Virtual NICs with different CIDR ranges

[brbaker]

Hi,
I am trying to set up a second subnet in my environment and having trouble working out the virtual NIC configuration. I can get virtual NICs working if the IP addresses are a subset of the CIDR of the bridge associated with the physical NIC, but I cannot get it to work if the CIDR is outside that range.
I.e. The physical NIC has a bridge with CIDR 10.0.0.0/16. I want to create VMs in an entirely different subnet of 192.168.0.0/16. But I can only get virtual NICs working as a subset of 10.0.0.0/16. E.g. 10.0.10.0/24
Here is my /etc/network/interfaces. I am not sure how to create the bridges

auto lo
iface lo inet loopback

iface enp2s0 inet manual
#LAN

# Virtual NIC1 for LAN VMs
iface enp2s0:1 inet manual
#LAN

# Virtual NIC2 for LAN VMs
iface enp2s0:2 inet manual
#LAN

auto vmbr0
iface vmbr0 inet static
        address  10.0.0.50
        netmask  16
        gateway  10.0.0.254
        bridge-ports enp2s0
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 2-4094
#LAN

Thanks in advance.

 

[kappclark]

Want to follow this thread - I am having similar plm ... host has 1 NIC, and all vms currently on same subnet (10.209.162.0/24). Would like to have 2nd subnet (192.168.2.0/24) for new set of vms on same host. Do I need a second nic on host ?

 

[spirit]

Want to follow this thread - I am having similar plm ... host has 1 NIC, and all vms currently on same subnet (10.209.162.0/24). Would like to have 2nd subnet (192.168.2.0/24) for new set of vms on same host. Do I need a second nic on host ?

Well you can run multiple subnet on same bridge/nic, it's not a problem. (a bridge is like a switch, layer2 only, don't care about ipv4/ipv6).

Now, if you want to have true layer2 isolation (for security), you can use multiple bridge with mutliple nic, or 1 nic/1bridge with multiple vlans, ...




@brbaker

you don't need thses enp2s0:1 , enp2s0:2 interfaces.

you can run differents subnets on same bridge, the bridge don't known nothing about ip address. (The ip address on the bridge, is only for the proxmox host management, it's nothing related to the subnets of your vms)

. The physical NIC has a bridge with CIDR 10.0.0.0/16. I want to create VMs in an entirely different subnet of 192.168.0.0/16.

Do you need to reach 10.0.0.0/16 from 192.168.0.0/16 ? if yes, you need a router somewhere in your network. (gateway of both networks).

 

[kappclark]

THX - I am beginning to understand --
I have pfsense router - lan nw and wireless nw on different subnets on dedicated ethernet ports on router..pfsense runs dhcp on both interfaces

(LAN = 10.209.162.0/24 wireless = 192.168.2.0 ..both get to Internet, of course ...currently have wired nw blocked from wireless access (Alexa, firestick etc)

... would like to add VM in proxmox for the 192 network as a simple samba or nfs file server for the wireless devices (firestick etc) to access media ...

I hope this explains a bit ...

 

[spirit]

is a a physical pfsense router ? as you have 2 physicals interfaces on your pfsense, you'll need 2 interfaces too in your proxmox host. (or maybe if you use vlans, you could use 1 interface on your proxmox with a vlan for lan and a vlan for wan).

something like

without vlans:

auto vmbr0
iface vmbr0 inet static
        address  10.0.0.50/16
        gateway  10.0.0.254
        bridge-ports enp2s0
        bridge-stp off
        bridge-fd 0

#LAN
auto vmbr1
iface vmbr1 inet manual
        bridge-ports enp2s1
        bridge-stp off
        bridge-fd 0

or with vlans

auto vmbr0
iface vmbr0 inet manual
        bridge-ports enp2s0
        bridge-stp off
        bridge-fd 0

auto vmbr0.X   #your admin vlan
iface vmbr0.X inet static
        address  10.0.0.50/16
        gateway  10.0.0.254

(Note that your configuration for vmbr0 is correct too, if you use default vlan=1 for the management ip)
then choose correct vlan tag for each vm