I am working on setting up the firewall at the Datacenter level for my deployment. I've got most of the rules put in for traffic originating from other VLANs/subnets, but I'm trying to figure out how traffic within VLANs/subnets should work.
I have a internal servers VLAN defined by my physical firewall. The VMs/CTs connect through a VLAN VNet with the VLAN tag applied to the interface (and no subnet defined in the PVE SDN). How will traffic be handled for VMs/CTs in the same VLAN with no traffic restrictions placed by the physical network and with the default input policy in the Datacenter firewall being set to DROP? As of now, I only have a single node, but will eventually expand to a cluster. How will the traffic within the VLAN be handled as it will have to traverse multiple nodes? Will I just need to write an allow rule for this subnet to be able to reach itself (e.g. ACCEPT src: 10.1.1.0/24 dst: 10.1.1.0/24 on vmbr0)?
I have a internal servers VLAN defined by my physical firewall. The VMs/CTs connect through a VLAN VNet with the VLAN tag applied to the interface (and no subnet defined in the PVE SDN). How will traffic be handled for VMs/CTs in the same VLAN with no traffic restrictions placed by the physical network and with the default input policy in the Datacenter firewall being set to DROP? As of now, I only have a single node, but will eventually expand to a cluster. How will the traffic within the VLAN be handled as it will have to traverse multiple nodes? Will I just need to write an allow rule for this subnet to be able to reach itself (e.g. ACCEPT src: 10.1.1.0/24 dst: 10.1.1.0/24 on vmbr0)?