HA Cluster with VMs accessible by public IPs


Jul 25, 2018

please help me to understand how to setup a HA cluster with
VMs that should be accessible from the Internet even after one node fails and it's
VMs are migrated and started on another node.

There are 3 nodes in a cluster (that should become a HA cluster later):

- node01
-- vm01a
-- vm01b
-- ...

- node02
-- vm02a
-- vm02b
-- ...

- node03
-- vm03a
-- vm03b
-- ...

Each node has got a public IP address and a public IP subnet for the VMs.
The provider routes a public IP subnet to each node.
Than every single IP address from this subnet is routed within PROXMOX to each VM.
A VM bridge looks like this:

auto vmbr4
iface vmbr4 inet static
        address  VM_BRIDGE_PRIVATE_IP
        bridge_ports none
        bridge_stp off
        bridge_fd 0
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up route add -host VM_PUBLIC_IP_FROM_THE_SUBNET vmbr4
        pre-down route del -host VM_PUBLIC_IP_FROM_THE_SUBNET vmbr4


Imagine it's a HA cluster with a shared storage (this is the plan).

1) node01 fails and PROXMOX HA migrates and starts it's VMs vm01a, vm01b, etc. on node02.
1.1) Now what happens with the VM data on the shared storage, the file system may be corrupted because the VM did not shutdown safely, right?
1.2) The interface vmbr4 of node01 must be already created and configured on node02 exactly the same, otherwise the VM won't start, right?

If another node takes care of the migrated VMs from the failing node, then these VMs must still be accessible with their public IPs.
The public IPs and subnets can be upgraded to Failover IP / Subnets and there is a script / API for switching the IP address.
I read several how to's that describe how to setup 2 Load Balancers with HAProxy and keepalived and a floating IP that get's updated
automatically, but these examples describe only one public IP and redirecting just HTTP traffic.

How to solve this for my scenario: if a node fails, redirect whole IP subnet and all it's traffic (not just HTTP) to the host that takes care of these VMs now,
is it possible?
If possible, do I need 2 Load Balancers with HAProxy and keepalived for this between the hosting provider and PROXMOX nodes,
all public IPs / subnets would be upgraded to failover IP / subnets and routed to one of the Load Balancers,
and the active Load Balancer would route them to different hosts, and if it fails, the backup load balancer gets activated and does it, or how to do it?

Thank you.
Last edited:
I have a similar setup and I have Public IP setup on my VMs directly (NIC setup as bridge on vmbr) . When one VM fails and migrates the VMs are still accessible via their public IP.
  • Like
Reactions: El Tebe


The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!