[SOLVED] Issue to configure SDN

R

RogerH00d

Member
May 27, 2022
4
1
8
Hi,

I have a 4 nodes proxmox cluster and i want to use SDN to allow my VMs communicate node to node.
I achieve this configuration and Vms can ping each other.

In order to training me and to renforce security of my home lab, i want to create different SDNs on my cluster and put a pfsense vm on front to do inter vlan routing.

What's the best option to do this ?
I don't find a complete tutorial of this type of configuration and i block.
I've tried VLAN, VxLAN....

I have one NIC on each node with vmbr0 bridge.

I hope someone could take a couple of time to help me.
Regards.
 
Configure a VLAN zone, then define the VNETs for all the VLANs you need.
The switches between the hosts need to be configured as well to allow these VLANs as tagged VLANs on the switchports. Your firewall/router needs to have access to these VLANs and needs to be configured as the default gateway by any member in that VLAN
 
Thanks for your fast answer Aaron.
I don't explain clearly my issue.
I want to virtualize my firewall pfsense on my proxmox cluster.

Attach it sdn vnets in order to create a multiple vlan lab with pfsense virtualized server.
Regards
 
Then create a virtual NIC for each VLAN zone for the pfsense. If it should manage internet access for the machines in the VLANs, you will also configured a NIC on a bridge (vmbr) that allows it to access the internet.
 
  • Like
Reactions: RogerH00d
for each node i have :
vmbr0 bridge to physical nic for wan pfsense.
vlan aware is activate on this bridge
1724459697082.png

i have create sdn zone type vlan named "vnetwork"
on this zone, three vNets vnet10 (VLAN10), vnet20 (VLAN20), vnet50 (VLAN50) attached to vnetwork zone
1724459783844.png
subnet of each vlan are declared without gateway.

on vm pfsense i add network device
1724459645192.png

on pfsense, declare vlans
1724459878873.png
and assign interfaces to vlan interfaces
1724459959327.png

VMs on the same vnets Proxmox can ping each other but not ping gateway of their vlan
Best regards
 
if in pfense vm, you are already using 1interface in each vnet, you don't need to declare vlan on pfsense, as it's already done on proxmox (or you'll have double tag vlan).


you could use vlan tag on pfsense, if you have a lot of vlans, and you want to use only 1 interface on your pfsense vm. In this case, simply plug it on vmbr0 directly with vlan aware enable on vmbr0.
 
Last edited:
  • Like
Reactions: RogerH00d
Hi,
thanks for your help.
i have resolved my issue with this configuration :
  1. use vmbr0 (attach to physical NICs, access to WAN) for SDN zones
  2. declare all of my VLAN on zdn, with their subnets
  3. add vnets as network devices on my pfense VM
  4. add all interfaces (vnets) on pfsense and configure ip of each interface with vlan gateway
  5. don't forget to add firewall rules to allow traffic
  6. configure VMs network device on wished network
It works like a charm.
Regards.
 
  • Like
Reactions: aaron
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back