We've bumped into the following issue, were hoping that you could enlighten us.
We have several VMs, each of which is connected via a dedicated portgroup that applies a unique (i.e. per-VM) VLAN tag. All of these portgroups are connected to the same single external interface. The net effect is that the traffic from each VM is multiplexed across a single physical interface.
Everything works as advertised, provided that traffic from the VMs contain only untagged traffic.
If, however, we send tagged traffic from a VM (regardless of the specific tag we apply), we observe that no traffic egresses the physical interface, and we suspect that it's being dropped by the portgroup.
What we would like is that the portgroup applies its tag to each frame from the VM regardless whether the frame is tagged or not. So for instance, in the specific case of singly-tagged frame, we would expect to see a doubly-tagged frame leaving the portgroup and physical interface, where the inner tag is the one applied by the VM, and the outer tag is the one applied by the portgroup.
Any idea how we can make this happen?
PS: If you're wondering why we would even attempt such a thing, it's because what's described above is a QA environment for networking products.
An update on this issue.
We have fully characterized the behavior and have a workaround that operates correctly.
What the virtual switch is doing is dropping any frame that have two (or more) tags where the outermost and next innermost tags both have etherype 0x8100. This is likely due to the anti-DOS machinery baked into the virtual switches. We would love to be able to turn off anti-DOS, but we don't know how.
Here's the workaround:
For untagged traffic -- do nothing;
For single-tagged traged traffic, set the ethertype on the end point to something other than 0x8100 (we use 0x88A8);
For double-tagged traffic, set the end point outer tag to something other than 0x8100 (we use 0x88A8), and set the inner tag to 0x8100.
Using this setup, we are able to move double-tagged traffic between VMs, and between VMs and external devices that are connected to the host via an external physical switch that tags/untags using ethertype 0x8100. Note that the traffic between the host and the external physical switch actually has three tags -- 0x8100 / 0x88A8 / 0x8100, where the outermost 0x8100 is used to muliplex across the single external link.
This setup works great, with two caveats:
1. You must be comfortable with and able to independently set the inner and outer ethertypes;
2. Since we're triple-stacking on egress of the host , the MTU on the VMs must be reduced to 1500 - 4 = 1496 bytes.
See attached image for the topology.
I am sure that this is a dead post but I had a question on it.
Have you had others outside of your company look at your networking requirements ?
I am sure there is more to what is in your attached diagram but it doesn't suggest this level of complexity and sometimes having another pair of eyes helps simplify things - even more so when the pair of eyes belong to a more simple person.