A beginners cry for help to ports and interfaces when using a virtual router

B

biohead

New Member
Oct 15, 2023
4
1
1
I'm trying to get my head around best practices when trying to assign physical network ports within Proxmox and the router VM.

Using an example from STH, it seems this sort of allocation is best practice:
1697374545368.png
I guess the first question is, is that the case that this is a form of best practice?

My main query then comes along - the two FW ports are physically passed through to the VM (say pfsense/opnsense etc). So in order to connect Proxmox to the FW LAN, you'd have to physically connect the "PVE LAN" port to the "FW LAN" port (via a switch) - that bit I understand.
What is the difference, then, between the PVE LAN port and the PVE MGMT port?

Ideally, I would like to be able to access the Proxmox UI from my network - but surely if I plugin to either MGMT port or PVE LAN port and set a static IP I'll be able to get access to Proxmox - even without the router running?
 
biohead said:
What is the difference, then, between the PVE LAN port and the PVE MGMT port?
Click to expand...
Your guests need some network to access the internet, provide services and so on. It's a good practice to have a dedicated network for management so your guests or a compromised host in your LAN for example can't access the PVE webUI/SSH and so on.
 
Thank you - so at the beginning I can consider them the same and when I've got the basics I can start looking at segregation, and probably not present anything externally yet.

I know it's probably best to do it from the beginning but I'm just not there yet - I'm trying to use this whole practice as learning.
 
biohead said:
I know it's probably best to do it from the beginning but I'm just not there yet - I'm trying to use this whole practice as learning.
Click to expand...
Yes, no problem to add another management network later. Another benefit of such a management network is that you can use it for corosync in case you later want to create a cluster. Because corosync needs always a very low latency (<1ms), even when there is heavy traffic like when doing a backup or migrating a guest, so its recommended to have a dedicated NIC for it. But using the same NIC for corosync + management is also fine as the management NIC should idle most of the time and will never be saturated by the guest traffic.
 
  • Like
Reactions: biohead
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom