Setting up VLAN with just one ethernet cable

Question

I am setting up my homeserver, and so far I have five working KVMs on my Ubuntu Server. (Three for webhosting, one MariaDB Server, one TeamspeakServer, and I want to add another one which will be my NAS).
Now I want to connect them to my network. The most logical way seems to be a bridge, where every VM will get an IP Address from my OpenWRT-Router. The NAS should be in my home network, while the other five VMs should get their own Network, as they should be accessible from the Internet, for security purposes. I have two NICs on the Server, and have a VLAN configured on the OpenWRT Router, so from two ports on the router I get DHCP for two different networks. Is it at all possible to set up everything with just one ethernet cable connecting the server and the OpenWRT Router? I am aware that this might require extensive VLAN configuration on the OpenWRT Router and on the homeserver, considering I have to bridge one of the two simulated VLAN NICs on the OpenWRT Router with the rest of my home network (other ports, WLAN), I will have two simulated VLAN NICs on the homeserver. If I want to create another VLAN, maybe to separate the DB-server from the webservers or to add another service, the bridge solution with two Ethernet cables would be insufficient, too, I guess. And with the VLAN solution, the server would have (slightly) less power consumption because I could switch off one NIC permanently. So is it possible to route the traffic over only one cable? Does the bridge solution with two cables have any advantage? Help is really appreciated.

Answer 1

You need to use 802.1Q tagging on both server and router/switch side. One VLAN may remain untagged, all others need to be tagged. The tagging needs to take place on the hypervisor switch, the guests keep two vNICs attached to one VLAN each. If this is possible using KVM and OpenWRT is beyond me.

If you bridge the VLANs all you get is a single VLAN.

The disadvantage of the VLAN-trunk approach is that all VLANs on the trunk share the link bandwidth. Running separate cables gives each VLAN/link its own, dedicated bandwidth.