Help with multiple network adapters configuration.

[SeRiusMe]

Hi, I'm new to unraid. Trying to migrate from a plain debian server I had raised myself.

 

I'm having problems with the network configuration. I hope someone can give me a hand.

The server, apart from the dedicated IPMI interface has two RJ45 adapters (eth0, eth1) and I did put a 10GBe mlx_4 PCIE card (eth2) on it. It was already in use before, in the previous system in the desired configuration.

 

My intention is running the following configuration:

eth0 port as a management network at vlan 3. It is connected to an untagged port at id 3.

eth2 connected to a trunk switch port configured (tagged) for vlans 2 and 5. (untagged or main vlan for this port is 3)

 

I have configured the following settings:

 

As you can see, I have to leave the eth2 interface disabled, because when it is online, all network connections reset after some seconds.

So if I access the Krusader container GUI, it's frozen after some seconds. If I establish a SSH session, it's closed after some seconds. 1-2 minutes aprox.

 

What's the problem?

Edited May 21 by SeRiusMe
Spell

[MAM59]

Several Things are at least "improvable".

 

Install the plugin "mellanox firmware tools" and check the settings

Keep an eye on your FW Version. If it is below 2.42.5000 you will need to update it before you can proceed (yeah, those nasty resets...) The plugin will provide the

download links and the flash tools for you. Follow the orders.

 

Then keep in mind, that eth0 is the prefered interface for data access, so you should assign the card with the highest speed to this name.

 

How do you assign?

Under "settings"-"network settings" you can find a section (or tab depending on your GUI settings) called "interface rules".

 

Pick your Mellanox card for eth0 assign the others accordently.

 

Reboot

 

Now your lan resets should be history (if not and you are using RJ45 connections, check the cables!!! most of them wont work stable with 10G. They got a link, but once real action kicks in, the link breaks and the line is reset. Fiber or DAC is strongly recommended!!!).

 

Next, reconsider your VLANs! there should be only ONE default gateway pointing to the real router that can access the internet. Not every card needs one! The more there are, the more dices you through and the more likely will be loss of data and connectivity.

No idea what you need them for, but keep them as low as possible.

UNRAID is not designed to limit management access to certain VLANS. It will open the GUI on every card it finds. You need an external device like a firewall to cut it off. But for checking the licence internet access is needed at least once.

 

[SeRiusMe]

Thank you very much @MAM59, that's a good amount of info. I'll proceed by steps. I'm still doing the data transfer from the disks and can't afford a dropout.

 

I've installed the plugin and that's the output:

Mellanox Network Card:
Temperature:         62 °C
Info:
	FW Version:      2.31.1602
	FW Release Date: 9.11.2014
	Product Version: 02.31.16.02
	Rom Info:        type=PXE version=3.4.225 proto=ETH
                     type=UEFI version=10.3.39 proto=ETH
	Device ID:       4099
	Description:     Node Port1 Port2 Sys image
	GUIDs:           ffffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffff
	MACs:            REDACTED REDACTED
	VSD:
	PSID:            MT_1270112023

 

Quote

Then keep in mind, that eth0 is the prefered interface for data access, so you should assign the card with the highest speed to this name.

Roger! I'll do. Anyway it sound strange to me. That will be the first server that I manage that doesn't have a "default" management interface as the first.

 

The mellanox is connected through a DAC coax cable. Never had a problem with it. This server was previously configured as a Proxmox node, and I simply tried to replicate the configuration. I only have 3 VLANs + the WAN one.

Now, I'm not completely understanding what you're saying about the VLANs. Talking of this one server, the NAS services should be accessible to the LAN (2). But all my IoT services run in an isolated VLAN (5) that includes Plex/Emby that I'll be running on this server. So next I'll be trying to bind the containers to their respective VLAN. I'm currently installing the containers and importing their previous data (influx, timescale...) while the data copies on the array.

 

I have an opnsense router implemented. Just migrated from pfsense as recent updates broke my installation and I got tired. That router manages all the inter-vlan and wan isolation. Also I have two more servers with Proxmox.

 

What do you mean with reconsidering the VLANs? Is that Unraid can't provide shares for users on the LAN and running containers attached to the IoT vlan?
That's strange. Do Downloading users have all them on their LAN without isolation?

Edited May 21 by SeRiusMe

[MAM59]

40 minutes ago, SeRiusMe said:

FW Version:      2.31.1602

Yeah, this definatly needs an update. If you worry why it worked without on other OSs: it depends on the driver. Some of them contain everything by themselfs, others, like UNRAIDS offload many tasks to the firmware of the card. They only have a mini-driver. Therefor you need to keep the firmware recent.

But BEWARE; there are many many versions of these cards out there, be sure to download and flash the CORRECT one! Keep the PSID in mind it will lead you to the correct driver on the download page.

(if you flash the wrong one, you could brick the card. Flashing under Windows does not work anymore since Win7. Do it from this plugin in UNRAID)

45 minutes ago, SeRiusMe said:

What do you mean with reconsidering the VLANs? Is that Unraid can't provide shares for users on the LAN and running containers attached to the IoT vlan?
That's strange. Do Downloading users have all them on their LAN without isolation?

I am just puzzled what they are good for. There is no special "management" VLAN on UNRAID, this is not a HP or DELL Server. Also those management accesses contain usually a virtual desktop and access to the hardware of the computer. Not here. Its just a PC with BIOS/UEFI and a Webserver that allows remote administration.

Of course you can give containers access to certain VLANs, but if you give them a default gateway too you imply that this vlan has an escape somewhere which is not true I think. So leave out those gateway entries or your LAN users may run into problems.

Remember the Highlander: "THERE CAN ONLY BE ONE" :-)))

If you want to seperate your IOT Stuff, its ok.

 

[SeRiusMe]

I'm afraid that there's no newer firmware for my card. In fact, it appears that I have one newer than the manufacturer 🫣

 

Quote

FW Version: 2.31.1602

[MAM59]

hmm... strange... i am not really a mellanox specialist, dunno the differences between -XCEN and -XCCN.

Maybe somebody here can offer deeper info. Or, ask the author of the plugin (support page!) for help.

As far as I know, 2.42.5000 was available for ALL X3 cards, but again, I maybe wrong...

 

[SeRiusMe]

Excuse me @MAM59. How I must do the network change you told me first?

As soon as I change the rules, it asks for reboot. And then it loses connection.

I had to psysically reach the server and alter the rules config file to revert the change and reboot.

[Vr2Io]

11 hours ago, SeRiusMe said:

As you can see, I have to leave the eth2 interface disabled, because when it is online, all network connections reset after some seconds.

This odd, I have similar config. but only use one interface, management subnet were untag and others subnet were tag.

 

Edit : Pls try don't untag vlan 2 to eth2.

 

Pls also ensure, no bridge or inter vlan routing between different subnet at router side for troubleshooting.

Edited May 21 by Vr2Io

[MAM59]

8 hours ago, SeRiusMe said:

As soon as I change the rules, it asks for reboot. And then it loses connection.

 

I had to psysically reach the server and alter the rules config file to revert the change and reboot.

This is normal, because the interfaces change you have to change the cables too (considering your switch and or firewall are configured to those ports). Or change the network config.

What was eth2 before is now eth0, cards change, config stays. So without changing the config the vlans are now on the wrong ports.

If I would be you, I would delete all network, make the mellanox eth0, reboot and start from scratch (attaching the mellanox to a port without restrictions).

KISS (keep it simple and stupid)

Then look, if connection is stable, if not, try to find a fw update.

If all this works well, continue to add Vlans (or, if you only need that IoT seperation, just use one of the other cards for that LAN, leave the VLAN stuff to the switch),

 

[SeRiusMe]

2 hours ago, MAM59 said:

If I would be you, I would delete all network, make the mellanox eth0, reboot and start from scratch (attaching the mellanox to a port without restrictions).

Yesterday late, I've been trying what you suggested. I deleted network.cfg from the config folder and changed network-rules.cfg for the mellanox to be the first interface, but the server never had communication upon reboot. I think there must be other net configuration file interfering that it's not in the boot folder.

