bofh's latest activity
-
Bbofh replied to the thread SDN and networking best practice.yea so, corosync doesnt need to be dedicated but it depends on your switches and nic. if they can make sure you always have low latency even if the bond is saturated than yes you dont need to seperate it. i would however stress test this as i...
-
Bbofh replied to the thread Migration of VM on NFS fails between 2 servers.probably a ton of impact beause you deactiavte cpu features, but you dont need to keep it that way, you can set it back to host cpu after migration you cant ofc live migrate between different cpus, thats in its inherent nature. but you can...
-
Bbofh replied to the thread SDN and networking best practice.to much depends on how much your clusternetwork traffic does. usually not to much but when you saturate that bond you risk outage of corosync. so if possible prioritize corosync vlan on your switch and or gurantee some bandwidth to it. 1mbit is...
-
Bbofh replied to the thread Nat with nftables - How To.yea personally i dislike maps a bit. while the idea is great the readability is a bit lacking, at least to me personally. btw these few rules are just a basic barebones example, answering 99% of the questions in that topic. i didnt wanted to...
-
BIll post this as fresh because i have a hunch that this question will come up once people start using nftables 2 Things we gonna need -the file with the actual nat rules -a systemd service to load them Proxmox does not use /etc/nftables. The...
-
Bbofh replied to the thread Docker support in Proxmox.thats the issue you cant seperate these things. people not just load that one plain simple docker file they will relentless copy paste github the nastiest composefile they stumble on and nothing will work the things you mention are just a tiny...
-
Bbofh replied to the thread Proxmox VE 8.3 Masquerading (NAT) with nftables (not iptables).ok i made a thing and iam gonna share it for someone stumling over this [Unit] Description=Load NAT nftables rules after Proxmox firewall After=proxmox-firewall.service Wants=proxmox-firewall.service PartOf=proxmox-firewall.service [Service]...
-
Bbofh replied to the thread Docker support in Proxmox.yea and it never will if youw ant that you need portainer on baremetal but you basically loose VM functionality because networking will be destroyed by portainer these 2 thing dont go together, you really need to basically recreate portainer in...
-
Bbofh replied to the thread Docker support in Proxmox.ok seem i was not clear enough docker is not able todo this, docker cant be a replacement of a vm. its an application container and need and expect the infrastructure to give it what it wants and needs you are the wrong layer here. proxmox is...
-
Bbofh replied to the thread Docker support in Proxmox.docker on proxmox is the wrong level to view it at. i understand that user view docker and VMS kinda equivalent but they aint in a logical sense. they are applications. just a bit abstracted but in a logical view its like running your webserver...
-
Bbofh replied to the thread Networking best practice.@m so forget the concepts of vmware, these are mostly vmware specific. proxmox is using barebones linux networking concepts, naming and schemes. while it will work to make subinterfaces of your bridge interface you should do it the other way...
-
Bbofh replied to the thread Proxmox VE 8.3 Masquerading (NAT) with nftables (not iptables).i necro this a bit since pve9 is around the corner and well, its time for nftables :) type nat hook prerouting priority dstnat; policy accept; priority dstnat is (or should be) equivalent to -100 which is fine. write it how you like, id prefer...