Proxmox NETWORKING: VLANs, Bridges, and Bonds!
Vložit
- čas přidán 31. 05. 2024
- I'm sure many of you follow me because you use Proxmox. It's been a staple of my content for some time now. So, while working on the next episode of the Ceph series, I thought it would be good to do a separate segment on networking. So, here you have it. The basics of VLANs, Bridges, and Bonds in Proxmox VE. I'm only covering the native Linux versions, not Open VSwitch and VXLAN. I'm sure I'll get around to a video on that topic someday.
So, what are the most important things to know when choosing a network topology for Proxmox (or any virtualization environment)? TRAFFIC! Where is traffic going, and how much of it is going everywhere?
* How much traffic is going to Proxmox itself? This includes the web UI and API (which should be minimal), but also SPICE sessions if you're using SPICE for VDI.
* How much traffic is going from Proxmox to your storage solutions? If you're using NFS / SMB / iSCSI, it could be a lot. Are you keepign your storage network separated, either physically or virtually (VLANs)? Proxmox will need an IP address on any network you use to communicate with storage
* How much traffic is going to your VMs? Do they need to be on specific VLANs?
* Do any VMs do routing or need access to a VLAN trunk port? If so, should they get open access or restricted to certain VLANs? Do you want to expose each VLAN as a separate virtual network interface or trunk them over a single interface?
* Do you require high availability at the network level, i.e. bonded failover? Do you want to use a slower 1G network when your 10G network fails, or just lose connectivity altogether?
Once you can answer these questions, you can proceed to decide how to arrange the physical interfaces you have (or are buying/adding) for the best performace for your use case.
In my test setup, I'm going to demonstrate bonding between identical (two Gigabit) and different (multi-gig + gigabit), and the concepts apply to 10G and faster networking as well.
Link to the blog post on the topic:
www.apalrd.net/posts/2022/pve...
Proxmox also has a section in their admin manual on networking which you may find helpful, as it covers all options thoroughly:
pve.proxmox.com/pve-docs/pve-...
My Discord Server, where you can carry on the discussion or suggest future topics:
/ discord
If you find my content useful and would like to support me, feel free to here: ko-fi.com/apalrd
Timestamps:
00:00 - Introduction
01:27 - Proxmox Initial Configuration
02:47 - Traffic Type Considerations
03:52 - Bridges and Bridge VLANs
06:04 - Bridge Two VMs Directly
07:27 - Bonds Failover
11:04 - Bonds LAG LACP
14:20 - LAG Speed Limitations
15:48 - Bonding Bonds
18:35 - Cluster Tips
19:22 - VLAN Interfaces
20:41 - VLAN Trunks for VMs
23:03 - Conclusions
24:47 - Outtakes
Proxmox is a trademark of Proxmox Server Solutions GmbH
#proxmox #networking #linux - Věda a technologie
my guy had me at "yo, dwog"
Dude, so much better and clear sense than other Proxmox videos\guides, no forking aroung like any other guide with no clear narration and usefull knowledge.
Much appreciated!
I was able to set up a LAGG in my Proxmox lab using your tutorial first-try (not typical for me). This says a lot about your teaching style. Thanks!
Glad it worked for you!
Thanks for the videos. I know some other guys are "more popular" to watch for proxmox but there's nobody that does the depth you do and we really appreciate it.
Yes! And I also appreciate the side notes that you give, just to make sure everybody understands what the terminology is.
Greatly appreciate this video. I've referred back to it several times now when making networking changes to Proxmox. Your examples are very practical, and I'm often hesitant to make networking changes in Proxmox that I'm not completely certain about because I don't want to lose access to the machine. I'm especially thankful that you mentioned the particular use case that Linux VLAN is used for because I needed exactly that feature for my setup.
Thanks!
Excellent video. As someone that started my own homelab and IT journey with 486s in the late 90s and pushed myself ever since, I appreciate you taking the initiative to share this with the community! Gotta keep this stuff in the hands of everyone to learn and build upon it, the "cloud" mentality these days will only destroy what so many have built. Your Ceph on Proxmox video was far more in-depth than one I watched from a large professional outfit (not mentioning any names because they do have a lot of good videos).