 

The 10gbe cable is attached to a port with no restrictions, so it was the RJ45 one, but after a while, I changed that last port on the switch to only be vlan3 (mgmt).

     The 10Gb link: vlan id 3, Tagged for 2, 3, 5.

     The RJ45_1 link: vlan id 3, Untagged for 3.

I'm a developer, not a networking technician. But when I bought this router it was different to the one I had before. For a port to be a "client" one, you must give it the id of the target lan and untag it for that vlan. That means that will only accept untagged frames, (all, because the device is not configured for vlans) and will be tagged for the vlan.

Then a trunk must be given the id of the main/default vlan, and then tag all the vlans that will accept. It will accept only tagged frames.

 

I'm afraid that it is not possible to disable inter-vlan routing at my router. My systems would stop working.

The main problem is that I think that my NAS should be at the LAN. Because I understand that the users storage function is more important than media storage. But that media storage must be served to the media devices, the TV for example, the services and players that organize and serve the content, all of them are on the IOT vlan.

And I want a good bandwidth for my storage, but is also needed for the media.

 

Now, I have the interfaces configured as:
 

Interface eth0
Interface description: (RJ45 1GB Untagged 3)
MAC address: REDACTED
Enable bonding: No
Enable bridging: No
Network protocol: IPv4 only
IPv4 address assignment: Static
IPv4 address: 10.1.3.20/24
IPv4 default gateway:10.1.3.251
IPv4 DNS server assignment: Static
IPv4 DNS server: 10.1.3.251
Enable VLANs: Yes

Interface eth1: Shutdown (Inactive)

Interface eth2
Interface description: (Mellanox 10Gb DAC Trunk)
MAC address: REDACTED
Enable bonding: No
Enable bridging: No
Network protocol: IPv4 only
IPv4 address assignment: None
Enable VLANs: Yes

Interface description: LAN
VLAN number: 2
Network protocol: IPv4 only
IPv4 address assignment: Static
IPv4 address: 10.1.2.30/24
IPv4 default gateway: 10.1.2.251
 
Interface description: IOT
VLAN number: 5
Network protocol: IPv4 only
IPv4 address assignment: Static
IPv4 address: 10.1.5.30/24
IPv4 default gateway: 10.1.5.251

 

The problems I see: Vlan is active for eth0, but I can't remove the main Ip configuration. I know that this combination is wrong and is the cause that I don't have communication on this interface. But the other works without interruptions.

If I configure a container to be linked to a vlan on eth2, the container loses communication.

This doesn't work.

 

Can anyone help me configuring the network, so I can have containers on IOT and LAN and I serve files on both LAN and IOT?
I had that setup on a plain debian, two interfaces, one on each valn, and it routed correctly the requests.

[MAM59]

you mean, all this strange vlan stuff is fixed in your router???

Hard to believe. You can always configure VLAN Ids and tagging options in the router/switch. And it is wise to do it in one central (switch) space and not at every client.

Usually the computers should not need to know anything about VLANs.

 

Also, i have to repeat once more: THERE SHOULD BE ONLY ONE DEFAULT GATEWAY. Not one for every card, only for the card that really has internet access.

 

VLANS should be used with care and plan. I have the impression, you do not really understand them. What you want is to seperate the devices but allow certain machines to access all devices directly. A VLAN seperates, totally. Your "gateways" won't work.

I have a very limited "need" for VLANs here: I have "normal" devices on the main LAN, and there is a "Video LAN" seperated for SAT-IP Devices (which are very sensible for LAN Delays).

I do this in one single switch, assigning Ports 1-8 to the Video LAN and the rest of the ports to the main LAN. All untagged, no need for tagging.

is simple. looks simple:

Every device that I put in Ports 1-8 immediatly joins the "Video LAN", others go to "Main LAN". (Note, the Mellanox goes to a different Switch with 10G of course, but that is connected to one of the ports 9-24 of this 1G switch)

On Unraid I use 2 LAN Cards, one Mellanox for the main LAN and one simple 1G Realtek for the Video LAN:

and

Done! thats all! No other Switch or other Computer knows about VLANs!

