Greetings,
I am wondering what the best way to separate network traffic using VLANs and Proxmox.
I have a Juniper EX4200 with three Proxmox host machines connected to it on the NIC eno0. We want to separate network traffic of the VMs and host machines into their own VLAN to reduce the damage of IP hijacking (where a VM adds and uses an IP that it isn't assigned).
I came across an article on the wiki about Open vSwitch, and we're wondering whether we should be using this to accomplish what we are trying to do. I have noticed that on the network interface settings of the VM, we are able to specify a VLAN tag.
What I was thinking we do is specify all VMs to be on VLAN 20 using VLAN tagging. Is this as simple as creating VLAN ID 20 on the network switch, setting the port to trunk and then updating the VM network adaptors? Is it possible, and should I be specifying a VLAN tag for the host machine's (not the VM's) traffic too, so on something like VLAN ID 10?
Finally, are there any better ways to help prevent IP hijacking on Proxmox? We want to restrict the user only to the IPs that they have been assigned.
Thank you very much for your response in advance. Any suggestions or help would be much appreciated.
Regards
I am wondering what the best way to separate network traffic using VLANs and Proxmox.
I have a Juniper EX4200 with three Proxmox host machines connected to it on the NIC eno0. We want to separate network traffic of the VMs and host machines into their own VLAN to reduce the damage of IP hijacking (where a VM adds and uses an IP that it isn't assigned).
I came across an article on the wiki about Open vSwitch, and we're wondering whether we should be using this to accomplish what we are trying to do. I have noticed that on the network interface settings of the VM, we are able to specify a VLAN tag.
What I was thinking we do is specify all VMs to be on VLAN 20 using VLAN tagging. Is this as simple as creating VLAN ID 20 on the network switch, setting the port to trunk and then updating the VM network adaptors? Is it possible, and should I be specifying a VLAN tag for the host machine's (not the VM's) traffic too, so on something like VLAN ID 10?
Finally, are there any better ways to help prevent IP hijacking on Proxmox? We want to restrict the user only to the IPs that they have been assigned.
Thank you very much for your response in advance. Any suggestions or help would be much appreciated.
Regards
