SDN, IPAM & DHCP

boomam · 2026-05-26T03:06:44+0200

Hi,
Is anyone able to help me wrap my head around this -

I have SDN configured with some zones that have my phpIPAM system configured for their IPAM layer.
One zone is 'simple' the other is 'vxlan'.
Both zones have both subnets added to their vnets that match the ranges in phpIPAM, and have DHCP ranges set too.
In phpIPAM, both ranges for both zones/subnets are set to allow IP requests.

As a test, i have created an LXC with a vNIC on each zone.

Here is the issue - Neither in static mode where i am giving the vNICs IPs in the relevant CIDR block, nor in DHCP mode, are IPs captured or obtained in either phpIPAM, the IPAM management screen in PVE, the LXCs vNIC properties, etc.
Meaning that in dynamic nothing is coming from phpIPAM, and in static, nothing is getting pushed too it.

As another test, i followed these steps here - https://pve.proxmox.com/wiki/Setup_Simple_Zone_With_SNAT_and_DHCP
and created a third test zone, exclusively 'pve' for IPAM...still nothing.

Some reading around shows that this functionality as of 6-12 months ago was a little underbaked, with discrepancies & omissions in the docs reflecting that, but with the last few releases pushing SDN more and more, i would have thought it was operational somewhat by now in this regards.

Am i missing something here? Or is it just missing functionality at this time, to be added to a later release?

Thanks in advance!

boomam · 2026-05-26T03:45:48+0200

Interestingly, if i waited a little longer, the two test zones do different things -

"Test" -
Type=Simple, IPAM=phpIPAM
I can see the test LXC in phpIPAM, but nothing in Datacenter->SDN->IPAM,

"Test 2" -
Type=Simple, IPAM=pve
I see information in Datacenter->SDN->IPAM.

However in neither test, do the vNIC's themselves get an IP allocated though that the LXC can use, or proxmox see's in the GUI.

So clearly communication to/from the IPAM services *is* working in some manner.

shanreich · 2026-05-26T10:39:35+0200

boomam said:
I can see the test LXC in phpIPAM, but nothing in Datacenter->SDN->IPAM,

Yes, that is to be expected, the IPAM tab in Datacenter is what you pick when you choose `pve` as the IPAM option, otherwise the external plugin is used.

What's the exact sdn config?

Code:

cat /etc/pve/sdn/zones.cfg
cat /etc/pve/sdn/vnets.cfg
cat /etc/pve/sdn/subnets.cfg

It seems like there are issues with DHCP itself. Is dnsmasq up and running properly?

Code:

systemctl status 'dnsmasq@*'
head -n-0 /etc/dnsmasq.d/**/*
cat /etc/pve/sdn/pve-ipam-state.json

Inside a new test container with a NIC on a simple zone with DHCP enabled, what is the output of:

Code:

dhclient -r
dhclient -v

boomam · 2026-05-26T14:03:05+0200

shanreich said:
Yes, that is to be expected, the IPAM tab in Datacenter is what you pick when you choose `pve` as the IPAM option, otherwise the external plugin is used.

What's the exact sdn config?

Code:

cat /etc/pve/sdn/zones.cfg cat /etc/pve/sdn/vnets.cfg cat /etc/pve/sdn/subnets.cfg

It seems like there are issues with DHCP itself. Is dnsmasq up and running properly?

Code:

systemctl status 'dnsmasq@*' head -n-0 /etc/dnsmasq.d/**/* cat /etc/pve/sdn/pve-ipam-state.json

Inside a new test container with a NIC on a simple zone with DHCP enabled, what is the output of:

Code:

dhclient -r dhclient -v

Morning,
To confirm, as there *is* conflicting information on the docs, wiki and forum - would you expect this to work with zone types that are not 'simple', and for those expected to communicate with whatever IPAM system, for IPs to allocate against a given vNIC?
As if the answer to either of those is 'not currently' then this is probably pointless to diagnose further.

As configs -

Zones.cfg

Bash:

vxlan: proxy0
        ipam phpIPAM
        peers 192.168.200.21

simple: test
        dhcp dnsmasq
        ipam phpIPAM

simple: test2
        dhcp dnsmasq
        ipam pve

vnets.cfg

Bash:

vnet: proxy0
        zone proxy0
        alias proxy0
        tag 1001

vnet: test
        zone test

vnet: test2
        zone test2

Subnets.cfg

Bash:

subnet: proxy0-10.10.10.0-24
        vnet proxy0
        dhcp-range start-address=10.10.10.51,end-address=10.10.10.199

subnet: test-10.10.11.0-24
        vnet test
        dhcp-range start-address=10.10.11.10,end-address=10.10.11.20

subnet: test2-10.10.12.0-24
        vnet test2
        dhcp-range start-address=10.10.12.10,end-address=10.10.12.20
        gateway 10.10.12.1
        snat 1

"dhclient -r"
No output

"dhclient -v"
Hangs until i ctrl+c
A following 'ip addr show' shows no IP allocated however

shanreich · 2026-05-26T14:09:08+0200

boomam said:
To confirm, as there *is* conflicting information on the docs, wiki and forum - would you expect this to work with zone types that are not 'simple'

I missed that part, sorry - it currently only works for the simple zone.

boomam · 2026-05-26T14:35:57+0200

shanreich said:
I missed that part, sorry - it currently only works for the simple zone.

ok, then for the latter - should a 'simple' zone also be allocating the IPs at vNIC level? or is it just tracking availability in the IPAM screen/external system?

Search

Search

SDN, IPAM & DHCP

boomam

Member

boomam

Member

shanreich

Proxmox Staff Member

boomam

Member

shanreich

Proxmox Staff Member

boomam

Member

We value your privacy