I'm looking at implementing a systems using a number of tagged and a native vlan connected to a server over a a/p bonded interface. The untagged vlan is for physical machine access, the tagged vlans are connected to bridges and then to QEMU VM's inside the machine. Hopefully this plan is fine, but I'm trying to implement a crippled version of this in a dev environment due to a lack of underlying network config in this location where I just have the same single vlan delivered to the machine on a tag AND plain. I'm nto clear if this is going to work (and that I should just be confident that it will work using different vlans) as I'm seeing odd things like a vm is arping out over the vlan out to the core switch, but the arp reply is coming back on the untagged interface. Now an ARP reply is unicast right? So it's a deliberate thing to send the ARP response on the untagged interface, and not a case that a broadcast response isn't being passed on the tagged side... i.e. there's some underlying logic pushing it that way. Something about the MACs somehow? This is on a CentOS 5.5 machine, vlan's from vconfig. (I've seen reference to the Linux mac-vlan project work, but that's not available here by default.)
so 1) Should having the SAME vlan tagged and untagged work?
2) Will different tagged vlans to the untagged interface work nice and easily?
1) This seems like an extremely broken configuration so I'm not surprised you're getting strange behavior with the ARP replies - I don't think it would be unexpected behavior for replies sent from the VLAN interface to arrive back at the untagged interface - they are on the same physical network with the same MAC address after all.
More importantly..
2) This configuration is quite common and will work well. In the last few days I've brought up a couple of KVM hosts running RHEL6 with pretty much the exact config you describe - untagged VLAN to the NIC for management and tagged interfaces for all the bridged virtual interfaces.
let me understand this, besides my comment to the top post, you're tagging an interface on the switch side, so the traffic is already VLAN'd, and then you're adding a tag in the OS, with the same tag number. If I understood the question correctly, this means you're nesting VLANs, not just tagging
If you have a tagged network attached to a bridged interface, and the VMs are plugged intot hat bridge, all their traffic will be also tagged, whether the switch does it or the tag under the bridge... but I'll wait for an update, to better understand the question
I'd avoid this mixed configuration, native vlan setting are a crutch to help out in temporary situations or where you have no vlan-aware stack. I'd be more than tempted to just make all your traffic tagged, at least you know where you are then and you shouldn't see any cam table anomolies.