I have an application that needs both VLANs and bonding at the same time
and I'm having trouble getting it to work.

System is Dell R610 and Devuan 2.0 ("ASCII").  The machine is operating
as a firewall and has duplicated Ethernet on the outside and inside.
Duplication is for resilience, not performance.

The bonding driver works fine on the outside and works fine on the
inside for a single, non-VLAN, network - however my problem is that I
need to implement the legacy inside network on VLAN 1, a new internal
network on VLAN 10 and a guest network on VLAN 99, hence I need "VLAN
over bonding".

I have a similar setup at home where I just have straight Ethernet
interfaces (no bonding) and the VLANs work fine on eth1.1, eth1.145,
eth1.99 etc.

I have module '8021q' loaded and package 'vlan' installed (to get
'vconfig' executable).

Interface bond0 is the 'outside' and doesn't use VLAN and is fine.

Interface bond1 is the 'inside' and needs to be brought up without any
untagged IP and three VLAN interfaces are needed:

    bond1.1    for legacy 192.168.1.0/24 traffic
    bond1.10    for new 10.10.0.0/16 traffic
    bond1.99    for secure guest traffic on 192.168.99.0/24

I have tried various incantations of configs in /etc/network/interfaces
and don't seem to be able to get the VLAN over Bond to work.  I have
tried with and without hints like "vlan-raw-device bond1" and
with/without explicit 'vconfig' entries to try to force configuration of
the VLANs and just about every combination seen on StackExchange etc.

With /etc/network/interfaces as shown (below) the system boots, doesn't
output any errors, bond1 comes up with no IPv4 address, and only an
FE80:: link-local IPv6 address.

Doing:

    cat /proc/net/vlan/status

shows that no VLANs are configured.


Am I missing something or are the network startup scripts not able to
configure VLAN over Bond?  They work just fine for VLAN over plain Eth?


Mike

PS. IP addresses redacted/changed to protect the innocent.



#
# Loopback
#
auto lo
iface lo inet loopback

#
# Outside (Internet)
#
auto bond0
iface bond0 inet static
        address 195.xx.yy.2
        netmask 255.255.255.192
        gateway 195.xx.yy.1
        bond-mode 1
        bond-miimon 100
        bond-slaves eth0 eth1
        bond-primary eth0

iface bond0 inet6 static
        pre-up modprobe ipv6
        address 2999:2222:1999::2
        netmask 64
        gateway 2999:2222:1999::1

#
# Inside bonding interface
#
auto bond1
iface bond1 inet manual
        pre-up modprobe 8021q
        post-up vconfig add bond1 1
        post-up vconfig add bond1 10
        post-up vconfig add bond1 99
        bond-mode 1
        bond-miimon 100
        bond-slaves eth2 eth3
        bond-primary eth2

#
# Inside VLAN1 - Legacy 192.168.1.0/24
#
iface bond1.1 inet static
        address 192.168.1.1
        netmask 255.255.255.0
        vlan-raw-device bond1

iface bond1.1 inet6 static
        pre-up modprobe ipv6
        address 2999:2222:1999:8000::1
        netmask 64
        vlan-raw-device bond1

#
# Inside new VLAN10 - 10.10.0.0/16
#
iface bond1.10 inet static
        address 10.10.0.1
        netmask 255.255.0.0
        vlan-raw-device bond1

iface bond1.10 inet6 static
        pre-up modprobe ipv6
        address 2999:2222:1999:8010::1
        netmask 64
        vlan-raw-device bond1

#
# VLAN99 - Insecure/Guest use
#
iface bond1.99 inet static
        address 192.168.99.1
        netmask 255.255.255.0
        vlan-raw-device bond1

iface bond1.99 inet6 static
        pre-up modprobe ipv6
        address 2999:2222:1999:9900::1
        netmask 64
        vlan-raw-device bond1