create new isolated vlan

O

openaspace

Active Member
Sep 16, 2019
486
13
38
Italy
Hello.
I have a hetzner server with 2 public ip, one used by the proxomox host, the second used as wan connection for the IPFIRE firewall with local virtual lan.

Now I have the VMBR0 (1st static IP) assigned to the physical ethernet interface , the VMBR1assigned to VMBR0 (assigned to the firewall with local lan network).

Now I need to create a new isolated virtual lan but proxmox advice me that i can't create a VMBR2 if unassigned and cant' assign it to the ethernet device because already assigned to the vmbr0 .. etc..

Really I can't create a new isolated network without bridge it to an existent real/virtual ethernet device?
 
well... there are a few problems/issues, the first is the creation of a separate network "bridge", and the problem with that, is that you first need some interfaces to connect to it, otherwise it doesn't seem to "work" by the time the VMs are starting up. Know that as I got bitten by that, especially with the friend Linux Bridge.

Solutions:

1) just run the VMs in separate VLAN tags... that is what is' meant for... Linux Bridge & OpenVSwitch supports that

2) If you insists on a 2nd Linux Bridge, then the "solution" is to create a dummy interface, and attach that to the Linux Bridge at creation time. (Haven't done this in a very long time as I've migrated my stuff to the above solution on OpenVSwitch)

3) an other option is to create a OpenVSwitch bridge, and "attach" a port to it (no IP) and it'll be "there" and have fun to heartsdesire ;)

Personally, I've moved to a single OpenVSwitch vmbr0, and then I have the fun option(s) to map physical interface native to VLANs, and have my VMs on that or other VLANs as I want. Even more fun: I have the ability to have a VM on prox#1,on a vlan tag#666, that maps over the "internal"-VLAN (actually QinQ) trunk to the"internal" trunk interface on Prox#2, which maps vlan tag#666 to the native on the outside interface. (It's the type of fun that you "learn" to migrate stuff around in places like OVH & xneelo ;) )
 
Hi,
I think that you can't create vlan on hetzner network, so maybe you could try to create a vxlan tunnel for example
you need ifupdown2 to get it working (#apt install ifupdown2)


on each host:

Code: 
 auto vxlan10
 iface vxlan10
        vxlan-id 10
        vxlan_remoteip x.x.x.x
        vxlan_remoteip x.x.x.x

 auto vmbr2
 iface vmbr2 inet manual
        bridge_ports vxlan10
        bridge_stp off
         bridge_fd 0
         mtu 1450

(replace x.x.x.x with your servers public ip)
mtu need to be reduce 50bytes lower than physical interface
 
Hi. Thank you.

But with ifupdown2 i have experienced some strange network problem .. like hypervisor unreacheable after a port scanning..
I'm not sure to joke with the production server.
 
I will try to use OpenVSwitch on proxmox host in my office..

but the problem is that i will need to power off all VM and reconfigure all vm's network ...
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom