I currently have the below setup, where vm is a KVM guest of host connected to one of host's network interfaces via MacVTap operating in bridge mode.
|---------------|
| ___________ |
switch ======= | | vm | |
| ----------- |
|____ host _____|
Inside vm, I've set up a few VLAN interfaces alongside an untagged one:
3: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether 52:54:00:00:00:02 brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 68 maxmtu 65535 addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535
4: enp2s0.2@enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
link/ether 52:54:00:00:00:02 brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 0 maxmtu 65535
vlan protocol 802.1Q id 2 <REORDER_HDR> addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535
...
host does not have any VLAN interfaces.
Untagged traffic flows in and out of enp2s0 perfectly fine, but tagged traffic seems to get dropped somewhere between host and vm. I tested this by plugging in a machine into the interface represented by enp2s0, creating new tagged interfaces via iproute2, assigning an IP address, and then pinging the IP address of vm corresponding to the tagged VLAN from which I'm pinging.
Interestingly enough, running tcpdump on the raw backing interface on host lets the tagged packets through, but only while tcpdump is running. The below image shows this strange effect. (From top to bottom: host, running tcpdump; the machine plugged into enp2s0, pinging vm; vm, pinging said machine)
Is it proper practice to be sending trunked traffic into a MacVTap interface, or should I be creating different interfaces on the host and passing those into the VM? Is there some sort of issue with how I'm setting up my interfaces, whether on the host or in the VM?
