Tagged and Untagged Vlans in a Virtual Machine

[soundman87]

I am trying to set up a virtual machine that has both an untagged vlan and multiple tagged vlans. The main untagged network is working like it should but I can not get network traffic on the untagged vlans.

I have created vlan interfaces connected to the parent interface within TrueNAS Scale.

I have tried various combinations of bridges and parent interface. What do I need to do to get multiple tagged vlans in the a VM?

 

[Patrick M. Hausen]

A bridge with each VLAN interface as member on the host side and multiple virtual network interfaces in the VM, each connected to one bridge.

 

[soundman87]

A little confused:
So if I have four vlans, I need to have 4 bridges each with only 1 vlan interface in it. Then in the VMs i need to have 4 NICs each connected to each bridge. What is the point of the bridges then? I could connect each vlan directly to a VM NIC.

Or are you saying 1 bridge with 4 vlan interfaces in it. (this way does not work in the VM)

 

[Patrick M. Hausen]

So if I have four vlans, I need to have 4 bridges each with only 1 vlan interface in it. Then in the VMs i need to have 4 NICs each connected to each bridge.

Correct. Would be exactly the same in e.g. VMware. One port group per VLAN, one interface connected to each port group for the VM.

What is the point of the bridges then? I could connect each vlan directly to a VM NIC.

In which case TrueNAS would automatically create 4 bridges for you which might work and then might not. The recommendation to manually create the bridges is about explicit control of the topology. The VM has got a virtual interface, the VLAN or physical interface connects to the network. How do you think the two can be connected but with a bridge? Also if the TN itself needs an IP address in that VLAN, that address must be configured on the bridge interface, not on the VLAN interface. That is definitely mandatory for TN CORE and if I read the past discussions correctly also for SCALE.

One method to avoid this complexity: if you have a NIC to spare you can use PCIe pass through to map it into the VM and do all the VLAN configuration inside. Downside: traffic from VM and to TN host and vice versa goes through the switch.

 

[ijdod]

Correct. Would be exactly the same in e.g. VMware. One port group per VLAN, one interface connected to each port group for the VM.

Correct. Would be exactly the same in e.g. VMware. One port group per VLAN, one interface connected to each port group for the VM.

It can be the same in VMware, but it doesn't have to be. You can configure your portgroup for vlan 4095. This tells the vSwitch to pass the vlans tagged to the VM. You need to configure the VM to work with tagged vlans, of course, but this way you can use multiple vlans on a single interface in your VM. Iirc VMware calls this VGT (Virtual Guest Tagging).

The Linux bridge can do something similar but it looks like TrueNAS Scale has not implemented this yet.