Linux bridge - Access and Trunk ports?

vrod

Active Member
Jan 18, 2015
233
35
28
29
Greetings everyone,

I am getting some rackspace of 5U and would like to use it as good as possible. Therefore I have created a linux bridge through a ubuntu VM which has 2x dual 10gb cards and 2x 1gbps adapters running in passthrough mode.

The bridge also has a single VMXNET3 adapter which runs in vSwitch1 so i can also connect other VM's on the host to the bridge network. The bridge works fine and I can also use VLAN tagging... Now, my question here is that I would like to know if it's possible to use an interface from the bridge just as an "access-port"? Meaning, there will not be going any tagged vlan traffic through this, just untagged.

Reason is, I need an uplink for the WAN connection which I can distribute over trunk to the other 4 hosts that I will be having. Is such thing possible, does it need to be done with something like eth0.X interface? Also on the other end, I would like all the other interfaces in the bridge (including the VMXNET3) to ONLY do tagged traffic, like a trunked port. I'm naming it trunked/access port since I have been living in the cisco world for a while. :)

Would openvswitch eventually be a better choice?

Thanks!
Chris
 

vrod

Active Member
Jan 18, 2015
233
35
28
29
no inputs? Would it be easier to go to vyatta/vyos?
 

Blinky 42

Active Member
Aug 6, 2015
615
230
43
46
PA, USA
I typically create a bridge per vlan so that I can explicitly add physical ports and vm ports to a bridge as needed and avoid traffic being sent to where it isn't needed.
For example I will have eth1.12 a member on br12 along with any VM ports that need access too VLAN 12, with individual VM interfaces per VLAN instead of tags being used within the VM. This lets the physical nic split the traffic out into queues & interrupts on the way in vs multiple layers considering and tossing packets they are not interested in.
Performance difference isn't noticeable at low utilization, but makes a huge difference when doing 10G-20G+ of traffic and having time left over on the box to do other things.
 

vrod

Active Member
Jan 18, 2015
233
35
28
29
I typically create a bridge per vlan so that I can explicitly add physical ports and vm ports to a bridge as needed and avoid traffic being sent to where it isn't needed.
For example I will have eth1.12 a member on br12 along with any VM ports that need access too VLAN 12, with individual VM interfaces per VLAN instead of tags being used within the VM. This lets the physical nic split the traffic out into queues & interrupts on the way in vs multiple layers considering and tossing packets they are not interested in.
Performance difference isn't noticeable at low utilization, but makes a huge difference when doing 10G-20G+ of traffic and having time left over on the box to do other things.
Yeah I've looked around and found some people who was doing that. However, I don't want to create a bridge for every single VLAN. I might be using over 20 and that would pose a complex config file.

Here's what I want to do:
Internet (access port, vlan99) -> switch -> servers (trunked all vlans)

In cisco its just configuring an access port for a vlan, then trunk it to other seitches or servers on a different port. I would guess that this could also be done in linux. I found a post where people are recommending ebtables. Gonna look into that.