Network Vlan settings

[Maher Khalil]

Hello
I have a host server. I want to get 8 VMs. I have subnet with 8 PUBLIC IPs.
I do not want these 8 VMs access each other
so, I plan to create VLAN for each VM on the host interface and pass each Vlan tag to VM
I will not provide any swiches because I expect that the proxmox vlan and vlan tag to isolate VM networks from each others
so I will configure the host interfaces like the below

auto lo
iface lo inet loopback

iface eno1 inet manual

auto vmbr0.1
iface vmbr0.1 inet static
address public IP1/24
gateway gatway

auto vmbr0.2
iface vmbr0.2 inet static
address public IP2/24
gateway gatway
.
.
.
auto vmbr0.8
iface vmbr0.8 inet static
address public IP8/24
gateway gatway

auto vmbr0
iface vmbr0 inet manual
bridge-ports eno1
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 1-8

 

[spirit]

you can't like this.

vmbr0.X , create an internal port, mainly to assign an ip in this vlan for hypervisor management.

you can:

1)
- keep only vmbr0 vlanware , and in your vm nic, choose vmbr0 + tag.

2)
or without vlan-aware

auto vmbr0v8
iface vmbr0v8 inet static
   bridge-ports eno1.8
   bridge-stp off
   bridge-fd 0

auto vmbr0
iface vmbr0 inet manual
    bridge-ports eno1
    bridge-stp off
    bridge-fd 0

3) use the new beta sdn plugin, an create a vlan zone.
https://pve.proxmox.com/pve-docs/chapter-pvesdn.html

 

[Maher Khalil]

I think the new SDN is useful to create zone and allow VMs from different nodes to connect to each other over local area networks.
i looks like creating virtual switches on the data-center level
my goal is to prevent virtual machines on the same node to connect to each other to avoid any internal hacking. so I though I can use VLAN on each node the same way as VLAN on switches
Any help how to achieve that