VLAN-aware, transparent bridges vs traditional bridges with one NIC on Hetzner using vSwitches

jsabater

Member
Oct 25, 2021
49
2
8
46
Palma, Mallorca, Spain
Hello everyone!

I have finished setting up two dedicated servers with Proxmox 7 (Debian Bullseye 11) on Hetzner. Both hosts, once in a cluster, are expected to have two type of VMs:

1. Those with a private IP address and an additional public IP address (e.g. web server).
2. Those with just a private IP address (e.g. database servers).

I have already created three vSwitches, VLAN ids 4001, 4002 and 4003:

1. 4001 for the public IP addresses of the guests (subnet already assigned) .
2. 4002 for the private IP addresses of the guests (internal communication of the business application spread across several VMs using 192.168.0.0 /24).
3. 4003 for the private IP addresses of the hosts (internal communication of the cluster nodes using 192.168.1.0 /24).

So this is the /etc/network/interfaces of the first host, using VLAN-aware, transparent bridges:

Code: 
auto lo
iface lo inet loopback

iface eno1 inet manual

auto vmbr0
iface vmbr0 inet static
        hwaddress aa:bb:cc:dd:ee:ff
        address x.y.z.t/24
        gateway x.y.z.u
        pointtopoint x.y.z.u
        bridge-ports eno1
        bridge-stp off
        bridge-fd 0
        bridge-disable-mac-learning 1
        bridge-vlan-aware yes
        bridge-vids 4001 4002 4003
# Proxmox host

auto vmbr0.4003
iface vmbr0.4003 inet static
        address 192.168.1.11/24
        mtu 1400
# Proxmox hosts private network

Does this configuration seem okay to you?
 
Last edited:

jsabater

Member
Oct 25, 2021
49
2
8
46
Palma, Mallorca, Spain
An alternate configuration would be to use traditional Linux bridges:

Code: 
auto lo
iface lo inet loopback

iface eno1 inet manual

auto vmbr0
iface vmbr0 inet static
        address x.y.z.t/24
        gateway x.y.z.u
        bridge-ports eno1
        bridge-stp off
        bridge-fd 0
        hwaddress aa:bb:cc:dd:ee:ff
        pointtopoint x.y.z.u
        bridge-disable-mac-learning 1
# Proxmox host

auto vmbr4001
iface vmbr4001 inet manual
        bridge-ports eno1.4001
        bridge-stp off
        bridge-fd 0
        mtu 1400
# Proxmox guests public network

auto vmbr4002
iface vmbr4002 inet static
        bridge-ports eno1.4002
        bridge-stp off
        bridge-fd 0
        mtu 1400
# Proxmox guests private network 192.168.0.0/24

auto vmbr4003
iface vmbr4003 inet static
        address 192.168.1.11/24
        bridge-ports eno1.4003
        bridge-stp off
        bridge-fd 0
        mtu 1400
# Proxmox hosts private network 192.168.1.0/24

Questions:

1. What would be the advantages of this VLAN-aware, transparent bridging mode vs a traditional model?
2. What would be the difference when configuring the guests?
3. Why is the pointtopoint option used, as seen in Hetzner's tutorials? I cannot seem to find the reason why.

Thanks in advance.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!
Community platform by XenForo® © 2010-2022 XenForo Ltd.
Top Bottom