Separate network for VMs

L

lstrunjak

New Member
Jul 6, 2020
9
0
1
41
Hello,

We have datacenter and whole datacenter is on vmware. We are trying to find something that is good enough to replace part of our clusters. Se now we are testing proxmox.

I've installed on 6 hosts proxmox ve 6.2 and set it up like this:

Every host have 2x10G and 2x40G. 10G is for network/management and 40G is for Ceph. Everything is working fine but ....

VMware setup we use distributed switch, have more than 2000 VLANs and on vmware I am able to separate every network by port group. Every user is part of security group and permissions are given on security group. Every customer have his own datastore, network, resource pool and those resources are visible only to that customer.

I am curious how can I separate network?

I've created bond0 for 10G bridge over bond VLAN aware. Everything is working fine when I am creating new virtual machine and under VLAN tag I write VLAN tag and machine is working has access to the internet .... But I am not able to separate, divide by (like in vmware) port groups and have permissions over port group. Is there any way to create something like port groups in vmware and devide the network not to use only one bridge and more than 2000 VLANs over it. I want every VLAN separate. Is that possible?



Regards
 
lstrunjak said:
VMware setup we use distributed switch, have more than 2000 VLANs and on vmware I am able to separate every network by port group. Every user is part of security group and permissions are given on security group. Every customer have his own datastore, network, resource pool and those resources are visible only to that customer.
Click to expand...

You will want to do more research on OpenVSwitch and it's SDN features, and use that with a controller.

I am curious how can I separate network?
Click to expand...

Well.. with 802.1q, you have 4095 VLANs available on the same trunk. the next step, when you give each client his/her/their own "trunk" they can run 802.1q vlans over, you'll be looking at QinQ.

I did mention OpenVSwitch, where you'll be able to have those things all together

I've created bond0 for 10G bridge over bond VLAN aware. Everything is working fine when I am creating new virtual machine and under VLAN tag I write VLAN tag and machine is working has access to the internet .... But I am not able to separate, divide by (like in vmware) port groups and have permissions over port group. Is there any way to create something like port groups in vmware and devide the network not to use only one bridge and more than 2000 VLANs over it. I want every VLAN separate. Is that possible?
Click to expand...

Well.. what do you define as "every VLAN separate"? VLANs a such, are separate networks, you just apply the tag to a port, and that VM's port are separate from the other VLANs on that switch? when you have the 802.1q trunk(s) to the switch (That is now on you 10G interfaces) you have still that VLAN separation. A recent enough switch, you could even do QinQ too on those interfaces.

Again, consider OpenVSwitch and understand it, then you'll have the SDN battle mostly won.

Something to remember, is that there is a difference between the switching infrastructure that you use to get the .1q trunking and the QinQ "direct" from the internal OpenVSwitch (vmbr??) than where you are not "able" to use that, like in a routed network setup, and then you'll use GRE/VXLan type connectors between the OpenVSwitch instances to get the same functionality in a distributed fashion, but it'll be slower compared to the direct connected switches doing .1q and QinQ for you
 
new SDN feature from proxmox is indeed the only way to add permissions for specific vlans, and it should match what you can do with vmware portgroup.

it can work with simple vlan (linux bridge or OVS), qinq, vxlan, or even bgp-evpn to have routage vxlan like vmware nsx.

It's currently in beta, a forum thread is opened for bug reporting:

https://forum.proxmox.com/threads/proxmox-6-2-sdn-beta-test.69655/
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back