Adding a VLAN

VLAN can be set up on both the virtual machines and on bridges. If the VLAN traffic leaves a virtual environment, it is important for each switch and physical network device to be VLAN-aware and tagged properly. Tagging VMs with the VLAN ID is very straightforward through the Proxmox GUI. Just enter the VLAN ID during the addition of a network interface to a VM or edit the already added vNICs. The following screenshot shows a virtual interface for a VM after it was tagged with a VLAN ID:

In the previous example, we have tagged the interface for VLAN ID 1. This tagging works when the bridge has the VLAN-aware option enabled, or when Open vSwitch has been implemented. When each virtual bridge is configured with a separate VLAN ID, then instead of assigning a tag ID, we will configure the interface to use the bridge for that VLAN. In the following screenshot, we have configured the network interface to use the bridge vmbr1 instead of tagging:

We can also configure a VLAN for bonded network interfaces. For this, instead of assigning a physical interface as a VLAN raw device, we need to create a new bonded interface and then use that for the VLAN raw device, as shown in the following example configuration:

auto bond0 
iface bond0 inet manual 
    slaves eth0 eth1 

auto vlan1 
iface vlan1 inet manual 
    vlan_raw_device bond0 
 
auto vmbr1 
iface vmbr1 inet manual 
    bridge_ports vlan1 
    bridge_stp off 
    bridge_fd 0

In the previous example, we created a bonded interface using the physical ports eth0 and eth1. Then, we created a VLAN interface vlan1 using the bonded interface as the raw device. The new virtual bridge vmbr1 was created from vlan1. Notice that nowhere have we used the VLAN tag. Instead, we created the VLAN raw device based on the desired tag. The name of the bridge is not important here, but the name of the VLAN interface is. If we have to create a bridge for VLAN ID 9, then our configuration will look like this:

auto vlan9 
iface vlan9 inet manual 
    vlan_raw_device bond0 
 
auto vmbr9 
iface vmbr9 inet manual 
    bridge_ports vlan9 
    bridge_stp off 
    bridge_fd 0

Besides the tagged virtual bridge and virtual network interface, in order to make the VLAN work, we also have to configure a physical switch. Without a VLAN, the capable switch network traffic will not be able to traverse between nodes or go outside the local network. Traffic will be limited to inside the node only. Each physical switch comes with its own GUI for switch configuration, but the basic idea of the VLAN configuration remains the same for all.

The VLAN configuration is done on a physical switch by configuring trunks or general ports. The option is usually found by navigating to the Switching | VLAN menu of the GUI. The following screenshot is an example of the VLAN setting on the Netgear GS748T smart switch:

In the previous example, a demo VLAN with ID #9 was set up for the bridge, vmbr9. Next, we have to configure the ports that are part of VLAN 9 under the VLAN Membership menu, as shown in the following screenshot, where we have tagged ports 2, 3, 4, and 5 for VLAN 9:

A good practice to identify which VLAN belongs to which bridge is to use the same number for both the interfaces. For example, a bridge vmbr10 will have the VLAN ID 10. Without some order, in the beginning, bridges and VLANs will quickly get out of control as the network grows over time.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.220.11.34