Glad you enjoyed it! I definitely like keeping things locally hosted, even if it's just for 'fun'. Hope you enjoy some of the upcoming projects I have!
Agreed, his videos are great! He's doing the community a great service!
Just stepping into proxmox with a QNAP TS-470pro converted to pve. This is perfect for helping get the networks setup! Much appreciated.
4:06 FINALLY someone on fricking CZcams explains that! I was on several "network videos" about Proxmox before and they didn't explained me that concept of vSwitches like you did THANKS MAN ❤
The imagery of a Linux bridge being "a network switch" and plugging the network interface into it virtually was really helpful! Thanks for that description.
Glad it helped!
The most concise proxmox networking, and linux in general. Thanks
Amazing video. Very clear explanations. I started my homelab projects with proxmox, pfsense and etc two years ago but never came across your channel before. However, hats off the way you have made everything clear with examples. I will def. be recommending you to the communities I know.
Thank for this "advanced" information on Proxmox networking. I am new to Proxmox and I appreciate your video explaining this.
Your 19:22 just saved my ass and I love the fact that you start by saying "linux vlan i very rarely used", turned out that was my missing factor in my infrastructure environment...
With this I got full redundancy from my 2 firewalls to my 2 stacked layer 3 switches to my stacked layer 2 switches, which are connected to my 4 host proxmox cluster...
I wasn't able to reach the default gateway without the linux vlan tag on the virtuel switch...
Thank you so much!
Brilliant! Now in my 60's, "homelab-ing" is my new passion, and you made a potentially complex subject look (relatively) easy - thanks! 👍
Glad you enjoyed it!
Superb. I'm going to have to watch this on slow about 5 times just to get my head around this whole area of Proxmox I knew so little about 🤯 As the song says : "The more I find out, the less I know" 😁 Thankyou.
Glad you like it! This is just the start, there's also the whole Proxmox SDN solution too :)
You explained a complex subject so simply that even I could understand. Thank you!
Glad it was helpful!
Best proxmox' network concepts explanation so far. Good job!
The perfect deep level of detail I was looking for. your vids are amazing.
Great video. Finally sat down to re-do my 10G networking and figured it was time to setup active-backup and vlan awareness. When I did the initial setup, my VMs were fine on another 10G bridge I created but my NFS and iSCSI shares were capped at the 1G speeds - Not anymore! Covered exactly what I needed.
I'm still learning about Proxmox, though I've used it for several years now. I really appreciate your videos. You've helped me a learn a great deal.
Glad to help!
Thank you for such a detailed explanation of Proxmox networking.
Wow, [mention specific thing you liked about the video]! I especially found [mention specific part you enjoyed] interesting. [Ask a question related to the video]. Keep up the great work! # [relevant hashtag]
Top notch. Very detailed and informative. Thank you!
A really excellent detail oriented tutorial on networking in the larger sense with Proxmox as the implementation - as well as where to actually *find* all the configuration bits. I've been doing Linux a long time (started with Unix) and this video refreshed and educated me about some networking details that had grown hazy over the years (I let the younger guys deal with it at work 😃).
Much appreciated, and subscribed. 👍
Glad it was helpful!
THANK YOU! This is such a specific thing that is really hard to find instruction on anywhere else. At least that is this detailed.
Only just come across your channel and I'm hooked, keep up the great work and a tickle under the chin to Sherlock!
thanks a lot for that. now i definitely will dive into proxmox again - turned away from it about 2 years ago because of not looking more into the bridge setup
also +10 for the mikrotik switch. love their stuff
Yo dawg. Nice video 😉
Proxmox GUI has come a long way since v4. Was great to see you showing off the possibilities and no config editing.
I have the task of creating a bond with 10GbE and 1GbE backup, so your video was perfect to help me dry run and visualise how to achieve this without config editing 👍 no doubt this will save me a bunch of time.
You've done a great job of making more advanced network topics accessible to a lot of folks. Bravo.
