Backing up VMs to a network location in different subnet - what is the best approach?

O

odonnell

New Member
Mar 6, 2021
10
0
1
31
Latest Proxmox, running in a home environment. I have the "local" disk only containing the host install, and have the VMs themselves stored on a 8-drive ZFS array.
I have scheduled backup tasks for my small VMs (firewall, TrueNAS, etc) to the "local" SSD since there is some room left on there. However the "local" SSD is far too small to back up my larger VMs like Windows. I would instead want to back these up to my NAS.

The issue for me is, the NAS sits behind my firewall VM, which creates a whole different subnet. I can't see these shares from Proxmox, as it only sees the network being supplied from my modem (WAN, vmbr0). The only connection it has to my downstream subnet is the vmbr1 LAN bridge I created that is the 'output' of my firewall VM and is bonded to the other NICs and connected to the other VMs.

I am thinking there must be a way to access this share on Proxmox somehow to use it for backups, but so far have come up empty. Any ideas? Maybe creating an "aliasing" VM that is connected to both bridges (the WAN and the LAN) and can make the NAS show up on the WAN somehow?
 
odonnell said:
Latest Proxmox, running in a home environment. I have the "local" disk only containing the host install, and have the VMs themselves stored on a 8-drive ZFS array.
I have scheduled backup tasks for my small VMs (firewall, TrueNAS, etc) to the "local" SSD since there is some room left on there. However the "local" SSD is far too small to back up my larger VMs like Windows. I would instead want to back these up to my NAS.

The issue for me is, the NAS sits behind my firewall VM, which creates a whole different subnet. I can't see these shares from Proxmox, as it only sees the network being supplied from my modem (WAN, vmbr0). The only connection it has to my downstream subnet is the vmbr1 LAN bridge I created that is the 'output' of my firewall VM and is bonded to the other NICs and connected to the other VMs.

I am thinking there must be a way to access this share on Proxmox somehow to use it for backups, but so far have come up empty. Any ideas? Maybe creating an "aliasing" VM that is connected to both bridges (the WAN and the LAN) and can make the NAS show up on the WAN somehow?
Click to expand...
Does your switch support vlans? I created a second subnet (LANNAS, DMZNAS, RETRONAS, ...) for each of my main subnets (LAN, DMZ, RETRO, ...). LAN, DMZ, RETRO subnets are using MTU 1500 and LANNAS, DMZNAS, RETRONAS subnets are using MTU 9000. LAN, DMZ and RETRO are routed by OPNsense but LANNAS, DMZNAS, RETRONAS not. Each VM gets two virtio NICs, for example LAN + LANNAS, where LANNAS is only used to access the NAS and LAN for everything else (default gateway). That way the VM can access the NAS directly without the OPNsense VM needing to route all of that massive data. Another point is that you can use different quality of service levels for each subnet. LAN has higher priority than LANNAS so backups won't slow down other connections that much.

The idea of having pairs of subnets is that I keep the isolation.
 
Last edited:
Interesting approach. I actually don't have a switch in the works, it's all virtual at the bridge/bond level. The LAN goes out to my wireless AP, and all of my devices connect that way.

I suppose I could move my NAS (TrueNAS VM, using HBA card passed through) onto the WAN bridge, but then I would be running into a parallel issue where I'm not sure my everyday wireless devices would be able to find the NAS anymore. I would rather keep things the way they are, if that is possible. Otherwise I think I would rather manually make backup images every few weeks.
 
odonnell said:
Interesting approach. I actually don't have a switch in the works, it's all virtual at the bridge/bond level. The LAN goes out to my wireless AP, and all of my devices connect that way.

I suppose I could move my NAS (TrueNAS VM, using HBA card passed through) onto the WAN bridge, but then I would be running into a parallel issue where I'm not sure my everyday wireless devices would be able to find the NAS anymore. I would rather keep things the way they are, if that is possible. Otherwise I think I would rather manually make backup images every few weeks.
Click to expand...
Why don't you use several virtual NICs for your TrueNAS VM? My FreeNAS server got a IP in most subnets and you can use the TrueNAS GUI to define which services (NFS, SMB, FTP, SSH, WebGUI and so on) should listen on which interface. I for example only want the WebGUI and SSH to listen on my LAN subnet IP, SMB to listen on my DMZNAS, LANNAS but not RETRONAS subnet IP, NFS only on DMZNAS IP and FTP only on the RETRONAS subnets IP.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back