(note the "missing" default gateway on eth1, it would break a lot of things if it would be filled in)

Edited May 22 by MAM59

[Vr2Io]

20 hours ago, MAM59 said:

Also, i have to repeat once more: THERE SHOULD BE ONLY ONE DEFAULT GATEWAY. Not one for every card, only for the card that really has internet access.

This incorrect, OP have different subnet, so each subnet have their gateway is normal. And you use port-base vlan and untag all at access port, this is completely different setup as OP.

 

21 hours ago, SeRiusMe said:

I'm a developer, not a networking technician.

 

21 hours ago, SeRiusMe said:

I'm afraid that it is not possible to disable inter-vlan routing at my router. My systems would stop working.

People always think use vlan to seperate things but in other way think they need communicate each other .....

 

Your Unraid setup haven't problem, just your network environment have problem ( likely looping ) so network down. If you want simple separate stuff, pls try not use tag-base vlan and use port-base vlan + single subnet only.

 

For me I apply tag-base + port-base + different subnet.

 

  

 

Edited May 23 by Vr2Io

[SeRiusMe]

6 hours ago, MAM59 said:

you mean, all this strange vlan stuff is fixed in your router???

Hard to believe.

No, no. I did in that way. I have some ports configured as Trunk, other as IOT, LAN, etc... What it does different with my previous router is how is configured. I was counter intuitive to me.

[SeRiusMe]

6 hours ago, MAM59 said:

Also, i have to repeat once more: THERE SHOULD BE ONLY ONE DEFAULT GATEWAY. Not one for every card, only for the card that really has internet access.

Perhaps I'm not completely understanding you, but I think that's incorrect. Vlans are isolated (if you want) network segments. You can't specify a gateway from another network into one interface. My switch does not offer inter-vlan routing, so it's the router who does the task. I think you mean that the configuration for an interface in the IOT vlan (5) should be configured this way:

fixed ip: 10.1.5.100

segment 255.255.255.0

gateway: 10.1.2.1 <== the LAN gteway? Perhaps SYS gateway?

There will be no communication to this gateway, if the GUI allows for that.

 

 

XXsenses have different gateways for each interface.

 

We are talking about network gateways here, not internet/wan gateways, right? My network topology has independent switch, router, and internet gateway+modem.

My router has only one gateway, but could be configured with several for redundancy, for example.

[SeRiusMe]

With the configuration posted above, but with vlan disabled at eth0, I'm at a somewhat working state. But the interface eth0 is losing communication periodically.

The eth2 interface is rock solid, and I can attach docker containers to each vlan and they're accesible. But they don't resolve DNS queries.

I think it's a problem of dockers configuration from unraid side. But as it works from an image, I don't know how to fine-tune docker configuration for macvlan.

I don't know if this solution is prepared to do virtualization if it can't successfully manage networking. Perhaps I have something wrong.

 

I've tried to modify the containers DNS configuration entry with Portainer, but every time a container wakes up, it seems like something is overriding that configuration and a container in a macvlan eth2.5 ends with a /etc/resolv.conf file that says 127.0.0.11. And that's wrong.

 

I don't know what else to try.
Is there anyone running containers on several vlans?

[SeRiusMe]

6 hours ago, MAM59 said:

All untagged, no need for tagging.

Yes, It's the same for me. But if you configure a Trunk port, vlans must be tagged. Seems like you don't use trunk ports. I do. That's the only difference.

Also a D-Link was my previous switch. If you change it for a TP-Link in the future, prepare for hair pulling trying to replicate your config. There's something totally inverse vlans that I can't remember, but I almost went crazy.

 

I've also noticed that you have bridging enabled. Could that affect to docker macvlan? 🤔

Don't get me wrong, but... on the lack of gateway on your 2nd interface... could simply be that you have all your cameras "pointing" to your management device.

I don't know, perhaps it's unraid special with interfaces configuration, but how debian works is that creates a route for each interface such that request from a segment goes to the interface that has the gateway in the same segment. I see nothing strange on it.

If the OS needs to communicate with 10.1.2.10 sends it through eth2.2 to 10.1.2.251. I currently have my 2nd Proxmox sever offline, and the 3th is only on IOT lan... let me turn it on.

