Hello together,
I have decided to ask for help.
I am stuck with the following:
Here is the set-up that I have done so far:
- Fresh Proxmox Installations on 3 rented dedicated Servers with KVM Flag enabled.
- All Servers are connected to one cluster.
- Cluster Network is configured. Migration from host to host works perfectly fine. ( I tested with a test Ubuntu 16 Mashine)
- Shorewall firewall is installed on each host to control incoming and outcoming traffic.
Network set-up:
- All three hosts have Internet Access. The Standard Gateway and WAN IP is provided by our hosting provider. Internet breakout works on all hosts. Basic configuration of firewall for WAN is done and works.
- Cluster network is configured. For this we booked a Layer 2 VLAN and connected a new virtual NIC to each proxmox host and assigned an IP address. 10.0.0.1 - 3 / 8
- VM network: That's where we are having trouble:
We need to have ONE VM network as ONE Broadcast Domain. Without the firewall on proxmox hosts this would not be a problem: Booking another Layer 2 VLAN that provides ONE Broadcast Domain between all VM's running on Node 1, Node 2, Node 3. Since we would need a Standard Gateway for the hosts, we would create one additional NIC on each proxmox node with an IP- Address:
Node 1: 10.10.10.1 / 24
Node 2: 10.10.10.2 / 24
Node 3: 10.10.10.3 / 24
Routing on each node routes WAN traffic from 10.10.10.0 / 24 to WAN. If a VM runs for example on Node 1, a script will detect that and sets the Standard Gateway to 10.10.10.1. If the mashine migates to node 2, the script will change the standard gateway to 10.10.10.2.
But now: How can we bring the set-up working with the shorewall firewall as well?
Perfect would be one Layer 3 Interface placed before all proxmox server that would provide the VLAN with layer 3 for routing and our problem would be solved. Unfortunately there is no option to book a layer 3 Switch / Router. So we are stuck with the layer 2 VLAN which basically means, that communication is not possible.
I hope this can be understood. I am experiencing that it is really complicated to explain.
Any suggestions on how to spread a VM network between all three nodes, with a firewall on each node and only one Layer 2 VLAN for VM network?
The main idea is to prepare a HA network that provides different plesk servers as VM's with ONE IP WAN Address which is configures as an failover IP address by our hosting provider. This ip address is then used to determine what domain the user tries to connect to so that we forward the traffic to a VM with the help of SNI.
Thank you very much in advance.
I have decided to ask for help.
I am stuck with the following:
Here is the set-up that I have done so far:
- Fresh Proxmox Installations on 3 rented dedicated Servers with KVM Flag enabled.
- All Servers are connected to one cluster.
- Cluster Network is configured. Migration from host to host works perfectly fine. ( I tested with a test Ubuntu 16 Mashine)
- Shorewall firewall is installed on each host to control incoming and outcoming traffic.
Network set-up:
- All three hosts have Internet Access. The Standard Gateway and WAN IP is provided by our hosting provider. Internet breakout works on all hosts. Basic configuration of firewall for WAN is done and works.
- Cluster network is configured. For this we booked a Layer 2 VLAN and connected a new virtual NIC to each proxmox host and assigned an IP address. 10.0.0.1 - 3 / 8
- VM network: That's where we are having trouble:
We need to have ONE VM network as ONE Broadcast Domain. Without the firewall on proxmox hosts this would not be a problem: Booking another Layer 2 VLAN that provides ONE Broadcast Domain between all VM's running on Node 1, Node 2, Node 3. Since we would need a Standard Gateway for the hosts, we would create one additional NIC on each proxmox node with an IP- Address:
Node 1: 10.10.10.1 / 24
Node 2: 10.10.10.2 / 24
Node 3: 10.10.10.3 / 24
Routing on each node routes WAN traffic from 10.10.10.0 / 24 to WAN. If a VM runs for example on Node 1, a script will detect that and sets the Standard Gateway to 10.10.10.1. If the mashine migates to node 2, the script will change the standard gateway to 10.10.10.2.
But now: How can we bring the set-up working with the shorewall firewall as well?
Perfect would be one Layer 3 Interface placed before all proxmox server that would provide the VLAN with layer 3 for routing and our problem would be solved. Unfortunately there is no option to book a layer 3 Switch / Router. So we are stuck with the layer 2 VLAN which basically means, that communication is not possible.
I hope this can be understood. I am experiencing that it is really complicated to explain.
Any suggestions on how to spread a VM network between all three nodes, with a firewall on each node and only one Layer 2 VLAN for VM network?
The main idea is to prepare a HA network that provides different plesk servers as VM's with ONE IP WAN Address which is configures as an failover IP address by our hosting provider. This ip address is then used to determine what domain the user tries to connect to so that we forward the traffic to a VM with the help of SNI.
Thank you very much in advance.