Hi,
I am moving my home network onto a set of VLANs to provide a bit more security - i.e. isolating my IP cameras and VOIP devices etc.
I have a single PVE host (v3.4-6) with about 12 containers (all openvz). Everything is currently on 192.168.1.0. Most of my containers have simple venet interfaces pointing at vmbr0 on the host. On a few containers that need a physical interface I have veth interfaces (i.e. for my dnsmasq and openvpn server).
I am planning 3 VLANs, .10.0 (data), .20.0 (voip), and .30.0 (video), plus the management lan (.1.0).
My question is; what is the best way to configure both the host and the containers for VLANs ? Should I just leave the host config as it is and change all containers to use veth interfaces with the VLAN tag set?
Or would it be better to add vmbridges to the host for each VLAN and move the venet interfaces over to the appropriate bridges in the containers?
Is there any downside to using veths for each container? A bit green when it comes to this sort of thing so any help or suggestions will be warmly received!
Many thanks,
Ben
I am moving my home network onto a set of VLANs to provide a bit more security - i.e. isolating my IP cameras and VOIP devices etc.
I have a single PVE host (v3.4-6) with about 12 containers (all openvz). Everything is currently on 192.168.1.0. Most of my containers have simple venet interfaces pointing at vmbr0 on the host. On a few containers that need a physical interface I have veth interfaces (i.e. for my dnsmasq and openvpn server).
I am planning 3 VLANs, .10.0 (data), .20.0 (voip), and .30.0 (video), plus the management lan (.1.0).
My question is; what is the best way to configure both the host and the containers for VLANs ? Should I just leave the host config as it is and change all containers to use veth interfaces with the VLAN tag set?
Or would it be better to add vmbridges to the host for each VLAN and move the venet interfaces over to the appropriate bridges in the containers?
Is there any downside to using veths for each container? A bit green when it comes to this sort of thing so any help or suggestions will be warmly received!
Many thanks,
Ben