Search results

last time I checked, you were not allowed to virtualize Windows (non server) without paying VDA licenses

I'm on the same boat, Proliant DL360 Gen10. Recognizes a two port gigabit adapter (BCM5720) generating interface devices, but doesn't recognize a gigabit quad port card (BCM5719) 02:00.0 Ethernet controller: Broadcom Inc. and subsidiaries NetXtreme BCM5719 Gigabit Ethernet PCIe 02:00.1...

Hello!, We add all our Linux machines under FreeIPA administration (+AD trust) and would like to include over hosts too to achieve: - no root password is shared to admins - named users are always used - password expiration is handled centrally - HBAC managed centrally - sudoers managed...

Would love to see a similar document mentioning newer versions. Licensing rules change from time to time.

Yup, any host that the VM touches should be properly licensed. Haven't seen a contract which states I must pay for processors on nodes I'm not using (that's regular enterprise contracts, I have not experience as service provider) I could always move VM to any physical server laying around.

Well, from where I come from, BGP sessions are free :) I don't need to migrate a virtual firewall if the other host also handles North/South routing.

The issue is it must not be started on an unlicensed node. But interesting nonetheless, it could cover a "should not" scenario without the "license disk" trick.

Can I add another pool on the same Ceph backend maybe?. This would solve the "must not touch an unlicensed node" requirement.

RouterOS can do BGP, you drop Vyos and peer RouterOS to your PVE nodes: PVE --BGP--> RouterOS * Requires manual configuration at PVE The other option is: PVE --EVPN--> Vyos --BGP--> RouterOS * Uses configuration form / point&click When ECMP is in use, you need to disable RPF

Need to cover: - HA: it should not jump to an unlicensed host. What you shared should be good enough. - Manual operator mistake: Would require a mandatory VM to host affinity.

Sounds more complex than it needs to be.... I can get away with just limiting where the Windows Servers are instantiated, would hate to screw up a perfectly functional PVE cluster that's running other non Windows Server workloads.

Would it be possible to limit any given VM to a subset of nodes in a cluster?. Use case: - I have a 4 node cluster, which run Ceph as a storage layer - I need to run VMs equivalent to 1 physical node with Windows Server - I will license 2 nodes for Windows Server (node1 & node2) - I want to...

I definitely need write a tutorial, I suffered with this. do you have a diagram?. I didn't go the Vyos route because I didn't want to maintain yet another component. On the bright side, it can act as EVPN exit node: if you want this, don't use my recipe and instead use exit nodes and route...

Hello, pastebin links still work. Only difference is the exit nodes were deleted. Will share a proper configuration guide once I get access to that environment again. Please report back if it works. Validated with 8.3, pending testing on 8.4 (I hope it doesn't break)

Hello!, I have a cluster up & running, with several network interface, EVPN/VXLAN, external BGP peering and Ceph. Now I would like to enable PVE firewall to manage filtering. Given a complex network environment already built, I'm worried about breaking the cluster beyond repair activating the...

Fixed!. The trick was removing the exit nodes (all of them) from the EVPN zone, since it leaks routes to the global/default table. That is paired with the manual BGP instances + VRF definition for the interface and traffic flow works as expected.

config that almost works: https://forum.proxmox.com/threads/management-plan-vs-vm-on-overlay.162892/#post-754741

root@pve-01:~/bin# ip addr show dev ol111001 191: ol111001: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vrf_L01VPN01 state UP group default qlen 1000 link/ether bc:24:11:e6:34:58 brd ff:ff:ff:ff:ff:ff inet 192.168.111.1/25 scope global ol111001 valid_lft forever...

that is fine and it works for VM to external networks, the issue is that outgoing connections from to host to a VM doesn't work through the external peering node, it seems to try to resolve locally (not desired). I have: pve01/02/03/04 are integrated with EVPN/VXLAN pve{01,02,03,04}/fw{01,02}...

I got a manual setup stablishing 2 sets of BGP sessions to maintain BGP separation. I can clean up my tests and share them if they are of interest. The only culprit so far is VM <-> Host traffic for things like Datacenter Manager, LibreNMS and OIDC authentication service running in overlay.