Question on SDN Features

[orcado]

Hi Community,

I'm currently working on a test project to have 5 VMs within a pool. The main aim of this is to have these 5 VMs to be within a VLAN in the PVE cluster and using the node's internet access without a router.

I've done some research where I'll need to create a SDN Simple Zone, then create a Vnet for it. I saw that there is a VLAN Aware setting, but I dont see a place that i can setup the VLAN ID.

My question is this - Should I be creating a VLAN Zone instead of Simple Zone, then set the VLAN ID in VNets, after that add in Subnet with SNAT enabled?

Any advise appreciated.

Thank you
Orca

 

[shanreich]

VLAN zone is layer2 only, so you'd need an external router for things like NAT. If you simply require them to be on their own, separate layer2 domain a Simple Zone is sufficient - without any VLAN tags. If you have multiple simple zones with NAT enabled, you'd need to prevent the host from routing between the different simple zones, which can be achieved via the firewall.

 

[orcado]

Hi @shanreich , thank you for the tip and direction. Can you share with me a little more clues about the config in the firewall to prevent traffic to be routed between the simple zones? Coz I can't quite figure how to configure it. Appreciate it!