It seems that OpenNebula part is ok, bridge are created, and interfaces
tagged, and attach to the proper link. I’d review the host part: trunk
interface is attach to anyother bridge, or any of the interfaces bonded?
are the VMs doing also tagging? Probably to debug your host configuration
is better to take a step back , and find out why your are seein tagged
traffic in other tagged interfaces, i.e. why are you seeing traffic from
VLAN 255 in trunk.10 (you can do this without VMs)