I am using Debian 9 machine as a router with two interfaces:
eth0 for WAN
eth1 for LAN
The eth1 has subinterfaces for multiple VLANs (eth1.10; eth1.20; eth1.30) and has trunk connection to managed switch. Various devices are connected to the switch access ports and have Internet access. Pretty standard setup, everything works as expected.
Now what I am trying to do is to create few VMs right inside the Debian router using libvirt/KVM/Qemu and connect them using OVS bridge to the existing VLANs. Something like recreating the same physical configuration as I described above, but virtualized.
I tried to create ovsbr0, add eth1 port to bridge and then add tagged ports for particular VLANs I wanted the VMs to connect to like this:
# ovs-vsctl add-br ovsbr0
# ovs-vsctl add-port ovsbr0 eth1
# ovs-vsctl add-port ovsbr0 vnet1 tag=10
# ovs-vsctl add-port ovsbr0 vnet2 tag=20
# ovs-vsctl add-port ovsbr0 vnet3 tag=30
When I run the actual VMs, the bridge looks like this:
# ovs-vsctl show
Bridge ovsbr0
Port ovsbr0
Interface ovsbr0
type: internal
Port "eth1"
Interface "eth1"
Port "vnet1"
tag: 10
Interface "vnet1"
Port "vnet2"
tag: 20
Interface "vnet2"
Port "vnet3"
tag: 30
Interface "vnet3"
To my suprise the VMs vnet interfaces have no connection. From tcpdump on eth1, I can see that ARP frames from VMs are correctly tagged and reaching eth1 interface, but are not for some reason forwarded to the subinterfaces. I have never used OVS before, so I am obviously missing something important, but cannot figure out what it is.
Can somebody point me in the right direction?