Hi everyone,
I’m still fairly new to Proxmox and currently in the testing phase as part of a migration from VMware. While experimenting in my lab, I ran into a couple of design questions and wanted to get some feedback from people with more experience.
1. OVS vs Linux Bridge
Proxmox supports both Linux Bridge and Open vSwitch (OVS).
From what I’ve read, OVS seems to be able to do everything Linux Bridge can, and on top of that it offers SDN-related features. Because of this, I’m wondering if there is any real reason to choose Linux Bridge today.
If there’s a possibility of using Proxmox SDN features later, wouldn’t it make more sense to deploy Proxmox with OVS from the start instead of Linux Bridge? Are there performance, stability, operational, or support-related reasons why Linux Bridge is still commonly recommended?
2. VM-to-VM isolation while still allowing gateway access
On a single Proxmox host, I have two VMs in the same subnet (for example, 192.168.1.1 and 192.168.1.2).
What I want is:
I tested this using Proxmox SDN by creating a simple zone and enabling the isolation port option on the VNet. The problem is that this blocks all L2 communication, including traffic to the gateway, so the VMs lose connectivity entirely.
To add more context: this is not just a lab issue. In our production environment, we have more than a thousand VMs that require this exact behavior, so we are actively looking for a scalable and clean solution. When we were using VMware, this worked very easily using PVLAN, and the behavior was exactly what we need.
Is there a recommended way in Proxmox to achieve “PVLAN-like” behavior (VM isolation with gateway access) on a single host?
Is this something that requires routing or firewalling at L3, or is there a clean L2-based approach within Proxmox SDN?
Any insights, best practices, or real-world experience would be greatly appreciated.
Thanks in advance!
I’m still fairly new to Proxmox and currently in the testing phase as part of a migration from VMware. While experimenting in my lab, I ran into a couple of design questions and wanted to get some feedback from people with more experience.
1. OVS vs Linux Bridge
Proxmox supports both Linux Bridge and Open vSwitch (OVS).
From what I’ve read, OVS seems to be able to do everything Linux Bridge can, and on top of that it offers SDN-related features. Because of this, I’m wondering if there is any real reason to choose Linux Bridge today.
If there’s a possibility of using Proxmox SDN features later, wouldn’t it make more sense to deploy Proxmox with OVS from the start instead of Linux Bridge? Are there performance, stability, operational, or support-related reasons why Linux Bridge is still commonly recommended?
2. VM-to-VM isolation while still allowing gateway access
On a single Proxmox host, I have two VMs in the same subnet (for example, 192.168.1.1 and 192.168.1.2).
What I want is:
- The two VMs must not be able to communicate with each other at L2/L3
I tested this using Proxmox SDN by creating a simple zone and enabling the isolation port option on the VNet. The problem is that this blocks all L2 communication, including traffic to the gateway, so the VMs lose connectivity entirely.
To add more context: this is not just a lab issue. In our production environment, we have more than a thousand VMs that require this exact behavior, so we are actively looking for a scalable and clean solution. When we were using VMware, this worked very easily using PVLAN, and the behavior was exactly what we need.
Is there a recommended way in Proxmox to achieve “PVLAN-like” behavior (VM isolation with gateway access) on a single host?
Is this something that requires routing or firewalling at L3, or is there a clean L2-based approach within Proxmox SDN?
Any insights, best practices, or real-world experience would be greatly appreciated.
Thanks in advance!
