Set up a macvlan interface in a [with a] VLAN [tag]

I just forcefully removed a virtual which did a number on my VMs, such as leaving them without an assigned virtual port; it was a completely random accident that lead to finding out why this message of repeated packets or something along those lines that has been appearing regardless of routing platform.

I thought it was related to some unmanaged switch passing trunk ports, or a misconfigured router of several sharing the same networks. I reassigned the networks using Fusion to connect remotely and work much more faster on vSphere, and since it shows the console, that's where I caught the message started repeating the second I added a reconnected the second vNIC. They might be different in the abstraction but down on layer 1 they're the same thing and some routers are vocal about it.

I have, or would have, a single vNIC on DSA, in other words: it's in a bridge from where VLANs span...all that. Normally, it wouldn't be an issue but my PPPoE-based access is bridged from the optical network into a VLAN, and I can bring up that type of connection in a subinterface, as the log would repeat endlessly. Thus I added the second vNIC which now I know is what spams the log with these warnings/notices.

I've done a little homework, and a little bit from Docker, from Unraid and from Red Hat I learned that using either macvlan or better yet, macvtap interfaces I can fake an L1 interface that piggybacks on a real one so they're independent and don't conflict with each other.

I was doing just that when I realized there's one part I didn't think through: how am I supposed to specified the VLAN on it? And then the floodgates opened:

  • Do I use it as a parent interface for another or can I just assign it directly.
    • ...and if I assign it directly, which parent interface am I supposed to pick?
  • I assume it's eth0 and not bridgename or bridgename.881, right?
    • ...but if I pick eth0, what happens to somebridgename, will it stop working?
      • Will I need to assign it its own pair like veth interfaces?

It was going so well. A little help, please.

Pretty please? =)

So… I've been trying to sort this out. I re-read the Docker documentation and copied it the setup, but PPPoE doesn't allow to be buried that many layers down, I guess.

802.1Q trunk bridge mode

If you specify a parent interface name with a dot included, such as eth0.50, Docker interprets that as a sub-interface of eth0 and creates the sub-interface automatically.

$ docker network create -d macvlan \
    --subnet=192.168.50.0/24 \
    --gateway=192.168.50.1 \
    -o parent=eth0.50 macvlan50

Anyway, while I still don't know if this will fix the issue, at least I found a way to make it work with a single interface, which I thought I should share for those who don't have the option of adding additional interfaces.

I made a little drawing mapping out my results no-color/grayscale means: no [apparent] issues. any other color means you're almost there but not really or… y'know–just look at the interface's screenshot. =)

If it's not obvious already, the ONT connects to an access port on VLAN 881

…which is actually the same VLAN used on the other side of it, that way I can connect the red "Internet" port of one of my old ISP-loaned modems that I payed to keep and it works as if it was connected to a xDSL line.

I think I may have just answered my own question.

If Docker needs to create the macvlan interface in a subinterface so is tagged, and on verious sets of documentation from different vendors the lack of mention of VLANs, VLAN IDs, tags, or anything related to VLAN except for the string "vlan" in "macvlan", it would seem macvlan is a virtual LAN alright, just not an Q-type "traditional" VLAN we think about when we hear that word.

So the issue is not the macvlan interface but rather the PPPoE interface. Argh! :face_with_symbols_over_mouth: Why didn't I have that epiphany two days earlier.

Fortunately, I'm well familiar with the hypervisor, and I did think on something else; I can influence the NIC the traffic should be routed through according to port group. i.e; port group of VLAN4095 should be distributed across NICs 1-4, while port group 881 should failover to NICs 1-4 when 5 is not available. For anyone using vSphere, this is doable even without vCenter.

I'm slightly confused, didn't you have done a little bit of resource before? What do you think that the v in vlan stands for? The vlan is virtual. The macvlan enables Linux to create a new device on top of a physical one and it behavs like a real one.

How ever this section but the whole page is quiet good https://developers.redhat.com/blog/2018/10/22/introduction-to-linux-interfaces-for-virtual-networking#macvlan and in general at least a brief look at the kernel documentation or Wikipedia is a good starting point.