Auto-update blog content from Obsidian: 2025-09-12 08:59:00

content/post/proxmox-cluster-networking-sdn.md

@@ -12,19 +12,22 @@ categories:
 
 ## Intro
 
-When I created my **Proxmox VE 8** cluster, I didn't really pay attention to the cluster networking, I wanted to quickly deploy a VM to replace the physical server I was using. I only configured each of my 3 nodes with the same config, created the cluster and that's it:
+When I first built my **Proxmox VE 8** cluster, networking wasn’t my main concern. I just wanted to replace an old physical server quickly, so I gave each of my three nodes the same basic config, created the cluster, and started running VMs:
 ![Proxmox node network configuration](img/proxmox-node-network-configuration.png)
 
-As I want to use my cluster to host my router, I need to have proper network configured. To achieve that, I will use the Proxmox SDN functionality.
+That worked fine for a while. But as I plan to virtualize my **OPNsense** router, I need something more structured and consistent. This is where Proxmox **S**oftware-**D**efined **N**etworking (SDN) feature comes in.
 
 ---
 ## My Homelab Network
 
-By default, each node has its own zone, called `localnetwork`, with the Linux bridge `vmbr0` as VNet inside:
+By default, every Proxmox node comes with its own local zone, called `localnetwork`, which contains the default Linux bridge (`vmbr0`) as a VNet:
-
 ![Proxmox default localnetwork zones](img/proxmox-default-localnetwork-zone.png)
 
-But at the cluster level, nothing is defined. I don't need something fancy, only to declare the VLANs in use in my network, to make it easier to connect VM onto them. here the list of the VLANs declared on my network:
+That’s fine for isolated setups, but at the cluster level nothing is coordinated.
+
+What I want is simple: declare the VLANs I already use in my network, so I can attach VMs to them easily from any node.
+
+Here’s the list of VLANs I use today:
 
 | Name      | ID   | Purpose                      |
 | --------- | ---- | ---------------------------- |
@@ -37,43 +40,42 @@ But at the cluster level, nothing is defined. I don't need something fancy, only
 | Ceph      | 99   | Ceph                         |
 | VPN       | 1337 | Wireguard network            |
 
-## Proxmox networking with SDN
+## Proxmox SDN Overview
 
-The **S**oftware-**D**efined **N**etwork (SDN) feature in Proxmox VE enables the creation of virtual zones and networks. This functionality simplifies advanced networking configurations and multitenancy setup.
+Proxmox Software-Defined Networking makes it possible to define cluster-wide virtual zones and networks. Instead of repeating VLAN configs on every node, SDN gives you a central view and ensures consistency.
 
-The Proxmox VE Software-Defined Network implementation uses standard Linux networking as much as possible. The reason for this is that modern Linux networking provides almost all needs for a feature full SDN implementation and avoids adding external dependencies and reduces the overall amount of components that can break.
+Under the hood, Proxmox mostly uses standard Linux networking, avoiding extra dependencies and keeping things stable.
 
-The Proxmox VE SDN configurations are located in `/etc/pve/sdn`, which is shared with all other cluster nodes. 
+SDN configurations are stored in `/etc/pve/sdn`, which is replicated across the cluster. Changes are applied atomically (you prepare them, then hit `Apply` once), making rollouts safer.
 
-New changes are not immediately applied but recorded as pending first. You can then apply a set of different changes all at once in the main SDN overview panel on the web interface. This system allows to roll-out various changes as single atomic one.
+### Zones
 
-The SDN tracks the rolled-out state through the _.running-config_ and _.version_ files located in `/etc/pve/sdn`.
+A **Zone** defines a separate networking domain. Zones can span specific nodes and contain **VNets**.
 
-### Zone
+Proxmox supports several zone types:
-
-A zone defines a virtually separated network. Zones are restricted to specific nodes and assigned permissions, in order to restrict users to a certain zone and its contained VNets.
-
-Different zone types can be used for separation:
 - **Simple**: Isolated Bridge. A simple layer 3 routing bridge (NAT)
 - **VLAN**: Virtual LANs are the classic method of subdividing a LAN
 - **QinQ**: Stacked VLAN (IEEE 802.1ad)
 - **VXLAN**: Layer 2 VXLAN network via a UDP tunnel
 - **EVPN**: VXLAN with BGP to establish Layer 3 routing
 
-My home network uses VLAN, naturally I create a VLAN zone which I name `homelan`, `vmbr0` for the bridge and I don't specify any node to select them all:
+Since my home network already relies on VLANs, I created a **VLAN Zone** named `homelan`, using `vmbr0` as the bridge and applying it cluster-wide:
 ![Create a VLAN zone in the Proxmox SDN](img/proxmox-create-vlan-zone-homelan.png)
 
-### VNet
+### VNets
 
-VNet are virtual networks which are part of a zone, for a VLAN zone, this is corresponding to a VLAN ID, I create a first VNet `vlan55` in my new zone for my DMZ VLAN with the tag 55:
+A **VNet** is a virtual network inside a zone. In a VLAN zone, each VNet corresponds to a specific VLAN ID.
-![Create a VNet for the VLAN 55 in the homelan zone](img/proxmox-create-vlan-vnet-homelan.png)
 
-I create as VNets all the VLAN which would need to be attached to a VM. My plans are to create an OPNsense in a VM, that's why I add them almost them all:
+I started by creating `vlan55` in the `homelan` zone for my DMZ network:
+![Create a VNet for VLAN 55 in the homelan zone](img/proxmox-create-vlan-vnet-homelan.png)
+
+Then I added VNets for most of my VLANs, since I plan to attach them to an OPNsense VM:
 ![All my VLANs created in the Proxmox SDN](img/proxmox-sdn-all-vlan-homelan.png)
 
-Once everything is ready, I can apply the SDN configuration. In `Datacenter` > `SDN`, I click on the `Apply` button, after a few seconds, the new zones appear:
+Finally, I applied the configuration in **Datacenter → SDN**:
 ![Apply SDN configuration in Proxmox](img/proxmox-apply-sdn-homelan-configuration.png)
 
+---
 ## Test the Network Configuration
 
 In a old VM which I don't use anymore, I replace the current `vmbr0` with VLAN tag 66 to my new VNet `vlan66`:
@@ -124,4 +126,11 @@ vm_ip = "192.168.66.181"
 ```
 
 The VM is deploying without any issue, everything is OK:
-![proxmox-terraform-test-deploy-vlan66.png](img/proxmox-terraform-test-deploy-vlan66.png)
+![VM hardware in Proxmox deployed by Terraform](img/proxmox-terraform-test-deploy-vlan66.png)
+
+---
+## Conclusion
+
+The implementation of the Proxmox SDN for a VLAN zone is pretty straightforward. I'd like to experiment the other types of zone to see what we can do with them.
+
+Now my Proxmox VE cluster is ready to host my OPNsense router, see you next time!