Search results

https://forum.proxmox.com/threads/nested-virtualization-esxi-8-0-running-on-pve-8.133254/

what are you trying to achieve?. for SR-IOV, you basically create additional virtual PCI devices (VF) and assign each of them as you would do for PCI passthrough of a complete NIC, but this time using a virtual PCI device. the host won't touch it, it's delegated to a VM do not bridging...

bond0 with both interfaces and everything on top as a VLAN. dedicated corosync VLAN/subnet with QoS could do it (have done it in the past). You want to give it priority vs any other traffic (workloads, management, backups, Ceph, NFS, etc)

short answer: don't. semi short answer: the only sane "multi site" recipe for systems involving data integrity is a 3 site solution. What are you trying to achieve?

Just checked: net.ipv4.tcp_l3mdev_accept = 0 The local processes bound to default/global VRF should not touch forward requests through VRF based interfaces. 1- Want: FRR working with VRFs 2- Don't want PVEProxy going out through a VRF interface

Hello!, I'm trying to integrate PVE via OIDC to a Keycloak server. The thing is, the server is running as a VM on top of the same cluster and is a client of a EVPN/VXLAN VNI/Subnet. Even though the anycast GW is attached to a VRF, the traffic originated from the Management plane seems to exit...

Hello!, I believe I'm seeing the same thing. Just wanted to make sure it's the same case :) Having 4 nodes: peerA peerB peerC peerD I deploy a single VM (192.168.0.101/24) in peerC and from the external BGP node I see these routes being pushed: peerA 192.168.0.0/24 192.168.0.101/32 peerB...

I'm curious about this topic, should "advertise-svi-ip" be set by default instead?, or this is an edge use case?

that's too sad. EVPN/VXLAN is a few clicks away, DHCP would close the loop for easy deployment.

Hello!, I'm trying to cobble together the configuration for a North/South integration of a Proxmox cluster running EVPN/VXLAN overlay. So far it's a very poor collage of forum posts spanning 2021 to 2024. My understanding is I can have an external router peering towards 4 servers, all of them...

Good morning!, yes, I see the "HA settings" it's set as "Default (conditional)". Will change that to "migrate". Thanks for the hint!

Hello! On a new PVE 8.3 testing cluster: - 4 nodes - Ceph * 4 nodes with OSD * 3 nodes with managers & monitors * Dedicated corosync VLANs on management bond (2*10GbE) * Separate bonds for Ceph Access, Ceph Replica and VM traffic I mistakenly rebooted a node without moving the VMs beforehand...

Hello!, I'm in the same boat, probably can document my use cases. I have two environments right now that can be of use: E1. PVE overlay with different isolated tenants. Each tenant should have a matching routing instance on a EVPN/VXLAN IP Fabric, JunOS based. a. One use case would be to...

hmm, that's "too friendly" will explore it and report back.

I was more thinking on an example of what's required in PVE/SDN side as configuration for external exit nodes.

I have EVPN capable JunOS switches around, could you share a config example?. Are servers and switches participating in the same VTEP underlay for EVPN/VXLAN?, can I isolate different VRFs with RT?

hi!, I'm planning to implement another PVE solution, this time a more capabilities on the SDN front. I'm reading about the "exit on the host" option and I'm not clear about what does it mean for management vs workload traffic isolation. Reading also than an external node is recommended for...

I just catched up with the thread if there's actual isolation (that's a good thing) and you need your monitoring VM to reach a host the correct way to do it is to have the leaking done in an external border node (your DCFW for example). A. IaaS Platform in its own VRF B. One Tenant per VRF...

hi!, awesome work so far. I've looking at this for a new deployment and I'm not comfortable merging L3 for PVE management with workloads traffic. Most often than not, you want your workloads isolated from the management plane of the hypervisor (network wise). could you explore implementing...

out of curiosity, is this still an issue?, is there a device name filter that can be adjusted?. multipath for physical SAS redundancy is a must (multipath JBOD cages)