tl;dr:
I want to pipe VLANs around my networks, both the physical and virtual sections, to separate things like IoT out.
Some more detail:
I have a network consisting of Proxmox VE containers and VMs (one being OPNsense firewall router), and physical network components such as UniFi switches and APs. I want to have OPNsense handle the bulk of inter-VLAN routing, and want flexibility in whether VMs, containers and physical network equipment has access to a VLAN trunk (with either all or some of VLANs), or just a single VLAN. Not quite sure how to go about this on the Proxmox side (do I have aware bridges, or do I have a virtual NIC per VLAN, or do I use SDN? What are the pros and cons?).
I've read some of the doco - but it gets a little vague when it gets into the realms of selective trunking, and traditional Linux vs. SDN options.
I've read some of the threads here, but they tend to be about purely VM/container scenarios, and perhaps not as much connections out to the physical world.
Lots more detail:
I have Proxmox VE, running a mix of containers and virtual machines, connected through:
VMs:
I want to pipe VLANs around my networks, both the physical and virtual sections, to separate things like IoT out.
Some more detail:
I have a network consisting of Proxmox VE containers and VMs (one being OPNsense firewall router), and physical network components such as UniFi switches and APs. I want to have OPNsense handle the bulk of inter-VLAN routing, and want flexibility in whether VMs, containers and physical network equipment has access to a VLAN trunk (with either all or some of VLANs), or just a single VLAN. Not quite sure how to go about this on the Proxmox side (do I have aware bridges, or do I have a virtual NIC per VLAN, or do I use SDN? What are the pros and cons?).
I've read some of the doco - but it gets a little vague when it gets into the realms of selective trunking, and traditional Linux vs. SDN options.
I've read some of the threads here, but they tend to be about purely VM/container scenarios, and perhaps not as much connections out to the physical world.
Lots more detail:
I have Proxmox VE, running a mix of containers and virtual machines, connected through:
VMs:
- OPNsense (WAN NIC is mapped in via PCI device, LAN out is virtual NIC into LAN proxmox bridge, then proxmox physical NIC)
- HomeAssistant OS (virtual NIC atm into LAN proxmox bridge)
- tt-rss news reader (virtual NIC)
- Unifi Controller (virtual NIC)
- VLAN trunk (incl. VLAN 1 untagged LAN) out of Proxmox physical NIC to appropriately configured switch equipment
- Selective VLAN trunk into HomeAssistant (LAN + IoT vlans) OR multiple NICs, tapped off specific VLANs from firewall trunk
- Specific VLANs into certain containers/VMs (say admin only into one, vs. perhaps security NVR into another)
- Have guest OSs handle all the VLAN tagging
- Pre-tag guest NICs at hypervisor/host level, requiring a NIC per VLAN
- If it is possible to mix and match firehose VLAN trunking with more selective VLAN access (following principal of only sending stuff to a guest that it needs)
Last edited: