What anomalies might happen if you try to join a bunch of vlans by bridges in a cluster of Linux servers?
We'll presume, you have a group of servers doing running VMs (qemu-kvm), these VMs have their virtual interfaces (vnet+) connected to, let's say, 4 VLAN interfaces (vlan1301, vlan1302, vlan1303, vlan1304), but you need to join these VLANs in one (as you need all 4 gateways be present on the same physical router's interface: 1.1.1.254/24, 2.2.2.254/24, 3.3.3.254/24, 4.4.4.254/24, all these addresses are aliases of the same interface accessible via vlan666.
Whot would I do? I'd create an interface to vlan666 on each host and have it bridged all together:
brctl addbr jjj
bectl addif jjj vlan666
brctl addif jjj vlan1301
brctl addif jjj vlan1302
brctl addif jjj vlan1303
brctl addif jjj vlan1304
What do you think, what are the dangers? Could something fail at some time?
Thanks for sharing your thoughts!
Adding multiple vlans under the same bridge makes the whole thing a unique broadcast domain, so the most important thing is that broadcasts from one vlan will reach other vlans, eg DHCP requests and so on. And if you have ip forwarding enabled in the kernel (without any special firewall rules) you are automagically forwarding all the traffic of all the vlans between vlans. This is absolutely not what you look for when you implement vlans IMHO.
VLANs are used for partitioning what would otherwise be a single broadcast domain / segment. Bridging them together rejoins them to a single broadcast domain - there is no point in that. You can simply move all links to a single VLAN with the same effect.
If you want the VLANs to communicate with each other you need a router, not a bridge. On the router, simple use multiple interfaces - not necessarily physical ones, just use VLAN subinterfaces and trunk the uplink (tag all VLANs or all but one on the switch).