| View previous topic :: View next topic |
| Author |
Message |
bastibasti
Guru
Joined: 27 Nov 2006
Posts: 590
|
 Posted: Tue Jan 28, 2025 8:48 pm Post subject: VLAN setup fails. |
 |
|
Hi,
I want to setup a vlan, on top of my br0, however I get
Cannot add non-existent interface eth0.100 to br0
The two ips for the ethernet have nothing to do with the VLAN. they now also exist.
do I need to add a /etc/init.d/net.eth0.100??
| Code: |
# VLAN-Aware Bridges for KVM Networking
# Disable direct eth0 configuration (used by bridge br0)
config_eth0="null"
# VLAN Configuration
# Create VLAN interfaces on eth0
vlans_eth0="100 101"
config_eth0_100="null"
config_eth0_101="null"
# Bridge Configuration (Single Bridge for Both Networks)
bridge_br0="eth0.100 eth0.101 tap0 tap1 tap2 tap3 tap4 tap5 tap6 tap7 tap8"
brctl_br0="setfd 0 sethello 0 stp off"
rc_net_br0_need="net.tap0 net.tap1 net.tap2 net.tap3 net.tap4 net.tap5 net.tap6 net.tap7 net.tap8"
# Assign both IPs to br0
config_br0="192.168.1.2 netmask 255.255.255.0 brd 192.168.1.255
192.168.200.1 netmask 255.255.255.0 brd 192.168.200.255"
|
|
|
| Back to top |
|
 |
zen_desu
Tux's lil' helper
Joined: 25 Oct 2024
Posts: 111
|
| Posted: Tue Jan 28, 2025 8:57 pm Post subject: |
|
|
We may have a similar setup. this works for me, just by starting net.br0
| Code: |
lrwxrwxrwx 1 root root 6 Jan 22 2024 /etc/init.d/net.br0 -> net.lo
lrwxrwxrwx 1 root root 6 Aug 9 2023 /etc/init.d/net.ethernet -> net.lo
-rwxr-xr-x 1 root root 20018 Jul 26 2024 /etc/init.d/net.lo
|
/etc/conf.d/net
| Code: |
config_ethernet="null"
mtu_ethernet="9000"
vlans_ethernet="10 255"
ethernet_vlan10_name="lan"
ethernet_vlan255_name="management"
config_lan="null"
bridge_br0="lan"
config_br0="dhcp"
rc_net_br0_need="net.ethernet"
|
For my setup, "ethernet" is the name of the interface, and I have br0 on vlan 10, that way i can share it with VMs/containers and they get a DHCP lease from my router and act like a device on that network.
_________________
µgRD dev
Wiki writer |
|
| Back to top |
|
|
szatox
Advocate
Joined: 27 Aug 2013
Posts: 3487
|
| Posted: Tue Jan 28, 2025 9:07 pm Post subject: |
|
|
| Quote: | | want to setup a vlan, on top of my br0 |
I understand that sentence like this:
| Code: | br0.100 br0.101
br0
eth0 |
Why are you trying to bridge vlans instead (in the attempted config)?
The difference is that in "my" case your host gets access to packets tagged with respective vlan IDs, and in "your" case incoming packets get their vlanID changed before they get sent back to the networks, which is generally a bad practice (crossing vlans is considered a security failure), and I have a very hard time trying to justify it on a single physical device.
So... What is it you're actually trying to do?
_________________
Make Computing Fun Again |
|
| Back to top |
|
|
bastibasti
Guru
Joined: 27 Nov 2006
Posts: 590
|
| Posted: Tue Jan 28, 2025 9:22 pm Post subject: |
|
|
ok I basically have two different things to be achieved.
My br0 has two ips, since I have my iot devices in a different subnet, that so far works. the server is also natting the 200/24 subnet.
i have the br0 so my KVM can bridge to the ethernet card.
Then the server also runs KVM VM's in bridged mode. the vm has an own mac and ip.when the VM gets heavy network load, my switch usually replies with "no traffic anywhere". my assuption was that there are two mac adresses on one port on my switch. - so someone mentioned I should have vlans, and separate the server traffic and vm traffic each into a vlan. (I extra bought a new switch  )
Any advise is very welcome.
Would using a separate nic for each VM be better? |
|
| Back to top |
|
|
szatox
Advocate
Joined: 27 Aug 2013
Posts: 3487
|
| Posted: Tue Jan 28, 2025 11:31 pm Post subject: |
|
|
You can have as many MAC addresses on a single switch port as it can fit in it's memory.
VLANs are useful for segregating traffic which should not be mixed together, either for security or performance reasons. At a small scale, it makes sense to e.g. isolate wifi from wired network, or keep IoT madness away from your home.
| Quote: | | I extra bought a new switch |
Is it a managed switch? One smart enough to understand VLANs?
