How to connect VMs on different Proxmox hosts

L

leom

New Member
Dec 29, 2021
4
0
1
43
Hello community :)

I have a cluster with 2 Proxmox nodes, which are hosting some VMs on their own. The two hosts are in the same network (172.21.251.0/24), and connect to the switch using LACP (802.3ad). The hosts also have a network bridge (vmbr0) connected to a private network (10.9.16.0/24). Both of the hosts have an IP address in the private network (10.9.16.1 and 10.9.16.101). The VMs can ping the two hosts (172.21.251.0/24) as well as the external network (e.g. 8.8.8.8).

What I want to achieve is to connect VMs in the two hosts to a private network 10.9.16.0/24, which is currently not possible.

/etc/network/interfaces of host1 (/etc/network/interfaces of host2 is similar, just the IP addresses of bond0 and vmbr0 are different.)
Code: 
auto lo
iface lo inet loopback

iface eno1 inet manual

iface eno2 inet manual

auto enp175s0f1
iface enp175s0f1 inet manual

auto enp175s0f0
iface enp175s0f0 inet manual

auto bond0
iface bond0 inet static
        address 172.21.251.124/24
        gateway 172.21.251.254
        bond-slaves enp175s0f0 enp175s0f1
        bond-miimon 100
        bond-mode 802.3ad
        bond-xmit-hash-policy layer2+3

auto vmbr0
iface vmbr0 inet static
        address 10.9.16.1/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0

        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up iptables -t nat -A POSTROUTING -s '10.9.16.0/24' -o bond0 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '10.9.16.0/24' -o bond0 -j MASQUERADE

proxmox networking question.png
Do you have any suggestions on how to do it? Thanks a lot!
 
leom said:
Do you have any suggestions on how to do it? Thanks a lot!
Click to expand...
You need to connect vmbr0 bridges of your nodes on Layer 2 together (bridge-ports line in vmbr0 config). You may use a NIC (eno1 or eno2) and a cable, a bond (eno1 + eno2) and two cables, a vlan over existing bond0, etc.

Config for a vlan with id=100 over bond0 would look like following

Code: 
auto bond0.100
iface bond0.100 inet manual

auto vmbr0
iface vmbr0 inet static
        address 10.9.16.1/24
        bridge-ports bond0.100
        bridge-stp off
        bridge-fd 0
 
mvs said:
You need to connect vmbr0 bridges of your nodes on Layer 2 together (bridge-ports line in vmbr0 config). You may use a NIC (eno1 or eno2) and a cable, a bond (eno1 + eno2) and two cables, a vlan over existing bond0, etc.

Config for a vlan with id=100 over bond0 would look like following
Click to expand...
Hi mvs, thanks for your suggestions. I tried the vlan over bond0 method and modified the interface files as suggested. But the VMs cannot ping each other yet. Actually the 2 proxmox hosts cannot ping to each other's internal IP addresses yet.

Code: 
# ping -c 3 10.9.16.101
PING 10.9.16.101 (10.9.16.101) 56(84) bytes of data.
From 10.9.16.1 icmp_seq=1 Destination Host Unreachable
From 10.9.16.1 icmp_seq=2 Destination Host Unreachable
From 10.9.16.1 icmp_seq=3 Destination Host Unreachable

Below is the network information of one of the hosts, if it helps a little.

1653483977549.png
 
I don't think this is going to be easy to achieve

Q: Is the requirement to connect only the two VM's (VM1 and VM2) or do you need to allow other VM's to communicate?
Q: Can the VM to VM traffic be port based?
 
mvs said:
Please check configuration of your switch. You may need to allow vlan100 (tagged) on bond group.
Click to expand...
The hosts are sitting in a sever room and I don't have any access to the switches. Maybe I need to talk with the staff there.
 
Hi Bobmc,

Actually I am trying to set up a small Slurm cluster on top of these hosts.

bobmc said:
I don't think this is going to be easy to achieve

Q: Is the requirement to connect only the two VM's (VM1 and VM2) or do you need to allow other VM's to communicate?
Click to expand...
There will be several VMs in each hosts (not just 1) and they are required to communicate with each other.
bobmc said:
Q: Can the VM to VM traffic be port based?
Click to expand...
Does it mean if there communication are limited to only several ports. I think yes in this case.
 
The major issue is that your setup has the VM's NAT'ed behind the bond network. I can only see that working with a router-vm being available or with more ip-tables foo than I'm capable of.

I'd be inclined to try it like this

swarm_cluster_cropped.jpg

that way the vm's will be able to directly connect to one another. If the VM's need to be able to connect to the rest of the network then you should be able to make that work with iptables rules. Bear in mind though, that devices outside of the 10.9.16.0 subnet will still not be able to initiate direct connections to the VM's
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom