[SOLVED] why does vmbr0 has an IP?

O

oah433

Member
Apr 8, 2021
31
1
8
40
Hi
According to the documentation, Proxmox uses tap devices (layer-2 devices which accept Ethernet frames) along the virtual switch (Vmbr0). I am not understanding why vmbr0 has an IP address, what is it needed for? and what is it used for?
The code below is taken from the documentation for the default mode:

Code: 
auto lo
iface lo inet loopback

iface eno1 inet manual

auto vmbr0
iface vmbr0 inet static
        address 192.168.10.2/24
        gateway 192.168.10.1
        bridge-ports eno1
        bridge-stp off
        bridge-fd 0

So is the 192.168.10.2 address above is assigned to the first-tap device on the switch if not to what entity it is being assigned?


Assume I have two NICs en0 and en1 with
en0 having the 192.168.10.0 network
en1 having the 193.168.10.0 network
How will the config above changes?

Assume I want to add a 2nd tap-device to the first configuration, Do i need to add an IP address to it? how will the configuration look?
Having the tap device (layer-2 device) with the IP address is throwing me off track, so any feedback is much appreciated.

Thx.
 
Last edited:
The IP is assigned to the host on which the vmbr0 was created. You can also just opt to not configure an IP, you don't have to do it. If you pass this bridge to a guest, then you will have to configure the IP for this device on the guest itself, not in the network configuration of the host.
 
  • Like
Reactions: oah433
oah433 said:
I am not understanding why vmbr0 has an IP address, what is it needed for? and what is it used for?
Click to expand...
Without an IP on the bridge you won't be able to access the webUI/API/SSH from devices connected to that bridge. And a single gateway is needed so PVE got a internet connection for updates.
 
  • Like
Reactions: oah433
shanreich said:
The IP is assigned to the host on which the vmbr0 was created. You can also just opt to not configure an IP, you don't have to do it. If you pass this bridge to a guest, then you will have to configure the IP for this device on the guest itself, not in the network configuration of the host.
Click to expand...
first of all, thank you for your clarification. Let me see if I got it right, The IP is needed if I want to access the bridge it self via the IP?
 
Dunuin said:
Without an IP on the bridge you won't be able to access the webUI/API/SSH from devices connected to that bridge. And a single gateway is needed so PVE got a internet connection for updates.
Click to expand...
Just to clarify, you mean that the IP is needed for me to communicate directly with the bridge?
 
For both of @Dunuin and @shanreich answers I am getting the same idea that the IP is needed to access the bridge, but the IP is assigned to an interface so it is assigned to tap0? (the first tap-device? but the tap device takes only MAC value), I mean the IP should be written into some interface or in this case the bridge itself (the whole device) functions as L3 interface so it is assigned the IP?
 
oah433 said:
For both of @Dunuin and @shanreich answers I am getting the same idea that the IP is needed to access the bridge, but the IP is assigned to an interface so it is assigned to tap0? (the first tap-device? but the tap device takes only MAC value), I mean the IP should be written into some interface or in this case the bridge itself (the whole device) functions as L3 interface so it is assigned the IP?
Click to expand...
As @Dunuin pointed out, it is needed so you can reach the Host system on that bridge.

Let's say you are creating a bridge on the Proxmox host then pass it to a VM. Then, if you wanted to reach the host from inside the VM, the host would need to have an IP on the bridge. In order to do that you have to configure an IP for the host on that bridge.

It is not assigned to any tap interface, it is assigned to the host on where you create the vmbr0.
 
Last edited:
  • Like
Reactions: oah433
oah433 said:
For both of @Dunuin and @shanreich answers I am getting the same idea that the IP is needed to access the bridge, but the IP is assigned to an interface so it is assigned to tap0? (the first tap-device? but the tap device takes only MAC value), I mean the IP should be written into some interface or in this case the bridge itself (the whole device) functions as L3 interface so it is assigned the IP?
Click to expand...
You need a way to connect to your Proxmox Host (for instance, accessing the GUI). Thus your Proxmox itself needs an IP address somewhere. And this IP is usually accessed in the same way as your VMs.

You could do that via a virtual NIC owned by the Proxmox host connected to the Bridge. In Proxmox, however, these two things are combined, so vmbr0 is both the Bridge ("virtual switch") and the network card through which all the Proxmox management stuff goes.
 
  • Like
Reactions: oah433
B.Otto said:
You need a way to connect to your Proxmox Host (for instance, accessing the GUI). Thus your Proxmox itself needs an IP address somewhere. And this IP is usually accessed in the same way as your VMs.

You could do that via a virtual NIC owned by the Proxmox host connected to the Bridge. In Proxmox, however, these two things are combined, so vmbr0 is both the Bridge ("virtual switch") and the network card through which all the Proxmox management stuff goes.
Click to expand...
Thank you, now it is all clear "You could do that via a virtual NIC owned by the Proxmox host connected to the Bridge. In Proxmox, however, these two things are combined, so vmbr0 is both the Bridge ("virtual switch") and the network card through which all the Proxmox management stuff goes."

This part made it clear for me. So vmbr0 is a NIC and a switch. Now i am all good and we can mark the question as "FANTASTICALLY SOLVED".
Thank you guys for all the help.
 
Last edited:
shanreich said:
As @Dunuin pointed out, it is needed so you can reach the Host system on that bridge.

Let's say you are creating a bridge on the Proxmox host then pass it to a VM. Then, if you wanted to reach the host from inside the VM, the host would need to have an IP on the bridge. In order to do that you have to configure an IP for the host on that bridge.

It is not assigned to any tap interface, it is assigned to the host on where you create the vmbr0.
Click to expand...
Thx a ton. that is very clear.
 
I have a question... what if I put the IP in the network device and remove it from vmbr0?

I ask it here because I don't dare to do it in proxmox in case I left without access to GUI :)
 
If you put it onto the nic that is assigned to vmbr?
- I think that only the communication between host<->vm will not work.
- But the host should be still reachable from anything else, and VM's should have no issues either.
- Example:
Code: 
auto eno1
iface eno1 inet static
        address 192.168.10.2/24
        gateway 192.168.10.1

auto vmbr0
iface vmbr0 inet static
        bridge-ports eno1
        bridge-stp off
        bridge-fd 0

If you put it onto a separate nic, like a dedicated mgmt interface?
- Everything should work, every communication.
- But the communication between host<->VMs: The Packets will leave the host from nic1 and the switch will forward the packets to the other Interface (nic2) of the host.

An IP on the vmbr itself: The Packets won't even leave the Host, the Communication between VMs<->Host will be all internal.
Except if you use vlans and need to route those outside of the Host. You can for example install an opnsense-vm, then even the routing Packets wont leave the host.

I think every usecase has it's own benefits, there are surely people that don't want for example a communication between Host<->VM's etc...
 
Last edited:
  • Like
Reactions: Carlos34
Ramalama said:
If you put it onto the nic that is assigned to vmbr?
- I think that only the communication between host<->vm will not work.
- But the host should be still reachable from anything else, and VM's should have no issues either.
- Example:
Code: 
auto eno1
iface eno1 inet static
        address 192.168.10.2/24
        gateway 192.168.10.1

auto vmbr0
iface vmbr0 inet static
        bridge-ports eno1
        bridge-stp off
        bridge-fd 0

If you put it onto a separate nic, like a dedicated mgmt interface?
- Everything should work, every communication.
- But the communication between host<->VMs: The Packets will leave the host from nic1 and the switch will forward the packets to the other Interface (nic2) of the host.

An IP on the vmbr itself: The Packets won't even leave the Host, the Communication between VMs<->Host will be all internal.
Except if you use vlans and need to route those outside of the Host. You can for example install an opnsense-vm, then even the routing Packets wont leave the host.

I think every usecase has it's own benefits, there are surely people that don't want for example a communication between Host<->VM's etc...
Click to expand...

Thanks!

I've being investigating about this and I appreciate your help.

Regards,
Carlos.
 
  • Like
Reactions: Ramalama
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back