Glad you liked it! Working on tutorials for some of the more complex parts of the networking GUI (SDN and Firewall)
Thanks for the demo and info, now my proxmox is speedier! Have a great day
Best video I've seen on Proxmox network configurations so far. You cover the details that are lacking in many of other videos that led me to this one. 👍
Glad you like it!
Magic 🪄 what a wonderful video. This needs to go viral.
Excellent Analysis!
Thanks for this brilliant video!
Very comprehensive video, thank you so much!
Glad it was helpful!
Great explanation of the various options. Thanks!
Glad you enjoyed it!
Great video, I'm definitely ready for the OVS follow-up!
I'm actually not sure if I'll do OVS 'manually' in the Network menu, or go straight to the software-defined networking system. It's a *really nice* gui for cluster-wide networking for VMs. But one of those two is coming up.
yup, this cleared up so much in so little time. Thanks for helping on my journey brah.
Happy to help!
This was quite helpful in configuring proxmox for a pfSense VM that has 3 vlans on a trunk. I missed it in your video, but there was a hint to what I needed to complete the configuration. My host PC has 4x 2.5gb ports, and I wanted to have pfSense serve both the trunk vlans and the local ports with their respective DHCP pools. The bridge was the answer! I was able to bridge the vlan to the local port, with the bridge having the IP address and DHCP server, and the vlan and local port having no IPs.
Glad it helped!
Thanks for the video! but for your next videos could you please use diagram software to illustrate complex concepts, it definitely helps the community as all other youtubers use it and it's a must in the networking world :)
This is absolutely outstanding. I read a book with similar content, and it was truly outstanding. "The Art of Meaningful Relationships in the 21st Century" by Leo Flint
This is excellent. Thank you soo so much.
I enjoyed much this video and it was so clear that now I understand well how to take full advantage of these features!!. I also use Mikrotik switches and in my case I had to disable VLAN aware on the vmbr0 as it didn't let the pass traffic or talk with Mikrotik switch. I got IP assignment from DHCP Server but traffic didn't passed through. Disabling the VLAN aware solved my problem!
Hi, thanks for your video, that´s very interesting and helpful. One question: why is your 2,5 gbit interface marked as half duplex (at 09:32)?
Thank you for this Great video. I managed to setup bond interface on my server just by watching this video and referring to official documentation 😎
That was super cool, now you've got me shopping for managed switches so I can get goofy my home network. I've got 4-port cards in all of my infrastructure boxes already...
Managed switches are a ton of fun!
Just what the Dr Ordered. Thanks!
Do not tuch the stuff in the video if you dont have the keys for the server room at 15:45 on Friday. Don't ask me why and how I know
EXCELLENT VIDEO!!!!!
Thanks for the explanations!!!!
Absolutely stunning video. Thank you!
QQ. If I want to have a VM that is a router using vLANs, is it more efficient to have multiple virtual NICs on the VM with different vLANs tagged in the Proxmox config, or pass it through to a single virtual NIC and then do the tagging on the router? (I hope that makes sense!)
Great video. I do wish you could have gone down the cluster rabbit hole a bit. I'd like to see how that gets setup.
Very good video. Thanks!
If you using bonding bonds check that you are not using VLANs on bond0.
I have bond0 (LAGG 10G) and bond1 (backup to 1G). And bond1 not working until I remove all VLANs on bond0.
Nice work
Hello, any idea why the 2.5gb interface shows as half-duplex?
Thank you!
But I don't understand how to make a access from Inet to my virtual machine, and make my VM isolated from all other my network. Yes, maybe VLANs.... But, o my Gos, am I have to block traffic by all to all (subnets) for every new one subnet (group of virtual machines)?
Fantastic. Thank you.
Thanks for your explanation About of All.
Glad it was helpful!
Thanks for doing this!! Phew...
I'm a little confused here.. when making a vlan on proxmox, do you need a physical switch for the Vlan nic to work, or is this a virtual switch? Thanks in advance.. and much thanks for the tutorial.
