VLAN-aware, transparent bridges vs traditional bridges with one NIC on Hetzner using vSwitches

J

jsabater

Member
Oct 25, 2021
126
12
23
49
Palma, Mallorca, Spain
Hello everyone!

I have finished setting up two dedicated servers with Proxmox 7 (Debian Bullseye 11) on Hetzner. Both hosts, once in a cluster, are expected to have two type of VMs:

1. Those with a private IP address and an additional public IP address (e.g. web server).
2. Those with just a private IP address (e.g. database servers).

I have already created three vSwitches, VLAN ids 4001, 4002 and 4003:

1. 4001 for the public IP addresses of the guests (subnet already assigned) .
2. 4002 for the private IP addresses of the guests (internal communication of the business application spread across several VMs using 192.168.0.0 /24).
3. 4003 for the private IP addresses of the hosts (internal communication of the cluster nodes using 192.168.1.0 /24).

So this is the /etc/network/interfaces of the first host, using VLAN-aware, transparent bridges:

Code: 
auto lo
iface lo inet loopback

iface eno1 inet manual

auto vmbr0
iface vmbr0 inet static
        hwaddress aa:bb:cc:dd:ee:ff
        address x.y.z.t/24
        gateway x.y.z.u
        pointtopoint x.y.z.u
        bridge-ports eno1
        bridge-stp off
        bridge-fd 0
        bridge-disable-mac-learning 1
        bridge-vlan-aware yes
        bridge-vids 4001 4002 4003
# Proxmox host

auto vmbr0.4003
iface vmbr0.4003 inet static
        address 192.168.1.11/24
        mtu 1400
# Proxmox hosts private network

Does this configuration seem okay to you?
 
Last edited:
An alternate configuration would be to use traditional Linux bridges:

Code: 
auto lo
iface lo inet loopback

iface eno1 inet manual

auto vmbr0
iface vmbr0 inet static
        address x.y.z.t/24
        gateway x.y.z.u
        bridge-ports eno1
        bridge-stp off
        bridge-fd 0
        hwaddress aa:bb:cc:dd:ee:ff
        pointtopoint x.y.z.u
        bridge-disable-mac-learning 1
# Proxmox host

auto vmbr4001
iface vmbr4001 inet manual
        bridge-ports eno1.4001
        bridge-stp off
        bridge-fd 0
        mtu 1400
# Proxmox guests public network

auto vmbr4002
iface vmbr4002 inet static
        bridge-ports eno1.4002
        bridge-stp off
        bridge-fd 0
        mtu 1400
# Proxmox guests private network 192.168.0.0/24

auto vmbr4003
iface vmbr4003 inet static
        address 192.168.1.11/24
        bridge-ports eno1.4003
        bridge-stp off
        bridge-fd 0
        mtu 1400
# Proxmox hosts private network 192.168.1.0/24

Questions:

1. What would be the advantages of this VLAN-aware, transparent bridging mode vs a traditional model?
2. What would be the difference when configuring the guests?
3. Why is the pointtopoint option used, as seen in Hetzner's tutorials? I cannot seem to find the reason why.

Thanks in advance.
 
You must log in or register to reply here.
Top Bottom