Greetings,
I know this has been asked many times, but I still did not find exact answer or solution. Using latest no-subscription PVE.
We need more than 32 VLANs passed to single VM. We were fine until we hit 32 virtual nics limit in VM configuration (I know there's an option to bump that number by editing one of Proxmox's libraries, but we're against this for obvious reasons) - so far we manage 32 VLANs by assigning vlan tag to each virtual NIC (32 so far). Each virtual NIC is using vmbr device on the hypervisor. I'm also aware that there's an option to use so-called "VLAN-aware bridge" and then just use a single virtual NIC within guest bound to that bridge and configure VLANs inside VM, however this raises important question in terms of security - since this single "VLAN-aware bridge" is used by many VMs, some of these VMs should not be able to access any VLANs, but only those configured for them inside Proxmox. To make it easier to understand here's what I mean:
0) "vmbr01" on Proxmox host is configured as VLAN-aware: 1-4096.
1) VM-A guest: single virtual NIC assigned to "vmbr01", then all required VLANs are configured inside the VM
2) VM-B guest: single virtual NIC assigned to "vmbr01", but this guest does not need to know or have access to other VLANs other than VID 100.
Can this be achieved? Perhaps I can simply add "tag=100" to "VM-B" guest inside Proxmox and this will be sufficient?
Thanks!
I know this has been asked many times, but I still did not find exact answer or solution. Using latest no-subscription PVE.
We need more than 32 VLANs passed to single VM. We were fine until we hit 32 virtual nics limit in VM configuration (I know there's an option to bump that number by editing one of Proxmox's libraries, but we're against this for obvious reasons) - so far we manage 32 VLANs by assigning vlan tag to each virtual NIC (32 so far). Each virtual NIC is using vmbr device on the hypervisor. I'm also aware that there's an option to use so-called "VLAN-aware bridge" and then just use a single virtual NIC within guest bound to that bridge and configure VLANs inside VM, however this raises important question in terms of security - since this single "VLAN-aware bridge" is used by many VMs, some of these VMs should not be able to access any VLANs, but only those configured for them inside Proxmox. To make it easier to understand here's what I mean:
0) "vmbr01" on Proxmox host is configured as VLAN-aware: 1-4096.
1) VM-A guest: single virtual NIC assigned to "vmbr01", then all required VLANs are configured inside the VM
2) VM-B guest: single virtual NIC assigned to "vmbr01", but this guest does not need to know or have access to other VLANs other than VID 100.
Can this be achieved? Perhaps I can simply add "tag=100" to "VM-B" guest inside Proxmox and this will be sufficient?
Thanks!
