enp0s31f6  8f70a841-880c-41c1-8613-9b59b7a03cdb  ethernet  enp0s31f6 
docker0            705ead3d-de1f-4347-a884-047e722ffbb2  bridge    docker0   
netplan-br_vlan11  3e575491-bd47-427d-b378-9bff84f2f171  bridge    br_vlan11 
netplan-vlan11 1   d1f083ce-2833-4539-aee7-40b3598c13ea  vlan      vlan11    
vnet0              e9fbdcb8-b1bc-4736-9bbb-bd6605d8b5c1  tun       vnet0
bridge vlan show

Code: Select all

port	vlan ids
vlan11
	 1 PVID untagged
br_vlan11	None
docker0
	 1 PVID untagged
vnet0
	 1 PVID untagged
Top
lebrun78
Posts: 5
Joined: 2019/12/04 09:09:52

Re: link bridge VLANed nic doesn't work

Post by lebrun78 » 2020/02/03 10:42:33

And the switch configuration:

Code: Select all

nterface GigabitEthernet1/0/14
 switchport mode trunk
 switchport trunk native vlan 2
 switchport trunk allowed vlan 10,2,11
Top
User avatar
jlehtone
Posts: 4530
Joined: 2007/12/11 08:17:33
Location: Finland

Re: link bridge VLANed nic doesn't work

Post by jlehtone » 2020/02/03 12:25:56

Does the "trunk native" on the switch mean that:
* incoming untagged packets belong to VLAN 2
* outgoing VLAN 2 packets are untagged
(Different switch brands have different terminology.)
For we prefer all VLAN's tagged.


If you have console access to a host (to fix thing if net goes down), then you could:

Code: Select all

# shut down the VM
# Remove existing connections
nmcli con del "netplan-vlan11 1"
nmcli con del netplan-br_vlan11
nmcli con del netplan-enp0s31f6
# Add host to VLAN 2
nmcli con add type vlan con-name vlan-2 dev enp0s31f6 id 2 connection.slave-type bridge ipv6.method ignore
# Create bridge
nmcli con add type bridge con-name bridge-br11 ifname br_vlan11 bridge.stp no ipv6.method ignore ipv4.method disabled
nmcli con show
# Connect bridce to VLAN 11
nmcli con add type vlan con-name vlan-11 dev enp0s31f6 id 11 connection.slave-type bridge connection.master *UUID* ipv6.method ignore ipv4.method disabled
# Start VM
Note though that *UUID* is the UUID of the new bridge connection, as shown by 'nmcli con show'.

Further note that since we have:

Code: Select all

VM--bridge--vlanif--NIC===switch
* traffic betveen vlanif and switch is tagged
* traffic between VM and vlanif is untagged
Top
lebrun78
Posts: 5
Joined: 2019/12/04 09:09:52

Re: link bridge VLANed nic doesn't work

Post by lebrun78 » 2020/02/03 14:24:18

Thank you for your proposition :
It seems I can'nt set ipv4 or ipv6 properties tobrdgeslaves interface.
I can't create the vlan-2 connection as slave-type bridge. Is it because there is no master bridge ?

Code: Select all

nmcli connection add type vlan con-name vlan-2 dev enp0s31f6 id 2 connection.slave-type bridge
[color=#8000FF]Error: [b]Failed to add 'vlan-2' [/b]connection: connection.master: les connexions esclaves requièrent une prorpiété « master » valide[/color]
nmcli connection add type vlan con-name vlan-2 dev enp0s31f6 id 2 connection.slave-type bridge ipv6.method ignore
Error: invalid or not allowed setting 'ipv6': 'ipv6' not among [connection, vlan, 802-3-ethernet (ethernet), ethtool, bridge-port].

nmcli connection add type vlan con-name vlan-11 dev enp0s31f6 id 11 connection.slave-type bridge connection.master 89621e1d-ab37-488c-bb1a-d7bee462fd7b ipv4.method disabled
Error: invalid or not allowed setting 'ipv4': 'ipv4' not among [connection, vlan, 802-3-ethernet (ethernet), ethtool, bridge-port].

Should not it be better with
VM--------------bridge--NIC===switch
vlanif- /
?
Top
User avatar
jlehtone
Posts: 4530
Joined: 2007/12/11 08:17:33
Location: Finland

Re: link bridge VLANed nic doesn't work

Post by jlehtone » 2020/02/03 16:59:54

My bad. Should not copy-paste-edit too quickly.

The vlan-2 is directly the interface that the host will use. Not a slave.

Code: Select all

nmcli connection add type vlan con-name vlan-2 dev enp0s31f6 id 2 ipv6.method ignore
Enslaved vlan does not have the ipv4 and ipv6 so there is no need to disable them.

Code: Select all

nmcli connection add type vlan con-name vlan-11 dev enp0s31f6 id 11 connection.slave-type bridge connection.master 89621e1d-ab37-488c-bb1a-d7bee462fd7b


There are options:

Code: Select all

=== tagged traffic
--- untagged traffic

A. VM---bridge---vlan11===NIC===switch
B. VM===bridge===NIC===switch
C. VM---bridge===NIC===switch
The A is the traditional that we try to set up. The VM's don't have to know about VLAN's at all.
In B the VM receives all traffic and has to filter what it needs (and could, if evil, use the other VLANs too).
C uses newer bridgeport-based vlan-filtering. Kernel and NetworkManager do support it, but I haven't learned it yet.
Top
Post Reply

Return to “8 /8-Stream / 9-Stream - Networking Support”