Hi all! I need some guidance on virtual machine vl...
# harvestera
adorable-engine-54269
06/12/2025, 6:00 PMHi all! I need some guidance on virtual machine vlan networking.
Is it possible to have an untagged network in harvester send /receive tagged packets through it? will harvester pass the tagged traffic? I assume return traffic to the untagged network wouldn’t be processed right? is there a better way to do this?
for example: I have a vm here (dubbed vm-1) that has a eth0 interface with no tag (traffic gets dumped on vlan 100) and two interfaces that dump tagged traffic on the eth0 interface (vlan101@eth0 and vlan102@eth0)
vlan 100 - untagged network configured on harvester. upstream switch takes the untagged traffic and dumps it on vlan 100. vm-1 is connected to this network and traffic is flowing as expected.
vlan 101 - tagged network configured upstream on the switch
vlan 102 - tagged network configured upstream on the switch
the traffic on the interface for vlan 100 works as expected but im not receiving traffic for vlans 101 and 102 over the eth0 interface
adorable-engine-54269
06/12/2025, 8:24 PMhttps://github.com/harvester/harvester/issues/8271 this seems to align closely to this issue. ill keep an eye on that issue for now and try to find some workarounds
b
bland-article-62755
06/12/2025, 10:07 PM> Is it possible to have an untagged network in harvester send /receive tagged packets through it? will harvester pass the tagged traffic? I assume return traffic to the untagged network wouldn’t be processed right? is there a better way to do this?
Yes and No. You can... but you can't.
bland-article-62755
06/12/2025, 10:08 PMWe did this initially but I'll add it was a terrible idea, and you shouldn't do it.
a
adorable-engine-54269
06/12/2025, 10:14 PMI forgot to post earlier but modifying the l2 vlan network like that issue above suggest worked. I do have to create a l2 network for each vlan so the bridge gets that vlan ID tagged on it but thats alright.
b
bland-article-62755
06/12/2025, 10:15 PMIt's complicated, but I'll try to break it down.
Let's say you have:
• On the Host/Node - eno1 - Which has your mgmt VLAN untagged (we'll call it 100
• On the Host/Node - eno2 - Which has VLAN 101, VLAN 102 Tagged.
• You set up a Cluster Network Called
trunkeno2101102trunkbland-article-62755
06/12/2025, 10:17 PMYou can (again terrible idea) write a script that undoes the tagging on the host. and get the trunk connection that way. Then you can add the
trunkbland-article-62755
06/12/2025, 10:18 PMThe problem is that k8s goes and checks the configs and "fixes" them so you have little network blips for like .5 seconds.
bland-article-62755
06/12/2025, 10:18 PMMuch much better to just break out the VLANs via
ClusterNetworkbland-article-62755
06/12/2025, 10:19 PMBut I might be able to get you the script we used.
bland-article-62755
06/12/2025, 10:21 PMWe set that back up in 1.2.x but it looks like the feature will get supported in 1.6.x
a
adorable-engine-54269
06/12/2025, 10:21 PMyeah, I look forward to the trunk feature as that would satisfy the requirement of this vm (openstack controller)
b
bland-article-62755
06/12/2025, 10:22 PMYou can still just break out all the network connection instead of the trunked network (I think) and be just fine. I think.... you can can even specify the MAC so it all looks the same
bland-article-62755
06/12/2025, 10:26 PMBTW those "Active/Inactive" badges can be super misleading.
bland-article-62755
06/12/2025, 10:26 PMBut that vlan0 thing might work better than what we were doing.
bland-article-62755
06/12/2025, 10:27 PMbut we had an untagged vlan and tagged coming in on the same port when we were trying to figure this all out.
bland-article-62755
06/12/2025, 10:29 PMI think what we're going to end up doing from now on is Lagging our two big nics (25/50/100G) WIth all the VLANs tagged in it as the mgmt connection and break out the VLANs from that HA connection instead of having a single point of failure for VM networks and the mgmt network.