[SeRiusMe]

3 hours ago, Vr2Io said:

Your Unraid setup haven't problem, just your network environment have problem ( likely looping ) so network down. If you want simple separate stuff, pls try not use tag-base vlan and use port-base vlan + single subnet only.

That's so interesting. I thought that this intermittent disconnects sound like a Loopback problem.

I see your proposal, but changing to that would require me to buy several NICs the servers and give them each vlan through it's own NIC, isn't it.

I don't understand your pictures, as I never fiddled with microtik, but those seem better to configure than mines:

(I think you mean L2 port isolation)

 

As for 802.1Q VLAN configuration, first every port has the id of an VLAN, that's mandatory:

 

And then you configure each VLAN. Untagged ports are the ports with just a "normal client" connected, in the way MAM explains, and tagged are the trunks.

The ports on the lower graph (tagged) will be also tagged in other VLANS, but the ones above (access ports) can only be untagged in one. F.Ex 3, 5 and 7 are the ports for the APs. They are tagged also in the other vlans they serve through dedicated SSIDs. If that wasn't configured that way IOT devices could never use wifi unless I had a physical AP for IOT.

 

 

I think I guess where must be the problem. The eth2 interface LACKS configuration in the base "interface". And it doesn't have VLAN 3 configured. I bet that unraid is sending some packets untagged though it and my router is giving that interface an address in the VLAN 3 segment. My previous sever had one there and it was the same ip that eth0 currently uses. Summarizing: The mellanox MAC previously had the 10.1.3.20 address. So could be a problem with DHCP, ARP or ROUTES.

What do you think?

Edited May 22 by SeRiusMe

[MAM59]

37 minutes ago, SeRiusMe said:

But if you configure a Trunk port, vlans must be tagged. Seems like you don't use trunk ports. I do.

Hmm, Trunk ports with computers attached do not make any sense. People BELIEVE they would double/triple/quadruple the bandwidth, but that is utterly wrong.

Every connection uses only ONE port. Depending on the type of the trunk other machines may use the other ports, or ports are on standby only. You need really a lot of clients in your LAN to notice a difference with a trunk of 2.

Trunks between switches are usually really load balancing, at least if the trunk is between devices of the same manufacturer. Mikrotik for instance automatically detects and enables trunks up to 4 ports each if the other side is also a Mikrotik switch. But recently I had a "switch running wild" and the LAN went down. It turned out to be a trunk of 2*10G connections between 2 Mikrotik. Pulling out one DAC cable fixed the issue. I did not try to put it back, 2 more spare ports... Sleeping more tight without such risks. It worked for some months but when the error occured it took me a whole day to figure it out. Never again.

 

The D-Link here is the last of 10 that is in use for "slow devices" that only can do 1G or less. The other 9 were given away, I guess 2 or 3 sit still in a shelf waiting for somebody to take them with them.

Here all clients and servers do run on 10G fiber (at least).

 

37 minutes ago, SeRiusMe said:

on the lack of gateway on your 2nd interface... could simply be that you have all your cameras "pointing" to your management device

No Cameras 🙂 Cable and SAT Tuners for recording purposes. And the "lack of gateway" is only on the UNRAID side. It prevents UNRAID to think it could go elsewhere on this interface. Implied routing allows access to devices on this cable. But the other devices get a totally different setup from a DHCP Server in that "video LAN". This includes a gateway.

But it CANNOT BE UNRAID!!! (In my Case it my central FreeBSD Box used as a router, firewall, dhcp and dns server and so on.)

The no gateway in unraid is just a precaution to avoid any loops.

37 minutes ago, SeRiusMe said:

the same segment. I see nothing strange on it.

There is no need for a gateway as long as there is an interface in that LAN. The route is generated automatically.

