I have a functioning ProxMox cluster, including:
* Two hosts plus a QDevice
* pfSense routers on each (synced CARP primary and backup/mirror)
* plus some VM's on each
Each box has a dedicated port for the host, using my primary subnet. To date, the hosts know nothing about VLANs.
Each box has an SR-IOV-capable NIC used for pfSense, which to date has been configured as a trunk with multiple VLANs going out to a physical switch that takes care of breaking out the VLANs as needed. I've NOT been using SR-IOV.
Now, I want some of my VM's to use a different VLAN/subnet. I can get SR-IOV running. I do NOT want to break everything (at least not for long
)
Is the following about right? What am I missing or misunderstanding?
From what I've read, I can:
* Create multiple virtual interfaces using SR-IOV
* (Not sure if I have to claw back the primary interface assigned to the pfSense VM, and give it a virtual one instead?)
* pfSense can continue as-is
* Create a VLAN-aware bridge using another virtual interface
* Assign that to a VM (and potentially limit which VLANs are visible through manual configuration)
Now it gets fuzzy...
* What do multiple trunked virtual NICs look like to the (smart) switch at the other end of the trunk?
* What will pfSense see? Does it see the other VM "directly" or as a device on the ethernet?
* Am I able to create multiple virtual IP's, one for each VLAN, on the new VM?
* Is there a tutorial or documentation for such things?
THANKS for any hints!
Pete
* Two hosts plus a QDevice
* pfSense routers on each (synced CARP primary and backup/mirror)
* plus some VM's on each
Each box has a dedicated port for the host, using my primary subnet. To date, the hosts know nothing about VLANs.
Each box has an SR-IOV-capable NIC used for pfSense, which to date has been configured as a trunk with multiple VLANs going out to a physical switch that takes care of breaking out the VLANs as needed. I've NOT been using SR-IOV.
Now, I want some of my VM's to use a different VLAN/subnet. I can get SR-IOV running. I do NOT want to break everything (at least not for long
)Is the following about right? What am I missing or misunderstanding?
From what I've read, I can:
* Create multiple virtual interfaces using SR-IOV
* (Not sure if I have to claw back the primary interface assigned to the pfSense VM, and give it a virtual one instead?)
* pfSense can continue as-is
* Create a VLAN-aware bridge using another virtual interface
* Assign that to a VM (and potentially limit which VLANs are visible through manual configuration)
Now it gets fuzzy...
* What do multiple trunked virtual NICs look like to the (smart) switch at the other end of the trunk?
* What will pfSense see? Does it see the other VM "directly" or as a device on the ethernet?
* Am I able to create multiple virtual IP's, one for each VLAN, on the new VM?
* Is there a tutorial or documentation for such things?
THANKS for any hints!
Pete