Private VLANS (PVLAN) within Proxmox

[Undivided0519]

Trying to wrap my head around how to implement a PVLAN within Proxmox. The purpose would be microsegmentation, so that each VM could not talk to each other without going through the upstream L3 device that has the Promiscuous Port configuration defined. Short of creating a VLAN per VM, is there a way to do this?
For reference and clear confusion, this is what I'm refering to, https://www.geeksforgeeks.org/private-vlan/, or some may call it "Port Isolation".

 

[shanreich]

You could either use the Bridge Port Isolation option [1] that has been introduced in the latest PVE version, or if you need more fine-grained control the VNet Firewall of SDN [2].

[1] https://pve.proxmox.com/pve-docs/pve-admin-guide.html#pvesdn_config_vnet
[2] https://pve.proxmox.com/pve-docs/pve-admin-guide.html#pvesdn_firewall_integration

 

[Undivided0519]

You could either use the Bridge Port Isolation option [1] that has been introduced in the latest PVE version, or if you need more fine-grained control the VNet Firewall of SDN [2].

[1] https://pve.proxmox.com/pve-docs/pve-admin-guide.html#pvesdn_config_vnet
[2] https://pve.proxmox.com/pve-docs/pve-admin-guide.html#pvesdn_firewall_integration

So this will have the isolation to the bridge, but doesn't satisfy the need of a network PVLAN that would extend all the way out to the switch that has the P port that would then allow the access. This is all about micro-segmentation to be honest.