See:

root@F:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.0.253   0.0.0.0         UG    0      0        0 shim-br0
0.0.0.0         192.168.0.253   0.0.0.0         UG    1      0        0 br0
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
172.18.0.0      0.0.0.0         255.255.0.0     U     0      0        0 br-83175c3c0e50
172.31.200.0    0.0.0.0         255.255.255.0   U     0      0        0 br-90b2dda785db
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 shim-br0
192.168.0.0     0.0.0.0         255.255.255.0   U     1      0        0 br0
192.168.4.0     0.0.0.0         255.255.255.0   U     1      0        0 br1
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0

although the output is misleading... if the destination is 0.0.0.0 it means "default route" if the gateway address is 0.0.0.0 it means "nothing".

so the 192.168.4.0 video lan has no gateway, but still can access everybody on 192.168.4.x

37 minutes ago, SeRiusMe said:

If the OS needs to communicate with 10.1.2.10 sends it through eth2.2 to 10.1.2.251

no! This is a complete misunderstanding. If eth2.2 has the address 10.1.2.30 (like shown above), it sends packets to 10.1.2.10 DIRECTLY, there is no gateway involved.

Gateways are only used to LEAVE the local LAN area and reach other LANs.

[SeRiusMe]

I could have a problem here:
 

unraid:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.1.5.251      0.0.0.0         UG    0      0        0 eth2.5
10.1.2.0        0.0.0.0         255.255.255.0   U     1      0        0 eth2.2
10.1.3.0        0.0.0.0         255.255.255.0   U     1      0        0 eth0
10.1.5.0        0.0.0.0         255.255.255.0   U     1      0        0 eth2.5
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0

 

17 minutes ago, MAM59 said:

People BELIEVE they would double/triple/quadruple the bandwidth

I think you're referring to LAGG/Bond here.

[Vr2Io]

54 minutes ago, SeRiusMe said:

The ports on the lower graph (tagged) will be also tagged in other VLANS, but the ones above (access ports) can only be untagged in one. F.Ex 3, 5 and 7 are the ports for the APs. They are tagged also in the other vlans they serve through dedicated SSIDs. If that wasn't configured that way IOT devices could never use wifi unless I had a physical AP for IOT.

I don't found the graph. You mean you have three AP to serve three different vlan ? anyway this fine.

 

But if you connect three port to a AP then it usually form some looping.

 

A more elegant solution were use single AP and different ssid corresponding to different vlan, my AP support eight ssid, and different ssid bond to different vlan, then tag all to single ethernet port only.

Edited May 22 by Vr2Io

[MAM59]

24 minutes ago, SeRiusMe said:

I think you're referring to LAGG/Bond here.

Trunk/LAGG/Bond all these terms describe the same feature. The basic idea was brought out (and named differently) by several companies.  Finally a common version was defined. Thats why UNRAID offers so many types of trunks/bonds.

 

But I guess I will be out here now.

 

Sadly you play around with complicated stuff without understanding the fundamentals.

[SeRiusMe]

47 minutes ago, Vr2Io said:

I don't found the graph. You mean you have three AP to serve three different vlan ? anyway this fine.

With the graph I meant in the 3th image I posted of the switch configuration, the picture of the switch, the top or the bottom ones.

No, no... I don't have tree APs for covering vlans 😄 I have 3 but for covering all the space. Each AP can broadcast different SSIDs and I have one dedicated for IOT.

47 minutes ago, Vr2Io said:

single AP and different ssid corresponding to different vlan

That's what I do. One AP in the basement, one in the first floor and other on the 2nd. Solid stone house, is what  it requires.

 

29 minutes ago, MAM59 said:

Trunk/LAGG/Bond all these terms describe the same feature.

 

Nope. Trunk is an interface that processes frames from different Vlans:  https://www.geeksforgeeks.org/access-trunk-ports/

LAGG/Bond is the link aggregation that can be for redundancy online/offline or for bandwidth. Yes, of today there are prtocols that allow bandwidth aggregation. https://docs.netgate.com/pfsense/en/latest/interfaces/lagg.html

 

29 minutes ago, MAM59 said:

But I guess I will be out here now.

 

Sadly you play around with complicated stuff without understanding the fundamentals.

 

So sad. Thanks for your help.

