Configuring VLANS in Proxmox Network Interfaces

README

This is a quick brain dump to hopefully help explain the other files here.

/etc/network/interfaces is from my working proxmox install with an overly complicated VLAN setup. All configuration is 
based off a forum post by x307 which I have copied here for reference.

My server has 2 sets of NICs hooked up to 2 seperate switches, my main switch runs traffic for management, applications, 
and general home devices. I have a seperate swtich for SAN and Corosync traffic.

eno1 & eno2 are onboard NICs that are teamed in a LAG to the main switch. Proxmox has an IP address on VLAN 10 for 
management, VMs can then access VLANs 1, 10, 20 and 999 through the LAG as needed (home, management, applications and 
DMZ respectively)

ens1f0, ens1f1, ens1f2 & ens1f3 are ports on a quad gigabit NIC, these are bonded as another LAG to the SAN/Corosync 
switch. The switch has the LAG configured with VLAN 11 and 12 present as taggedon the LAG group. Proxmox holds IP 
addresses on both of these, 11 is for ceph traffic and 12 for corosync.

Configuring VMs with access to specific VLANs can either be done within the VM (as I do for pfSense, which has access to 
VLANs 1, 10, 20 and 999 for routing); or by setting a VLAN ID in the network device configuration on the hardware page 
of the VM (or network page for containers).

For Proxmox to access VLANs over a LAG at the same time as VMs, you will need to use openvswitch, follow the instructions 
in the forum post to get it up and running. You will need a bridge interface, this is used as a central point to reference 
other configurations to and for VMs to be nridged through to the network. You will then need bonds if you are doing link 
aggregation which refreence the physical interfaces and the bridge it belongs to. And for each VLAN you want Proxmox to 
access you will need a VLAN interface, set up with IP address and the VLAN ID you wish to assign.

This is all assuming you have an appropriately managed switch that you've configured correctly. If you're not sure about 
that, look it up and find a manual or guide for your specific switch.

Remember that you will need to update your hosts file if you change the IP address that proxmox is to use.

etc network interfaces

# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!

auto lo
iface lo inet loopback

auto eno1
iface eno1 inet manual
#010 --- Physical Interface

auto eno2
iface eno2 inet manual
#010 --- Physical Interface

auto ens1f0
iface ens1f0 inet manual
#020 --- Physical Interface

auto ens1f1
iface ens1f1 inet manual
#020 --- Physical Interface

auto ens1f2
iface ens1f2 inet manual
#020 --- Physical Interface

auto ens1f3
iface ens1f3 inet manual
#020 --- Physical Interface

auto vlan10
iface vlan10 inet static
	address 172.16.9.20/24
	gateway 172.16.9.1
	ovs_type OVSIntPort
	ovs_bridge vmbr0
	ovs_options tag=10
#013 Management

auto vlan12
iface vlan12 inet static
	address 172.16.12.110/24
	ovs_type OVSIntPort
	ovs_bridge vmbr1
	ovs_options tag=12
#023 Corosync

auto vlan11
iface vlan11 inet static
	address 172.16.11.110/24
	ovs_type OVSIntPort
	ovs_bridge vmbr1
	ovs_options tag=11
#023 SAN

auto bond0
iface bond0 inet manual
	ovs_bonds eno1 eno2
	ovs_type OVSBond
	ovs_bridge vmbr0
	ovs_options lacp=active bond_mode=balance-slb
#011

auto bond1
iface bond1 inet manual
	ovs_bonds ens1f0 ens1f1 ens1f2 ens1f3
	ovs_type OVSBond
	ovs_bridge vmbr1
	ovs_options lacp=active bond_mode=balance-tcp
#021

auto vmbr0
iface vmbr0 inet manual
	ovs_type OVSBridge
	ovs_ports bond0 vlan10
#012 Home/General VLAN

auto vmbr1
iface vmbr1 inet manual
	ovs_type OVSBridge
	ovs_ports bond1 vlan12 vlan11
#022 SAN/Corosync

gistfile1.txt

Forum post by x307, copied here for reference:
Source: https://forum.proxmox.com/threads/vlan-tag.38051/#post-187740

Anytime vlans, bonding and bridging are involved I always use openvswitch right away:

The following assumes you're using Proxmox version 5

Add proxmox repo:
Code:

    wget -q -O- 'http://download.proxmox.com/debian/pve/dists/stretch/proxmox-ve-release-5.x.gpg' | apt-key add -


Add Proxmox repo:
Code:

    echo "deb http://download.proxmox.com/debian/pve stretch pve-no-subscription" > /etc/apt/sources.list.d/pve-no-subscription.list


Update apt
Code:

    apt update


Install openvswitch (it MUST be the Proxmox version, from the repo above)
Code:

    apt install openvswitch-switch


Then configure the networking for your hypervisor, something like this (if you're using VLAN 5 and a subnet like 
10.1.5.0/24 for example):
Code:

    auto lo
    iface lo inet loopback


    allow-vmbr0 bond0
    iface bond0 inet manual
        ovs_bridge vmbr0
        ovs_type OVSBond
        ovs_bonds eth0 eth1
        ovs_options bond_mode=balance-tcp lacp=active other_config:lacp-time=fast

    auto vmbr0
    allow-ovs vmbr0
    iface vmbr0 inet manual
        ovs_type OVSBridge
        ovs_ports bond0 vlan5 vlan99

    allow-vmbr0 vlan5
    iface vlan5 inet static
        ovs_type OVSIntPort
        ovs_bridge vmbr0
        ovs_options tag=5
        ovs_extra set interface ${IFACE} external-ids:iface-id=$(hostname -s)-${IFACE}-vif
        address 10.1.5.XXX
        netmask 255.255.255.0
        gateway 10.1.5.1
        mtu 1500


    allow-vmbr0 vlan99
    iface vlan99 inet static
        ovs_type OVSIntPort
        ovs_bridge vmbr0
        ovs_options tag=99
        ovs_extra set interface ${IFACE} external-ids:iface-id=$(hostname -s)-${IFACE}-vif
        address 10.1.99.XXX
        netmask 255.255.255.0
        mtu 9000


Then reboot!