You do not need a physical switch for VLANs to work. You do need a switch that supports VLANs if you want your vlans to leave the Proxmox box.
@apalrdsadventures How do you diagnose issues when a seemingly simple change breaks this? I have trunked VLANs on 1G (pfSense) and a (GS748Tv5) smart switch. I also have a working bonded LACP link between the switch and a NAS, so I am pretty confident the switch is ok.
On proxmox, as soon as I convert the trunk from a NIC port to a bonded NIC (even one), nothing goes through. :( I DID notice that you had to tear it down and build it again to get it to work. I've done that but no joy.
Ideas? THANKS!
Thank you!
Thanks for this great Proxmox HowTo. There is one question I still have: Is it possible to receive a Trunk with Proxmox and split the different VLAN of the Trunk to separate Bridges which act like Access Ports? Meaning, that I can simply add a VM to different Bridges to have it connected to the different VLANs?
You can use Linux VLANs off the interface, and set those as the bridge ports on each bridge. Then the bridges are not vlan-aware and only carry traffic for the VLAN of their bridge port.
Wonderful, thx a bunch!
Glad you liked it!
Great video. Thanks!
Glad you liked it!
@@apalrdsadventures I finally got around to tinkering with my pfsense, unifi, and proxmox vlans. You never know if you're passing vlans and/or will lose your connections when playing around with vlans but luckily this time all went well. I assigned the vlan to the vmbridge versus assigning them to the guest network interface so everything I connect to that bridge will be on that vlan. My lab server guests are getting IP addresses from my pfsense and I'm able to SSH. Sweet! Thanks again!
I run pfSense under proxmox and 6 ports on my hardware, only two of which I'm using right now (LAN + WAN). Is there some way I should be configuring them in Proxmox to act collectively as a switch, similar to the one on the LAN side of my ISP router? Or would I pass them all through to pfSense and let that combine them? Note that I do *not* want them on different subnets I just want them to act as switch (or hub). Thanks!
You can assign multiple ports to a bridge (vmbr) and it will act like a switch.
@@apalrdsadventures Thanks for getting back to me! I can't believe it's that simple, I should have just tried that, it works great.
Awesome video. Some diagrams would make it even better. Saved it on my networking list and I subscribed to the channel. Thanks for your work.
Glad you like it!
Thanks a lot!
So your proxmox server is attached to tagged ports on your switch? How are you setting the vlan ID for vmbr0? Why are you not doing eno1.2, eno1.3 etc and using those for separate bridges vmbr2, vmbr3 etc? If i want to pass the tagged port back into a VM or container how do I do that?
So no need to add vlan devices all the way up. eno1 supports vlan tagging, you can break them out as eno1.2 but don't have to. vmbr bridges (with 'vlan-aware' checked) also support vlan tagging, and this is inherited by child interfaces, so if eno1 is a child of vmbr1 then vlans on eno1 will get passed up to vmbr1 to get processed without creating a bunch of eno1.xx interfaces.
Again at vmbr1 we could do vmbr1.2 but again we don't have to. When we create a new network interface on a VM/CT in Proxmox, there's a box to type in the vlan id, and it will essentially make that VM network adapter an access port tagged to that specific vlan id (the id you typed). So the place to configure this is in the VM's hardware, not the host networking.
The only exception is if the Proxmox system itself (not the VMs, CTs, the base Linux system) needs to be on a vlan, in that case you'd use a vmbr1.xxx with the IPs set, but you'd never use that for VMs, just the Proxmox base system.
@@apalrdsadventures That's great thank you for your help. I'll give that a go. I've also read I can make a Proxmox workstation in the Proxmox docs by just installing, say, mate or whatever. Perhaps another video for you to do? Perhaps you saw my other comment. I'm getting a lot from your videos. Thank you.
You have access to the full Debian repos on Proxmox. Debian has a few metapackages specifically for installing a full desktop environment on a previously terminal system, they are all named task--desktop. The possibilities are: task-gnome-desktop task-xfce-desktop task-kde-desktop task-lxde-desktop task-cinnamon-desktop task-mate-desktop task-lxqt-desktop
`apt install task-xfce-desktop` will install xfce, its basic apps, login manager, and the whole x11 stack. Same for any other desktop.
