Virtual Machines & Bridges, A Networking Question.

[panzerscope]

Hello all,

I am currently running 3 Windows VM's on my TrueNas Scale. These VM's needed access to the shares on TrueNas, by default this did not work and I had to set up a bridge connection and this worked like a charm. This prior bridge connection was on the same subnet as my TrueNas/Shares. Subnet 192.168.1.0

Recently with a revision of my TrueNas networking, I have an adapter already using the subnet of 192.168.1.0. So any bridge that I create, inherently cannot be a part of that Subnet. So for example I have put the bridge on the subnet of 192.168.2.0. I also created a static route so everything on 192.168.2.0 was pointed to my Gateway 192.168.1.1.

However when launching the Windows VM, they fail to see the 192.168.1.0 network as they cannot mount the network shares. Screenshot of my config below.

I am doing something wrong evidently and wondered if any one can point me in the right direction.

Thanks!
P

 

[sretalla]

I think you really need to read and understand this:

Resource - Multiple network interfaces on a single subnet

We've had a number of people over the years bring up the topic of multiple network interfaces on a single subnet. Often done by Windows administrators or storage admins, where it works to varying degrees, this is sadly not proper IP networking...

www.truenas.com

From the screenshot, you have 3 interfaces all on the same subnet.

 

[panzerscope]

I think you really need to read and understand this:

Resource - Multiple network interfaces on a single subnet

We've had a number of people over the years bring up the topic of multiple network interfaces on a single subnet. Often done by Windows administrators or storage admins, where it works to varying degrees, this is sadly not proper IP networking...

www.truenas.com

From the screenshot, you have 3 interfaces all on the same subnet.

Perhaps I misunderstood it.

However my configuration is that I have 1 interface (ENS6F0) with 2x Alias IP's on the same subnet. The other active interface (ENS6F1) is on the same subnet but that is because it is on DHCP and my firewall assigns that interface with a static IP.

I had read that article before. After reading it again, perhaps it is better to go with LAGG/LACP. From that article it seems that I can combine the network interfaces and still have Alias IP's. Did I understand that correctly ?

I currently have 2x 10Gbe network interfaces which are the the ones I would opt to use.

Thanks,
P

 

[sretalla]

I had read that article before. After reading it again, perhaps it is better to go with LAGG/LACP. From that article it seems that I can combine the network interfaces and still have Alias IP's. Did I understand that correctly ?

Yes, that's exactly the point... all interfaces you're connecting to the same subnet should be aggregated and aliases used to have more than one address on that subnet.

 

[sretalla]

Just to help with that:

Physical NICs -> LAGG -> VLAN (if you have them) -> Bridge (IP of host goes here if this is the primary connection for the NAS) ... then add aliases if wanted/needed.

 

[panzerscope]

Just to help with that:

Physical NICs -> LAGG -> VLAN (if you have them) -> Bridge (IP of host goes here if this is the primary connection for the NAS) ... then add aliases if wanted/needed.

Thanks for that. I do not use VLAN, so less complication there.

Physical NICs -> LAGG -> Bridge

So I assume then I would combine my 2x 10Gbe NICs in LAGG and then add Bridge second ? Just making sure I have it all correct before I go back and start messing around.

I had better configure my switch for LAGG as well!

 

[sretalla]

So I assume then I would combine my 2x 10Gbe NICs in LAGG and then add Bridge second ? Just making sure I have it all correct before I go back and start messing around.

Yes, looks good.

I think you would also make sure that the NICs have the hardware offload turned off before adding them into LAGG too. (check for a post from @Patrick M. Hausen to comform that)

 

[sretalla]

I had better configure my switch for LAGG as well!

Yes, but you can also run in LAGG failover mode if the switch can't be set to LACP.

 

[panzerscope]

Thanks for all your help thus far @sretalla. Much appreciated. Networking I have always struggled with in I.T, not my strong point.

Good point regarding the LAGG in Failover. May do that instead to be honest as I am never going to saturate 2x 10Gbe combined. I would rather have the fallback.

I will give all this a go a little later, I am sure there will be some more question :) Bear with me haha.

 

[NugentS]

You do realise you won't get 20Gb don't you. You need a whole bunch of clients to start to get a use from a LAGG interface. Each client can only use 10Gb

 

[panzerscope]

Hey all.

So I have set up the LAGG with my 2x Interfaces using the Failover mechanism. The "Bond0" Interface has 2x Alias Addresses

192.168.1.10
192.168.1.100

All is well so far, however oddly if I create a Bridge interface (connected to my "Bond0" interface) for my VM's, it kills my connectivity to the server. I have double checked this.

When there is no bridge interface, I can ping both of the above IP's just fine. As soon as I create the bridge, Bam, I can no longer reach the above IP's. The VM's launch and have internet connectivity but no access to the above IP's unsurprisingly.

Why would creating a bridge interface murder my connectivity ? Do the bridges HAVE to have an Alias IP to stop this from occurring ?

For now I have removed the bridge interface and my setup now looks as per below

*Ignore the "eno1" interface, this was setup just so I could play around with all the network settings and not lose access to the GUI.

For any more information my "Bond0" setup is as below.

Thanks in advance,
P

 

[sretalla]

As mentioned before:

NICs -> LAGG (read: bond in your case) -> VLAN (if you have it) -> Bridge (IP addresses to go here if you have any).

You have put the IP addresses on the LAGG interface. Not what I suggested and probably why it doesn't work when you involve the bridge.

 

[panzerscope]

Ahh. Right I see what I did there.

So I have made the changes and fingers crossed everything is looking OK :) Just as an FYI for anyone else, this is what the working configuration would look like.

Thanks to all for your help and putting up with me on this one!