Couple of questions about configuring things in Proxmox VE 7.0

Scott102

New Member
Sep 26, 2021
1
0
1
29
Greetings,
I'm considering a platform change from ESXi to Proxmox, and I have some questions about doing this (mainly due to two 'edge' cases that I am sure are things that I can overcome, if I actually knew the correct procedure.) I'm also trying to minimize downtime as I need the network to function for work. I have a total of eight network ports on my R520, so any number of options could be possible.

The first is my virtualized pfSense router/firewall: It needs two network interfaces, one for the connection to the WAN, and one for the connection for the LAN. The connection for the LAN can be the first bridge that's created, or it can be on a dedicated port. but it's the connection to the WAN that is more concerning. I know all the MAC addresses and can isolate where my modem is plugged in because I know what port it's plugged into and which MAC corresponds to that port on the server

The second edge case involves passing a PCI device through to a guest VM. I've got an LSI card that's acting as an HBA to pass a ZFS pool through to a VM (currently a Ubuntu guest, I've given thought to going back to TrueNAS as it simplifies the management of the sharing of the data contained within the pool. I've read the wiki on how to enable pass-through, and when I tried it on my (now partially retired) R410, It didn't seem like it had worked. I may have missed a step though. (Also tried on the now mothballed R310 and it simply didn't work, I think that the R310 may not have had support for PCI pass-through.) This part is not as crucial for day to day operations. I'm sure I could simply install the packages for ZFS on the underlying Debian install and do the file share off the base install if I had to.

I ran Proxmox for a year or so before switching to ESXi but I never tried anything like this with it then... Those are my two 'edge' cases that require special support. I already figure I can do the rest of what I virtualize with ease on Prox, but I need to solve the two edge cases with minimal downtime.

renderTimingPixel.png

 
I currently run a virtualized pfSense and have a dual gigabit NIC with each port passed through to the VM, with one acting as WAN and the other as LAN. I have also done it with OpenVirtualSwitch bridges as well and have had no issues do it that way as well. However, I am about to change my install so that my WAN port is on an isolated VLAN so that I can use HA to keep the pfSense VM running regardless of what host it is running on.

As for PCI passthrough, I am running TrueNAS on my desktop with the controller passed through and have had no issues with that VM either. I would double-check what CPU you have in the R410 and R310 and see if they have VT-d for Intel or AMD-Vi for AMD. I know my new system with a Ryzen 5950x does support it and so does my older Intel i7 with a beta BIOS on the motherboard but my DL380 G5 and my PE2950 does not support it.
 
The question in regards to pfSense is handled pretty easily with Proxmox,

1. For Wan make a Proxmox vmbr* with bridge port set to only the nic that your modem is plugged into. Utilize this vmbr* in pfsense for wan. Do not utilize this vmbr* or node hardware nic for anything else in Proxmox. Unless your Proxmox node CIDR/IP resides here in front of pfSense.
2. Lan make another Proxmox vmbr*, make it vlan aware, add the the hardware nic (you could make this a bond of multiple other available hardware nics on your proxmox node and attach all to the phsycal lan switch for redundancy) you have connected to your lan switch. Give this to pfSense and use as lan. Also use this vmbr* for all VM and LXC you want behind the pfSense router. Those VM/LXC will then use the lan VMBR* as virtual switch and the networking to each other and pfSense will never leave the node or have to go though your physical switch. Always use the VirtIO (paravirtualized) for the model (not e1000) when you can as it will give you up to 10g or potentially greater (based on your cpu) through put in this virtual network.

There are other IOMMU and SR-IOV options for wan/lan passthrough but they are not necessary IMO. They can be helpful if you have 10g or greater physical connections to wan (congrats if so) or Lan (greater chance here)
 
Last edited:

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!