Now you should be careful about messing with things like networking from the desktop, but for a development system it's fine.
this is a great tutorial. I have often struggled with this fumbling till it works. The only thing that would have been more helpful is if you went in a little more on the trunk for the vm... I didn't quite follow that.
Im trying to follow along but cant seem to get my 2 windows machines to ping each other. I tried using the tag and it didnt work. I have them connected with a bridge and they're still not talking. Not sure what im doing wrong.
I have a 5 node cluster setup with HA. Each has one, 1GB NIC that is shared for cluster/VM/PVE GUI. When I attempt to live migrate a VM or Restore from my SAN. I run into the issue where the cluster tires to fence that node. My guess has come down to what you said here. It seems I may need to have a dedicated NIC for corosync. I am assuming the cluster isn't getting the heartbeat do to high latency and is fencing the node. Have you seen this as a problem before?
It could potentially be. I haven't seen it fence a node that was running properly, but I'm also not pushing the network super hard in testing
ola, estou com problema de subir a latencia nas VMs quando vou copiar um arquivo grande, você ja passou por isso
Thank you for very useful video, if active-backup mode which device should be primary or backup in the GUI : eno1 or enx0024278832fb device ?
Whichever one you want to be primary is the one you put in the GUI. In my case, enx*** is 2.5G and eno1 is 1G, so primary is 2.5G and backup is 1G. But it works just as well with dual 1G.
Thanks!
Can these networking principles be applied to the "Datacenter" level to create grouped networking rules for a cluster of physical machines? Or am I better off with a managed switch for that?
There are two other components to Proxmox networking - the firewall and the SDN system. Both together will do what you want, but I don't have videos on either yet.
The firewall is rule-based with rules being inherited from groups, and the SDN manages overlay networks like VXLAN.
@@apalrdsadventures I don't know enough to understand this yet, but I'll learn in due time.
If I remember correctly on a regular switch if the two devices talking to each other is physically connected to it the traffic is never pushed further to for instance a router and is just forwarded directly by the switch from port A to port B. I assume the virtual bridges behave the same way and traffic that never needs to leave the bridge interface to reach it's destination is never sent out to the connected switch although the packets themselves will off course be visible to anyone on the network. So unless it's important to hide traffic between VM's there is no need to actually set up dedicated bridges right?
Traffic from a new source will initially flood the network until the switch 'learns' the MAC addreses on each port. This should happen really quickly before the node even has an IP address due to the DHCP / RA process. But it's still part of the same layer 2 broadcast domain, shares the same DHCP server and RAs, layer 3 subnets, ...
So creating multiple vmbr's isn't really to 'hide' traffic between VMs, but to create a unique layer 3 subnet for a special purpose. You might do this to simulate a physical topology where two VMs are directly connected instead of via the main netework, or if you have a virtual router and want the downstream network(s) to be isolated from each other and the upstream network(s).
I love this video. Explained a lot. I wonder if you might cover where IOMMU configuration and where it is useful and where it's not.
IOMMU for networking or in general? It's a bit of a different topic
Well, maybe a general overview of PCIe devices where IOMMU would be useful.
Like maybe (I'm guessing here) IOMMU can be necessary with GPUs used for transcoding or compute; might be useful with some HBA scenarios; and wondering if it could be useful with NICs at all, like when using pfSense OS in a VM.
In general it's needed for PCIe passthrough, be that a GPU, NIC, or HBA. There are other types of passthrough though (bridged NIC, block device, USB) which don't require IOMMU.
I'm working on a video on this topic, not pfSense but passthrough methods in general
why is your 2.5 gig adapter duples at half and your 1g is at full?
Excellent video! Learned how I can have VM's on the same host communicate with each other. Is it possible to have them communicate over a cluster or is that more complicated?
I have been thinking about this as well. Did you find an answer?
