Bond vs Bridge

[Noern]

Hi guys,

im fairly new to proxmox and I'm not quite sure if I understand the difference between a bond and a bridge.

Is a bridge only used to access the world outside the proxmox host?
What is the difference between those three configs:

1: bridge with enp1, enp2 and ip 192.168.100.20

2: bond0 with enp1, enp2 (active-backup)
bridge with bond0 and ip 192.168.100.20

3: bond0 with enp1, enp2 and ip 192.168.100.20
I noticed that with this config (no bridge configured) I can't access the web interface of proxmox on 192.168.100.20

Thanks for your help!

 

[Dunuin]

Hi guys,

im fairly new to proxmox and I'm not quite sure if I understand the difference between a bond and a bridge.

Is a bridge only used to access the world outside the proxmox host?
What is the difference between those three configs:

1: bridge with enp1, enp2 and ip 192.168.100.20

A bridge will just bridge those two ports. Think of it like connecting those two NIC, both active all the time using the same IP, to the same unmanaged switch. This should usually be avoided.

2: bond0 with enp1, enp2 (active-backup)
bridge with bond0 and ip 192.168.100.20

Only one NIC will be active at a time and only the active one got that IP.

3: bond0 with enp1, enp2 and ip 192.168.100.20
I noticed that with this config (no bridge configured) I can't access the web interface of proxmox on 192.168.100.20

Similar to above but your guests can't use that bond because you got no bridge your virtual NICs could bridge to. PVE WebUI and SSH should still work. If it won't you probably used a bonding type that your switch doesn't support or isn't configured for.

So in case you don't got more NICs for guest communication option 2 would be the way to go if you want redundancy. But I would prefer LACP in case your switch supports that, so you would also get a throughput benefit in addition to the redundancy.

 

[cave]

Is a bridge only used to access the world outside the proxmox host?

Consider a vmbrX Linux Bridge similar to an unmanaged Hardware Switch.

An example:

192.168.1.1/24 Router
192.168.1.2/24 Client/Laptop/PC
192.168.1.3/24 Proxmox Host
192.168.1.4/24 VM1
192.168.1.5/24 VM2

All of them are in the same broadcast domain and can ping each other.
enp0 is the ethernet NIC on your PROX-Host.

If your router is running a dhcp server, your VMX is able to receive IP via DHCP from the router.

                        +--------------------+
                        |     Proxmox        |
                        |                    |
+------+    +------+    +----+   +-----+     |
|Router+----+Switch+----+enp0+---+vmbr0|     |
+------+    +-+----+    +----+   +-+-+-+     |
              |         |          | |       |
              |         |          | +---+   |
              |         |          |     |   |
            +-+----+    |        +-+-+ +-+-+ |
            |Client|    |        |VM1| |VM2| |
            +------+    |        +---+ +---+ |
                        |                    |
                        +--------------------+

Bonding is also called Link Aggregation.
If you want to combine two 1xGbit Ethernet Nics to a 2Gbit virtual NIC.
Same Protocol needs to be used on the other side to receive both network cables/fibres as a bonding Interface.
Check: https://en.wikipedia.org/wiki/Link_aggregation

TL;DR
consider a virtual linux vmbrX Bridge a hardware switch
don't consider using bonding yet, maybe later, master bridge first

 

[Noern]

Hi guys,
thanks for your help, appreciate it.

My thoughts rn:

I got two switches (stacked, enterprise grade, supports all the stuff you love)
I got 4 1x GbE ports per proxmox host left.
I want to use two of them for managing the environment myself.
The other two are meant to grant access to the VMs to customers.

I configure the following:
for mgmt:
bond0 with 2 physical nics in active-backup mode, connecting one cable to switch 1 the other one to the second switch, attach IP address to bond

for vm traffic to outside world:
bond1 with the 2 remaining nics in active-backup mode, connecting one cable to switch 1, other to switch 2, create a bridge using the bond1 and attaching an IP to the bridge

I have to create a link agg on my switch between the two ports in each case, correct?

Thoughts?

 

[B.Otto]

for vm traffic to outside world:

bond1 with the 2 remaining nics in active-backup mode, connecting one cable to switch 1, other to switch 2, create a bridge using the bond1 and attaching an IP to the bridge

The IP on the bridge is only needed if Proxmox-OS needs to interact with it, for example if you manage your Proxmox via this IP, or Proxmox acts as a router/firewall between networks. If this bridge is purely for VM traffic, you can leave it blank.

Also it should be noted that you should never give several IPs in the same subnet to different interfaces, this screws up the routing. So if you wanna give both bridges an IP address, they should be in different subnets.

I got two switches (stacked, enterprise grade, supports all the stuff you love)

I have to create a link agg on my switch between the two ports in each case, correct?

If you use active-backup, there is no extra configuration needed on the switch side.

If, instead, you want to use the LACP-protocol, the switch stack has to support LACP and you need to create a LAG between the two switch ports.