Hello,
I know that my question is not explicitly OpenNebula centric. But I really hope that someone of you has solved the following problem already.
My target:
I would like to have a pfSense (or any other firewall solution) VM that only has two NIC interfaces.
Those NIC interfaces should be VLAN aware (trunk ports) such that I can create VLAN interfaces inside the VM.
I don’t want to attach multiple (non VLAN aware) NIC interfaces to that VM (I already know that this would work - but it does not scale).
My current situation:
I have a bridge (br0) that receives all traffic for a host.
This bridge is also available in OpenNebula (BRIDGE="br0" - no security groups).
The host itself also uses that bridge (and other bridges) to access various VLANs.
If the host uses for example VLAN ID 3210 I don’t get packets (other than ARP) in that VLAN inside the VM.
The reason for this is understandable. The packet is not transmitted to both points:
-
br0- where the VM is connected to -
br0.3210- the VLAN the host uses
Anyway I am quite sure that there must be a solution for this because our Ganeti Cluster with OpenVSwitch allows it.
For good reasons I don’t want to use OpenVSwitch anymore.
Therefore I hope that someone has an alternative solution for my problem using the Linux Bridge.
Many thanks in advance
Best regards,
Bernhard J. M. Grün
btw. the problem is also described here: http://alesnosek.com/blog/2015/09/07/bridging-vlan-trunk-to-the-guest/ (no solution)