Implement "vSwitch" for VMs/Containers

will_dennis · March 27, 2025, 9:22pm

Hi iX team,

Kicking tires on latest Fangtooth. I used to use Proxmox for my virtualization needs, before we got VMware. Now, with Broadcom’s hefty price increases, we may be leaving VMware (to what I don’t know at this point, not the VMW lead here.) Both Proxmox and of course VMware have the concept of a “vSwitch” which can be created on demand, and linked to a physical NIC on the host to gateway it out to the rest of the corporate network. These "vSwitch"es are also VLAN-aware, and so one can run a “trunk” link to the server with multiple VLANs on it, and then break them out on “port groups”. It looks like at this point, Fangtooth has a simple NAT’d bridge, using a public 10.x.x.x IP net internally, and then NAT-ing out traffic to the TrueNAS’s “public” IP. Are there any plans to use either Linux bridging, or something like OpenVSwitch, to give a more corporate-grade network structure to TrueNAS for virtualization?

I’d like to be able to spin up VMs or LXC containers on one or more of our corporate VLANs, and have them be able to get DHCP from our corporate servers, for instance.

KpuCko · June 7, 2025, 5:54am

I will vote for this as well as it would be very beneficial from my perspective.

This immediately gives you the ability to use trunk port and run any routing software as a VM.

If OpenvSwitch is too complicated to get implemented, in Linux there is a vlan-aware bridge which will do “the same” job.

So both of them can do trunking.

Now if we want to get trunk ports the only way to do that is via additional hardware like network cards.

yaya · June 14, 2025, 8:48am

fully agree +1
I am trying to run cisco 9800cl on instances and going to drive crazy soon

pmh · June 14, 2025, 9:14am

I assume a bridge interface can do that. In contrast to ESXi you would need to create one bridge per VLAN instead of one vSwitch with a port group per VLAN, but it should work.

I have been running this setup on CORE for years. Specifically for VMs and jails.

I started with “I assume” because I have not yet tried that with SCALE/CE.

KpuCko · June 20, 2025, 4:28am

Yeah, you can create as many bridges as you want, then pass traffic from different vlans into your VM, but all of this has to be done with different interfaces (from VM point of view)

In opposite, if you want to have vlan tags visible into the VM itself, this can be done with OpenVSwitch or vlan-aware Linux bridge.

I use OpenVSwitch approach in my Proxmox servers and I added the phisical interface as an OpenVSwitch member, assign it as a trunk port, then created so called “management” interface into the OpenVSwitch where I set IP of the Proxmox server and a few vlan interface with tags to pass this to the VMs inside.

Everything works like charm. And it is very easy to implement.