Auto-update blog content from Obsidian: 2025-09-12 08:59:00
All checks were successful
Blog Deployment / Check-Rebuild (push) Successful in 5s
Blog Deployment / Build (push) Has been skipped
Blog Deployment / Deploy-Staging (push) Successful in 10s
Blog Deployment / Test-Staging (push) Successful in 2s
Blog Deployment / Merge (push) Successful in 6s
Blog Deployment / Deploy-Production (push) Successful in 9s
Blog Deployment / Test-Production (push) Successful in 2s
Blog Deployment / Clean (push) Has been skipped
Blog Deployment / Notify (push) Successful in 3s
All checks were successful
Blog Deployment / Check-Rebuild (push) Successful in 5s
Blog Deployment / Build (push) Has been skipped
Blog Deployment / Deploy-Staging (push) Successful in 10s
Blog Deployment / Test-Staging (push) Successful in 2s
Blog Deployment / Merge (push) Successful in 6s
Blog Deployment / Deploy-Production (push) Successful in 9s
Blog Deployment / Test-Production (push) Successful in 2s
Blog Deployment / Clean (push) Has been skipped
Blog Deployment / Notify (push) Successful in 3s
This commit is contained in:
Gitea Actions
@@ -12,19 +12,22 @@ categories:
|
||||
|
||||
## Intro
|
||||
|
||||
When I created my **Proxmox VE 8** cluster, I didn't really pay attention to the cluster networking, I wanted to quickly deploy a VM to replace the physical server I was using. I only configured each of my 3 nodes with the same config, created the cluster and that's it:
|
||||
When I first built my **Proxmox VE 8** cluster, networking wasn’t my main concern. I just wanted to replace an old physical server quickly, so I gave each of my three nodes the same basic config, created the cluster, and started running VMs:
|
||||
|
||||
|
||||
As I want to use my cluster to host my router, I need to have proper network configured. To achieve that, I will use the Proxmox SDN functionality.
|
||||
That worked fine for a while. But as I plan to virtualize my **OPNsense** router, I need something more structured and consistent. This is where Proxmox **S**oftware-**D**efined **N**etworking (SDN) feature comes in.
|
||||
|
||||
---
|
||||
## My Homelab Network
|
||||
|
||||
By default, each node has its own zone, called `localnetwork`, with the Linux bridge `vmbr0` as VNet inside:
|
||||
|
||||
By default, every Proxmox node comes with its own local zone, called `localnetwork`, which contains the default Linux bridge (`vmbr0`) as a VNet:
|
||||
|
||||
|
||||
But at the cluster level, nothing is defined. I don't need something fancy, only to declare the VLANs in use in my network, to make it easier to connect VM onto them. here the list of the VLANs declared on my network:
|
||||
That’s fine for isolated setups, but at the cluster level nothing is coordinated.
|
||||
|
||||
What I want is simple: declare the VLANs I already use in my network, so I can attach VMs to them easily from any node.
|
||||
|
||||
Here’s the list of VLANs I use today:
|
||||
|
||||
| Name | ID | Purpose |
|
||||
| --------- | ---- | ---------------------------- |
|
||||
@@ -37,43 +40,42 @@ But at the cluster level, nothing is defined. I don't need something fancy, only
|
||||
| Ceph | 99 | Ceph |
|
||||
| VPN | 1337 | Wireguard network |
|
||||
|
||||
## Proxmox networking with SDN
|
||||
## Proxmox SDN Overview
|
||||
|
||||
The **S**oftware-**D**efined **N**etwork (SDN) feature in Proxmox VE enables the creation of virtual zones and networks. This functionality simplifies advanced networking configurations and multitenancy setup.
|
||||
Proxmox Software-Defined Networking makes it possible to define cluster-wide virtual zones and networks. Instead of repeating VLAN configs on every node, SDN gives you a central view and ensures consistency.
|
||||
|
||||
The Proxmox VE Software-Defined Network implementation uses standard Linux networking as much as possible. The reason for this is that modern Linux networking provides almost all needs for a feature full SDN implementation and avoids adding external dependencies and reduces the overall amount of components that can break.