For what is worth, I didn't mean to offend anyone. And also english is not my native language.
Perhaps I'm tired and my eyes hurt. I all started with a failing drive in my NAS and the system I programmed failed to send me a warning. Repair, test a new system+migrate... Plus the paid workload...

Edited May 22 by SeRiusMe

[MAM59]

9 hours ago, SeRiusMe said:

Nope. Trunk is an interface that processes frames from different Vlans:  https://www.geeksforgeeks.org/access-trunk-ports/

Sorry, but "Trunk" is has several meanings.

It can also define just link aggragtion. Therefor the term should be avoided at all costs.

Look for "IEEE 802.3AD Trunk" this is Port Aggregation.

What you mean is a "IEEE 802.1Q Trunk" That is the most recent way to transport VLANs between switches. But it is not very widespread now, older switches cannot handle it.

Read the Article on Wikipedia that also tells you "Der Begriff Trunk wird im Unterschied zu VLT häufig auch mit einer ganz anderen Bedeutung verwendet, siehe auch Bündelung (Datenübertragung)."

("The term Trunk is mostly used with a different meaning. See Portaggregation")

So, used alone, "trunk" is taken as Aggregation (or Bonding how it is called in UNRAID).

Thats why I did not understand what you wanted to tell.

(I was not offended, I just realized that we have different opinions on what some words mean, so I am afraid I cannot help you)

 

 

Edited May 23 by MAM59

[Vr2Io]

14 hours ago, SeRiusMe said:

With the configuration posted above, but with vlan disabled at eth0, I'm at a somewhat working state. But the interface eth0 is losing communication periodically.

Enable / disable vlan on eth0 won't cause problem, but best set to "no".  As mention, I don't found  problem on your UnraId setting, I just try to provide some change to troubleshoot.

 

14 hours ago, SeRiusMe said:

The eth2 interface is rock solid, and I can attach docker containers to each vlan and they're accesible. But they don't resolve DNS queries.

That's a good sign, for DNS queries problem, if you use router / public DNS, then all subnet should be access without problem. If you use private DNS ( like me ) then you need do some routing at router to make DNS accessible. You don't need setting docker config., all docker will use Unraid setting DNS. For example, my docker on different vlan just need set the IP, that's all and no any special tuning.

 

 

 

13 hours ago, SeRiusMe said:

I think I guess where must be the problem. The eth2 interface LACKS configuration in the base "interface". And it doesn't have VLAN 3 configured. I bet that unraid is sending some packets untagged though it and my router is giving that interface an address in the VLAN 3 segment. My previous sever had one there and it was the same ip that eth0 currently uses. Summarizing: The mellanox MAC previously had the 10.1.3.20 address. So could be a problem with DHCP, ARP or ROUTES.

What do you think?

I don't think above have problem.

 

13 hours ago, SeRiusMe said:

As for 802.1Q VLAN configuration, first every port has the id of an VLAN, that's mandatory:

I understand , my bad. for more detail : set that switch port ( connect to eth2 )  with a new vlan id then vlan3 won't go there.

 

Pls also setting as below. If still got problem, pls also try ipvlan.

 

Edited May 23 by Vr2Io

[SeRiusMe]

Thanks @Vr2Io for all your help.

My current docker configuration is:

 

And I can't change the empty gateway in eth0.2. And you can see that it's not creating a custom network for eth0.

 

BTW I've managed to rearrage the interfaces. The mellanox now it's the eth0 and the two RJ45 are eth1 and 2. I've only left attached the link to eth0 (10Gb).

Network is stable without disconnects.

 

Still I don't have DNS resolution inside dockers.

Krusader on eth0.2 hangs here:

And other container on eth0.5 fails to resolve:

 

The containers are present on the network, and for example, Home Assistant that s on another machine records to influxdb correctly.

Samba shares work as expected, but NFS shares do not. I'm trying to mount a backup share on my proxmox server and it can't communicate with the nfs server.

My computer can mount NFS shares and it's on the vlan 2.

 

I think the problem is related to being unable to reset the main IP configuration of the interface and to raise an address in 10.1.3.xx segment as vlan:

 

Proxmox let's you leave the parent interface unconfigured, and configure the bridge:

Edited May 23 by SeRiusMe