In certain scenarios we might need to forward a full VLAN trunk to a VM. In this article we go through a process of virtualizing a switch in ProxMox to achieve this easily.
Before You Begin
We assume the trunk ports are already configured on the router and switch the Proxmox machine connects to.
Starting off with a fresh installation of ProxMox (ip address of the server in this example is 10.0.0.1), the following network configuration is present on the server: WebUI: https://10.0.0.1:8006
The starting configuration file: /etc/network/interfaces
auto lo
iface lo inet loopback
iface ens18 inet manual
auto vmbr0
iface vmbr0 inet static
address 10.0.0.1
netmask 255.255.255.0
gateway 10.0.0.254
bridge_ports ens18
bridge_stp off
bridge_fd 0
1. Install OpenVSwitch
To enable vlan passthrough, we need to use the Openswitch package that allows us to virtualize a physical switch. This way we are not only able to assign virtual machines to certain VLANs, but to pass through whole trunk ports, this way we can even run a firewall or router as a VM on the ProxMox host.
2. Edit the interface and virtual bridge configuration
Now we need to replace the content of the interfaces file with the following.
Please make sure you use the interface name that was used in the original file, in our case it's ens18, your interface might have a different name!
Under the virtual bridge you MUST specify which vlans are allowed through the virtual switch! Here VLAN 1, 2, 100, 101 and 102 are passing through vi /etc/network/interfaces
# The loopback network interface
auto lo
iface lo inet loopback
# The virtual network switch
auto vmbr0
iface vmbr0 inet manual
ovs_type OVSBridge
ovs_ports ens18 vlan1 vlan2 vlan100 vlan101 vlan102
# The primary network interface
auto ens18
iface ens18 inet manual
ovs_bridge vmbr0
ovs_type OVSPort
# The management interface on vlan1
auto vlan1
iface vlan1 inet static
ovs_type OVSIntPort
ovs_bridge vmbr0
address 10.0.0.1/24
gateway 10.0.0.254
ovs_mtu 1500
3-1. Connect VMs to the trunk
To forward the whole trunk to a virtual machine in ProxMox, just assign the network interface the regular way, the Bridge is our virtual bridge 0 (vmbr0), with no VLAN tags.
3-2. Connect VM to a specific VLAN
It is probably the most common scenario, to connect a virtual machine to a specific VLAN, so no tagging on the VM itself is necessary. Just use the appropriate VLAN tag when configuring the network interface. In our example VLAN 2
Comments