|
||||
Under the hood, Proxmox mostly uses standard Linux networking, avoiding extra dependencies and keeping things stable.
|
||||
|
||||
The Proxmox VE SDN configurations are located in `/etc/pve/sdn`, which is shared with all other cluster nodes.
|
||||
SDN configurations are stored in `/etc/pve/sdn`, which is replicated across the cluster. Changes are applied atomically (you prepare them, then hit `Apply` once), making rollouts safer.
|
||||
|
||||
New changes are not immediately applied but recorded as pending first. You can then apply a set of different changes all at once in the main SDN overview panel on the web interface. This system allows to roll-out various changes as single atomic one.
|
||||
### Zones
|
||||
|
||||
The SDN tracks the rolled-out state through the _.running-config_ and _.version_ files located in `/etc/pve/sdn`.
|
||||
A **Zone** defines a separate networking domain. Zones can span specific nodes and contain **VNets**.
|
||||
|
||||
### Zone
|
||||
|
||||
A zone defines a virtually separated network. Zones are restricted to specific nodes and assigned permissions, in order to restrict users to a certain zone and its contained VNets.
|
||||
|
||||
Different zone types can be used for separation:
|
||||
Proxmox supports several zone types:
|
||||
- **Simple**: Isolated Bridge. A simple layer 3 routing bridge (NAT)
|
||||
- **VLAN**: Virtual LANs are the classic method of subdividing a LAN
|
||||
- **QinQ**: Stacked VLAN (IEEE 802.1ad)
|
||||
- **VXLAN**: Layer 2 VXLAN network via a UDP tunnel
|
||||
- **EVPN**: VXLAN with BGP to establish Layer 3 routing
|
||||
|
||||
My home network uses VLAN, naturally I create a VLAN zone which I name `homelan`, `vmbr0` for the bridge and I don't specify any node to select them all:
|
||||
Since my home network already relies on VLANs, I created a **VLAN Zone** named `homelan`, using `vmbr0` as the bridge and applying it cluster-wide:
|
||||
|
||||
|
||||
### VNet
|
||||
### VNets
|
||||
|
||||
VNet are virtual networks which are part of a zone, for a VLAN zone, this is corresponding to a VLAN ID, I create a first VNet `vlan55` in my new zone for my DMZ VLAN with the tag 55:
|
||||
|
||||
A **VNet** is a virtual network inside a zone. In a VLAN zone, each VNet corresponds to a specific VLAN ID.
|
||||
|
||||
I create as VNets all the VLAN which would need to be attached to a VM. My plans are to create an OPNsense in a VM, that's why I add them almost them all:
|
||||
I started by creating `vlan55` in the `homelan` zone for my DMZ network:
|
||||
|
||||
|
||||
Then I added VNets for most of my VLANs, since I plan to attach them to an OPNsense VM:
|
||||
|
||||
|
||||
Once everything is ready, I can apply the SDN configuration. In `Datacenter` > `SDN`, I click on the `Apply` button, after a few seconds, the new zones appear:
|
||||
Finally, I applied the configuration in **Datacenter → SDN**:
|
||||
|
||||
|
||||
---
|
||||
## Test the Network Configuration
|
||||
|
||||
In a old VM which I don't use anymore, I replace the current `vmbr0` with VLAN tag 66 to my new VNet `vlan66`:
|
||||
@@ -124,4 +126,11 @@ vm_ip = "192.168.66.181"
|
||||
```
|
||||
|
||||
The VM is deploying without any issue, everything is OK:
|
||||
|
||||
|
||||
|
||||
---
|
||||
## Conclusion
|
||||
|
||||
The implementation of the Proxmox SDN for a VLAN zone is pretty straightforward. I'd like to experiment the other types of zone to see what we can do with them.
|
||||
|
||||
Now my Proxmox VE cluster is ready to host my OPNsense router, see you next time!
|
||||
|
||||
Reference in New Issue
Block a user