The VLAN are working wehn I don't have VLAN aware checked. As soon as I check it, it quits working. Also if I migrate the VM to the same node in the cluster as teh pfsense, it quits working. I actually have to shut it down, reboot the node that the pfsense vm is running in for it to start working properly again. I've spent many hours today trying to figure out what's wrong lol. I have 3 vlans and native and pfsense is routing it all properly. But as soon as I migrate a vlan tagged VM to the same node as pfsense or set VLAN aware = yes then the doesn't route the traffic.
How would I go about adding a WAN and LAN interface for a virtualised instance of pfSense if I have just one physical interface?
You'd need a switch which can split out VLAN tags
@@apalrdsadventures I actually managed to do it without VLANs. Proxmox NIC is connected to my physical DMZ port on my router, I created a Linux Bridge (vmbr1) in proxmox that is connected to the physical interface (enp101s0) which becomes the 'WAN' interface for pfSense. I then created another Linux Bridge in proxmox (vmbr2) which is not connected to any physical interface. So, I add vmbr1 and vmbr2 as the two interfaces for the pfsense VM. I then assign them accordingly in pfSense. This seems to work fine without the need for setting up vlans in my home network.
That works if you don't want to share the LAN interface outside of the Proxmox system, but the external router is also doing NAT in this case.
nice you went extra mile and added 2.5! much appreciated #james bond0
lol thanks! USB NICs aren't ideal, but at least it shows the difference from real 2+G to aggregated 2+G
I am new at proxmox and I will most likely need to look at this video multiple times. So first of all: Thank you. What I have difficulties to grasp at this point is: why would you set an ip address to a bridge? If I should see the bridge as a swithc: a switch does not have an IP address. Is the VM not supposed to set it's own IP address internally, or get one through DHCP? Or is this the fixed IP address, the address for the Proxmox server itself, on this bridge?
Setting an IP address on the bridge is essentially plugging in the Proxmox server itself to the bridge, in one step.
Hi! Thanks for video, very informative. If I may, I'd like to consult my usecase. I recently moved my network management to VMs - I have software router in VM1 and Unifi controller (handling home wifi network - VLAN1 and guest wifi network - VLAN10) on VM2, both in Proxmox. Id like to configure guest network (VLAN10) in Unifi but DHCP server is on VM1 (router). The problem is that Guests cannot get IP adress from router. I am pretty sure that it is the problem with my VLAN config in Proxmox. I gues that router VM should hadnle VLAN1 and 10 same as VM with Unifi. I checked and tagging itself didn't work for me, should I use trunks on both VMs? Any advice will be precious.
If you leave out the VLAN tag, then it will pass all VLANs to the VM. If you want to pass specific VLANs to the VM, you can use the trunks= argument (in the config file, there's no GUI option to set it). Make sure the bridge is set to vlan-aware as well.
Can you point me to what you used to choose the LACP Bond0 hashing algorithm? I've seen people choose 2+3 and others (like you) choose 3+4 in their guides.
I can speculate about it, but in this journey I've embarked on, this is a learning opportunity as much as it is a chance to play with some cool self-hosted homelab stuffs.
Realistically hash based bonds are about the probability of two packets being assigned to different interfaces. So, do you expect to see the most variability in the L2 (MAC), L3 (IP), or L4 (TCP/UDP) headers? In practice it doesn't really matter and the choice is often driven by what hardware offload supports, especially on switches.
So i am a little new to all this but I've set up snort as a IDS on one of my VMs. But it is only sniffing traffic going to that VM. Is creating a bridge way to fix this or is the issue on proxmox network interfaces?
Bridges act as network switches, so nothing is forcing traffic to go through the VM.
@@apalrdsadventures so what would i need to do to get the IDS to sniff all the traffic on that network? or what issue may stop this? thanks!
If you want to sniff traffic, you need to force all of your network traffic through the VM (and bridge in the VM) or use a port mirror, which is a bit of a more complicated setup
@@apalrdsadventures oh ok thank you! So the idea is just create a bridge add all vms and then port mirror it?
Linux bridges don't support port mirroring, iptables can mirror at layer 3, and it's possible to force layer 2 bridge traffic through the iptables rule set which might allow it, but basically no it's not an easy task at all
Great video, thank you very much! I encoutered a proxmox server where vmbr0 bridges the slaveport "eno1.100". Is this the same config as "vmbr0.100" bridging "eno1"?
Not exactly. It changes how untagged traffic on the bridge behaves (and also breaks vlan-awareness on the bridge)
If the slave port is eno1.100, then the untagged traffic on vmbr0 becomes vlan 100 on the wire. Tagging a vlan on the bridge would then nest the tags on the wire (although I don't believe this config would be vlan-enabled at all on the bridge).
The other way around creates a tagged interface on vlan 100 off of the vmbr *for the proxmox system*, but VMs using vmbr0 directly aren't vlan tagged, but they could be tagged if you set the vlan id on the net interface.
@@apalrdsadventures I see, thank you for your reply! If I understand it correctly, eno1.100 is like a "linux thing" while vmbr0.100 is a "proxmox-thing"?
It changes where in the layering the VLAN tags are added/removed, which changes if vmbr0 can use vlan tags at all.
Taking eno1 and bridging to vmbr0 means that the bridge itself is now vlan-aware (can handle any vlan), and vmbr0.100 creates an interface for the system to use vlan 100, but VMs can still use any vlan as the bridge is not confined to only vlan 100.
Taking eno1 and making a vlan-tagged interface eno1.100 and bridging *that* to vmbr0 means vmbr0 is now a member of vlan 100 via its parent interface, even if you select no vlan / default vlan on the bridge.
@@apalrdsadventures Ah ok, now I understand.That makes a lot of sense, thank you!
Hello.
Can i make separate network for VMS like 192.168.10.0/24, and let this vms acces specific services in local network 192.168.1.0/24, such as nas etc.
What i want to do is to have spearate network for VMS (K3S cluster) and this cluster should be allowed to acces NFS storage on nas in local network. Also i want to make vms accesible from local network. So i can route traffic to 192.168.10.0/24
I have proxmox installed on intell nuc with only one network card.
Can you tell me how to achieve this?
Thank you
In general you will need the network's router to handle this.
If your existing network is 192.168.1.0/24, you would need to add a static route in the router for the 192.168.10.0/24 subnet via the proxmox host (and configure routing there manually on Linux), or add an additional VLAN on the existing router for 192.168.10.0/24 and use the vlan-aware bridge in Proxmox to forward that to the VMs.
Hi ! Good informative video. Wanted to know how much reliable is the usb to ethernet. I came to know from the PFSENSE forums, that these power down automatically and cause the link to be down. Let me know your findings on this? It would be helpful
BSD has worse drivers in general than Linux, so you might have a better time with a Linux-based solution than BSD-based if you aren't using very common PCIe NICs.
Is it possible to combine and use Mikrotik RouterOS with proxmox?
As a firewall on Proxmox, or something more complicated?
Excelent.
Thanks!
Isn’t it handy to add vlans 10, 20, 30 interfaces to pve, than add bridges like vmbr10, vmbr20, vmbr30, add vlan interfaces to this bridge, so you can add vm interfaces and assign them to specific bridge which already have pvid 10, 20, 30?
It's more work to create all of the interfaces vs assigning them per VM when you have a decently big deployment.
If you use the (experimental) SDN features they can automate a lot of it though. I'm working on a video of SDN with VXLAN.
Excellent video.. If you can please post a video with evpn vxlan in proxmox. Great video!!!
I just did SDN basics, so it will be next in the SDN list (unicast vxlan and evpn vxlan)
@@apalrdsadventures Fantastic!! Hope soon because SDN is very very great technology in Proxmox. Thanks!!
I already knew most of the things in the video, but don't ask me how many times I broke my network and locked myself out of proxmox ^^
I never used active-backup and trunks though, very interesting indeed
Bonding is mostly useful in larger networks anyway, but it's still fun to play with if you don't have 10G (or if you have 10G an wish you had 25G).
lol. that was a nice proxmox video compared to what's out there 👍
The name's Bond... Bonded Bond
Great video, really appreciate you sharing your knowledge on this subject.
I was wondering if I could aggregate two ports that are connected straight through to reach other, I have two proxmox machines with a dual 10gig on each with no switch in between (aside from the gig interface I use for proxmox to get out to the rest of the network) I got the servers to communicate to each other over the dual aggregated pair of nics, but I'm not sure I'm using double the bandwidth.
You've definitely honored your neck beard.
LACP should have no issues in an active/active scenario (Proxmox defaults to LACP Active, so it will initiate the lacp bond, but it's fine if both sides do this). With LACP you still have the limit of one nic for a single connection. LACP is usually the best bet since it's standardized and you shouldn't have to deal with any vendor oddities across all of your equipment.
Without a switch, you have the option of using balance-rr where it will accept packets on any port and send them out alternating ports, meaning you get truly double bandwidth for a single connection. You can really only use this mode if the other end also supports manually configured link aggregation groups, which is extremely switch dependent and not usually recommended since LACP is guaranteed to work without odd behavior, but since you're going direct Linux-Linux it will work.
If you're using a cluster with more than just the two nodes, they will need to do cluster communication (including VM migration) on a network they all have access to. If it's 2 + a QDevice, you can move migration traffic to the bond but still need to keep corosync on the public network - see pve.proxmox.com/pve-docs/pve-admin-guide.html#_guest_migration for more info on this. You would then need to assign a private /30 IPv4 on the link with static IPs on the two ends so the nodes can communicate across the bond (presumably on the bridge you build on top of the bond). Or, you can just let VMs communicate across the bond and Proxmox doesn't need an IP on that link at all.
Hey Bud, great video once again!
Question 1: How come you could not get 2Gb/s on the LACP with the 2 x 1GBb ports?
Question 2: Can you do a demonstration on OpenVSwitch (i'm also gonna be experimenting with this soon)
With LACP, it determines which link to send a packet on based on the hash of the packet header. So, packets with the same destination will always go through the same link. It's deterministic, fast, and can be massively parallel, but it means a single socket will never reach 2G on 2x 1G links.
@@apalrdsadventures Lets say if I did LACP on 4 x 1GBs and configure LACP on those ports on my switch, would I ever be able to get 3 - 4 Gb/s?
@@zparihar Aggregated, yes. But it will still only allow 1Gb between two specific endpoints This means you can have 4 machines concurrently accessing the server at 1Gb each, but each will still only get 1Gb at any given time. the server side will be able to serve up 4 1Gb connections, just not to the same client. The hash component is what allows this (L2 works from mac address, L3 would be the IP, and L3/4 is IP and Application protocol). Using the L4 hash would allow you to use two different services (FTP download and something like streaming a video simultaneously), each tapping into a different connection. I personally never used that high level of a hash. If you're looking for a point to point high speed connection and don't want to spring for multiGig or 10Gb+ switching hardware, you could do a direct 10Gb link, 10Gb network adapter prices (Used) have fallen off a cliff in recent years. could do both NICS and an SFP+ DAC cable for under $100 easily (that would be for dual port cards and two cables under 10m - always thinking redundancy). I'm actually planning on using bridging and cascading cabling in this way for clients (smaller businesses) starting next year to save them the cost (and power requirement - my Cisco 5548s are about 450 watts a pop!) of 10Gb switches.
Think of lacp as a reception desk with 2 receptionists. one receptionist talks at 1gbps (normal conversation speed between 2 people). a guest converses with one receptionist at 1 gbps. if another guest shows up, they will talk to the 2nd receptionist, therefore the reception desk is now talking at 2gbps in aggregate to two different guests. but one guest cannot converse at 2x the normal conversation speed.
Ha! I love bondceptions
Hello, could you create a tutorial on cluster removal of a node and adding another node to that cluster? also, it would be nice to hace a tutorial on how to improve rdp capabilities of the3 vm so full HD video be played on windows via RDP on proxmox?