How to do multi node VLAN ?

[cogis]

Hello

I have a cluster with many proxmox node, and i would like to regroup virtual machines to isolated VLAN, depending on which user use the machine.
Here is a schema of my idea :




So what i would like is :
- Isolated vlan, for example vlan1 cannot connect vlan 2
- DHCP for each vlan, so i don't have to set static ip for each virtual machine

I have read this Software Defined Network docs : https://pve.proxmox.com/pve-docs/chapter-pvesdn.html
But i am lost, i dont know which solution will fit my need, the proposed example are with static IP (there is vlan, vxlan, evpn, qinq ...)

Do you have an idea to achieve this ?

Thanks a lot !

 

[aaron]

In quite a few ways. One would be to configure the VLAN tag on the Network card that you configure for each VM.
The other would be to have a vmbrXXX in each node configured that is using the dot notation on the bridge port. For example the bridge port for VLAN 3 would on a physical NIC called eno1 would be "eno1.3".

If you want to use the SDN, then you will have to create a zone with VLAN.

Also be aware that the VLAN ID 1 is the default one and cannot be set manually. That means, once you enable VLANs on your switch and other infrastructure, the VLAN ID 1 will be "assumed" if there is no VLAN configured.

 

[cogis]

I forgot to specify that our infrastructure is in a datacenter, with one physical server per node, and we dont have access to the switch.
Thanks for your answer

 

[spirit]

I forgot to specify that our infrastructure is in a datacenter, with one physical server per node, and we dont have access to the switch.
Thanks for your answer

if you want to use vlans, you need vlan support enabled on the physical switch. (and maybe vlan allowed list).

if you can't enable vlan on the physical switch, you can use vxlan zones in the sdn.


Each vlan (or vxlan), is isolated from others vlans.
if you want a dhcp, you need a dhcp server with an interface+an ip in each vlan/vxlan/subnet.

 

[cogis]

Thanks, so vxlan look like a solution

I should put the dhcp in one of the node only ?

 

[cogis]

@spirit how to set an ip range for each vxlan ? is it possible via proxmox SDN gui ?

without ip range the dhcp (on node 1) cannot listen to the interface :

No subnet declaration for vnet1 (no IPv4 addresses). ** Ignoring requests on vnet1. If this is not what you want, please write a subnet declaration in your dhcpd.conf file for the network segment to which interface vnet1 is attached. **

 

[spirit]

@spirit how to set an ip range for each vxlan ? is it possible via proxmox SDN gui ?

without ip range the dhcp (on node 1) cannot listen to the interface :

No subnet declaration for vnet1 (no IPv4 addresses). ** Ignoring requests on vnet1. If this is not what you want, please write a subnet declaration in your dhcpd.conf file for the network segment to which interface vnet1 is attached. **

currently , only evpn zone (which use vxlan), declare an anycast ip on the vnet (the gateway of the subnet). (same vnet on each host have the same ip).
with this, you could setup an dhcp server on each host locally.
But for dynamic lease, it can be a problem (or you need to share lease file in /etc/pve or a shared storage).


With classic vxlan, you could also add an ip on a specifc host, manually, in /etc/network/interfaces

auto vnetXXX
address X.X.X.X

it'll be merged with the sdn config.



Another way could be a vm, with an interface in each vxlan.