SDN - what do I need?

C

CodeBreaker

Member
Aug 6, 2019
17
1
23
30
This is my current infrastructure:

Screenshot from 2023-08-23 09-52-38.png

Defined on the Mikrotik are a couple of VLANs for ipmi, proxmox, ceph, and for user networks going across the Mikrotik switch. I have 3 (W)LAN user networks.
When a new project is started I need to define a new isolated network and vlan in router and add it in proxmox network on all servers. Then I have to manage firewall rules for access control on the Mikrotik. Mikrotik router handles all routing across projects. Then, when creating VMs I need to add it manually to PDNS auth server. Overall, it is a pain to maintain.

My idea is to make a little change:
screenshot-from-2023-08-23-09-52-58-png.54557


Basically, I would like to separate user network and server networks so that the Mikrotik router only has a route 10.0.0.0/8 to proxmox over routers 10G sfp+ interface and that's it. The rest of the router's config is about user networks. I'm thinking I can do that with proxmox SDN feature with firewall.
I would like that when i create a new project (proxmox pool) all i have to do is define a network in the vnet tab and assign that network to VMs. That is possible right?

What have I done so far: Created a zone vxlan1 of type vxlan, created a VNet test, created two containers with static IP and assigned network test. The result is that they can ping each other. What should be my next steps, generally speaking, to achieve this kind of separation?
 

Attachments

  • Screenshot from 2023-08-23 09-52-58.png
    Screenshot from 2023-08-23 09-52-58.png
    85.1 KB · Views: 237
When everything is on one switch or on a switched network you do not need SDN. Just create VLANs on the switch, tag them to the Proxmox hosts and use VLAn aware bridges or VLAN interfaces in Proxmox for the VMs.

An SDN is for situations where you need to route IP packets between the Proxmox nodes or if you do not have the possibility to work with VLANs on the switch(es).
 
Thanks.

I would still need a router (i was thinking VyOS hosted on proxmox) to enable internet access (since I'm moving Mikrotik outside of server network) and to route packets to server network from user network behind Mikrotik router.

I was intrigued with other features of SDN, most notably:
  • Restrict the IP addresses you can define on a specific VNet
  • Auto assign IPs on virtual guests (VM or CT) through IPAM plugins
  • DNS registration through DNS plugins
Can the same be achieved using only VLANs?
 
My bad, I didn't ask clearly. What I meant was can I have those features (ex, DNS registration) when using just raw VLANs to segmenting network instead of SDN, ie. using other software solutions, proxmox plugins or something? With SDN I could add PowerDNS authoritative server where (from what I understand from documentation) VM host would be auto registered in PDNS with its IP thus no need to update dns records manually. Hope I was clear in my question.
 
The question was clear.
I do not know of any solutions that would do that. When just using VLANs all the other network management features would have to be implemented separately and I do not know of any solution that does this with Proxmox. There may be viable IPAM solutions outside of Proxmox.
 
Last edited:
  • Like
Reactions: CodeBreaker
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back