Anyway, bridging your VMs to a physical interface is an easy way to let them connect to the router. It is OK-ish; shouldn't cause trouble unless you have some specific requirements.
The "no traffic anywhere" is weird. Does it even come from the switch though? I've seen similar from routers after its uplink died. A switch would probably just become a hub instead.
Is it possible that you have a loop somewhere?
A switched network will still work as long as STP fixes the issue in software, but overloading one of the switches would result in a packet storm, and then your own system might generate this error.
| Quote: | | so someone mentioned I should have vlans, and separate the server traffic and vm traffic each into a vlan. |
It does make sense to have a management network isolated from VM network, so VMs can't snoop on host's sensitive traffic. I don't think it is related to your problem though..
Anyway, I've been using a setup with a bunch of single-purpose VLANs on my eth0, where vlan interfaces were enslaved by bridges named after VLAN ID to make things easier for myself in the future, so in your case it would be br100 and br101 (and maybe br200 for IoT, on top of eth0.200 to keep it consistent with its IP range and have 1 thing less to remember).
zen_desu's config is a pretty good start, go ahead and modify it to suit your interface names.
BTW, why do you have so many tap devices defined in your config? Don't your VMs create their own tap interfaces when you start them? You just need to define a bridge they will eventually connect to.
_________________
Make Computing Fun Again |
|
| Back to top |
|
|
bastibasti
Guru
Joined: 27 Nov 2006
Posts: 590
|
| Posted: Wed Jan 29, 2025 8:58 am Post subject: |
|
|
Hi, thanks for your thoughts on this.
| Quote: | Zitat:
I extra bought a new switch
Is it a managed switch? One smart enough to understand VLANs?
|
YES, its a HP 1810. Previously it was a ultra cheap 24 port Netgear switch.
| Quote: | | BTW, why do you have so many tap devices defined in your config? Don't your VMs create their own tap interfaces when you start them? You just need to define a bridge they will eventually connect to. |
a couple of years ago the server would handle openvpn, and i just left it untouched. now the tap devices are used by the VM's. I never thought QEMU would auto-create the tap devices. that makes things easier - so I can remove them.
So my problem:
If I ran too much traffic on the KVM, the other non-VM clients would start seeing trouble - most noticeable in teams meetings, and pings to quad-1 for example would become laggy.
Then it would randomly put the clients to 100mbit and finally stop working all together. At that stage ping inside the LAN also would not work.
The switch was still on and would blink, but I would have to restart the switch in order to get it back to work.
About loops. Tough to find out. The original 24 port Netgear switch was bought for that reason. Before I had multiple small switches, which was a mess, and everything was reorganized.
I now have
| Code: |
+--------+
| Router |
+--------+
|
|
+------------------+
| 24-port Switch |
+------------------+
| | |
| | |
Server Clients Small Bench-Switch
| |
| |
KVM +-------------+
| 3 Clients |
+-------------+
|
|
|
| Back to top |
|
|
szatox
Advocate
Joined: 27 Aug 2013
Posts: 3487
|
| Posted: Wed Jan 29, 2025 1:12 pm Post subject: |
|
|
That's a really neat diagram. I guess there are no loops, it looks simple enough you'd notice this kind of a mistake.
| Quote: | Then it would randomly put the clients to 100mbit and finally stop working all together. At that stage ping inside the LAN also would not work.
The switch was still on and would blink, but I would have to restart the switch in order to get it back to work. |
Degrading the speed indicates poor signal quality, so it could mean a damaged or low quality cable or a damaged port.
Some chipsets also cause trouble; I think Ralinks were known for bringing LANs down, and now I have an RPi which once in a while gets in a fight with my laptop's dock, and then the connection starts dropping exactly half of the traffic.
Basically, I think it is a hardware problem. Try replacing things, one piece at a time. Put a new, shielded cable there, separate your server from the main switch with another switch, replace your ethernet adapter if you have another one lying around... Or maybe get rid of that bench switch. Replace it with that old Netgear if you're short on ports.
Also, when your network goes bad, does it affect your whole network, or only a single port on the switch? Can you move the cable to a different port and keep going? It could help narrow down the area in which your culprit resides.
_________________
Make Computing Fun Again |
|
| Back to top |
|
|
bastibasti
Guru
Joined: 27 Nov 2006
Posts: 590
|
| Posted: Thu Jan 30, 2025 2:33 pm Post subject: |
|
|
ok, thanks for sharing your thoughts. I appreciate it.
As I said, i have replaced the netgear with an hp switch and during the last 2 days no fiber connection (some road works had destroyed a big cable in out area) so from today I will be testing. until now, I cannot see any dropouts, so I suspect the old switch beeing sub-optimum.
THANKS again. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
