[SOLVED] Config Tips for 2 NICs with different addresses ranges

[Ralph_IT]

Hi,

I want to configure the 2 available NICs in the server with different addresses ranges, one for all the servers and the other one for all the workstations, e.g.:192.168.32.xxx/24 for the servers and 192.168.33.xxx/24 for workstations. All the machines will have static ips.

The configuration that is working right now is as follows:

auto lo
iface lo inet loopback

iface eth0 inet manual

iface eth1 inet manual

auto vmbr0
iface vmbr0 inet static
        address  192.168.33.104
        netmask  255.255.255.0
        gateway  192.168.33.1
        bridge-ports eth0
        bridge-stp off
        bridge-fd 0

I managed to configure another Bridge using the other NIC:

auto lo
iface lo inet loopback

iface eth0 inet manual

iface eth1 inet manual

auto vmbr0
iface vmbr0 inet static
       address  192.168.33.104
       netmask  255.255.255.0
       gateway  192.168.33.1
       bridge-ports eth0
       bridge-stp off
       bridge-fd 0

auto vmbr1
iface vmbr1 inet static
        address  192.168.32.250
        netmask  255.255.255.0
        gateway  192.168.32.1
        bridge-ports eth1
        bridge-stp off
        bridge-fd 0

However, after some minutes I was unable to login into the Proxmox website (192.168.33.104). All the servers and workstations were running without issue, but Proxmox did not even reply to ping.

What do I need to do to have the Proxmox website on the server range?.

Thanks for your time.

 

[wolfgang]

Hi,

you can't have two gateways.
If you like two different uplinks you need to set the routes manually.

 

[Ralph_IT]

@wolfgang: Thanks for your reply.

So, as I cannot use the same gateway for each NIC, what should I look for?.
Will a configuration with VLANs work the way I want?.

 

[wolfgang]

Can you please explain what you mean with

one for all the servers and the other one for all the workstations,

A vmbr need no IP to provide network access for a VM.
The IP is only for the host traffic.

 

[Ralph_IT]

@wolfgang:Ok, I'll try to explain better.

We are in the middle of a complete network change which includes deployment of redundant Fortigate Firewalls and Cisco Switches.

Proxmox machine has a few servers running and a couple of workstations for light desktop application development.
It has 2 NICs, but so far only 1 is connected and works well.

Fact is, the switches are configured to segment the network based on which port is being used, e.g.:
- Port 1 is configured to be used by, and only by, a server machine. This means any machine using an ip from outside the range of the server network will never get connection.(192.168.xx.---)
- Port 2 is configured to be used by, and only by, a workstation. Same behaviour as before. (192.168.yy.---)

Now for the trickiest part:
As the only Proxmox's NIC connected is to one of the "Server Port" on the Switch, any VM inside not having a "Server IP Range" will never get any kind of connection.
That's why I wanted to use the second NIC for all the workstations inside Proxmox.
Right now all the VM have "Server IPs", thus connecting without an issue, but that is not the way the network is designed and we need to change it.

I tried to configure the second NIC for all the workstations, plugging it in a "Workstation IP Range" on the switch and configuring a VMBR1. It worked fine but we lost the Proxmox website and can't even ping to it, but all the VM inside replied and were accessible.

So, the LAN should end something like this:

Switch Port 'Servers' <-----> Promox NIC0 VMBR0 (Server Ip Range) <-----> (All Server VM & Promox)

Switch Port 'Workstations' <-----> Promox NIC1 VMBR1 (Workstation Ip Range) <-----> (All Workstation VM)

I think I did not forget anything, but it is hard to tell.

 

[wolfgang]

If I understand you correctly there is no need to access the Proxmox VE host over the second nic?
If so you need no IP on this bridge and you could easily setup the config like this.

auto lo
iface lo inet loopback

iface eth0 inet manual

iface eth1 inet manual

# network used by servers and management for the PVE host
auto vmbr0
iface vmbr0 inet static
      address  192.168.33.104
      netmask  255.255.255.0
      gateway  192.168.33.1
      bridge-ports eth0
      bridge-stp off
      bridge-fd 0
      bridge_vlan_aware yes

# network only used by workstation
auto vmbr1
iface vmbr1 inet manual
       bridge-ports eth1
       bridge-stp off
       bridge-fd 0
       bridge_vlan_aware yes

 

[Ralph_IT]

If I understand you correctly there is no need to access the Proxmox VE host over the second nic?
If so you need no IP on this bridge and you could easily setup the config like this.

auto lo
iface lo inet loopback

iface eth0 inet manual

iface eth1 inet manual

# network used by servers and management for the PVE host
auto vmbr0
iface vmbr0 inet static
      address  192.168.33.104
      netmask  255.255.255.0
      gateway  192.168.33.1
      bridge-ports eth0
      bridge-stp off
      bridge-fd 0
      bridge_vlan_aware yes

# network only used by workstation
auto vmbr1
iface vmbr1 inet manual
       bridge-ports eth1
       bridge-stp off
       bridge-fd 0
       bridge_vlan_aware yes

@wolfgang: You're right. I forgot to mention that I only need/want to access Proxmox host website from the server side of ips (192.168.32.104).
I'll try your setup ASAP and give you feeback.

Thanks for your time!.

 

[Ralph_IT]

@wolfgang: Everything works like a charm!
Thank you very much!.

Tagged as [SOLVED].