Proxmox networks - Install
Networking is the main thing in homelabbing to get right. The main focus is on VLAN tagging and LAG setup. This is a quick guid on on eway to do it. #VLAN
This is how to install the networks, not why. (Why is described in posts Proxmox networking 1-3). In Proxmox we have physical network cards , a level 2 software switch, VLAN aware bridges, bridges and bonded interfaces.
Out of the box only vmbr0 is configured.
Network Cards
On enterprise servers you have 2 or 4 Ethernet ports as standard and the reserved machine management port. Will need as a minimum
- 1 for management and general vlan use
- one for the cluster network traffic
- Nice if we also have one for NFS/iSCSI traffic - 10G
- install and use the ethtool if needed to adjust the NIC
- For HA add a second NIC and configure the pairs
- Cluster management do not need speed but needs low latency
Plan your VLAN's
Special VLANS are 1 and 4093, 4094. Sometimes you can only use 1024 VLAN's. To block all unwanted traffic on empty rj-45 jacks assign them to a special port and block them in the /etc/network/interfaces
file. We prefer to use tagged Ethernet frames as the IEEE 802.1Q header, or the VLAN tag.
Level 3 switches are fast in routing but routers can do much more. Meaning a Level 3 switch is good to have in larger and more complex labs, they usually also do Link Aggregation Control Protocol (LACP) for Ethernet, defined in IEEE 802.1AX or the previous IEEE 802.3ad .
A single VLAN can contain multiple IP subnets. IEEE 802.1ad extends the number of VLANs supported by adding support for multiple, nested VLAN tags. IEEE 802.1aq (Shortest Path Bridging) expands the VLAN limit to 16 million.
For High Availability you need to have LAG groups assigned to eliminate the 3 single place of failure presented by a LAN Cable.
VLAN | CIDR | Used for | notes |
---|---|---|---|
10 | 10.10.10.0/24 | MGMT interfaces | Proxmox 8006/8007/22 |
20 | 10.10.20.0/24 | Lab servers | Support servers only used for labbing |
30 | 10.10.30.0/24 | K0s nodes | |
40 | 10.10.40.0/24 | NAS Servers | If you have a 10G NIC use it here |
50 | 10.10.50.0/24 | Guest machines | |
60 | 10.10.60.0/24 | IoT devices | |
70 | 10.10.70.0/24 | K3s nodes | |
80 | 10.10.80.0/24 | K8s nodes | |
90 | 192.168.90.0/24 | KVM's iLo/Drac | Keep them on a separet switch |
100 | 192.168.100.0/24 | Cluster Management | |
200 | 192.168.200.0/24 | IoT | Block calling home features and isolate |
Setup
What are all these VLAN's we need. We will consider we have a 4 port NIC:
- Bond 3 ports together and make it VLAN aware vmbr2 (any number that is free) for all VLAN's. The 4th port is for the cluster management.
- VLAN 10 is the management interfaces for all hypervisor servers on the LAN
- VLAN 40 is the shared storage NFS (or iSCSI if you like), make it fast 10-100G
- VLAN 100 Use the 4th as vmbr0 for cluster network on a separate subnet and VLAN 100 172.nnn.nnn.nnn/24. Cluster management is fine with a 100M NIC but it's crucial to have low latency. No other traffic on this interface.
- Use the SDN for labs
- Edit the
/etc/network/interfaces
set your new IP and VLAN - Edit the
/etc/hosts
to reflect your IP settings - Update your DNS
An other way is to make new sub NIC's like enp2s0f0.10
and assign it to a vmbr.
Networking - reload error in Proxmox
You may encounter an error while updating a nodes network settings:
eth0 : error: eth0: cmd ‘/sbin/dhclient -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases eth0’ failed: returned 1
TASK ERROR: command ‘ifreload -a’ failed: exit code 1
To fix it, go to /etc/network/interfaces
, edit the file and correct your mistake.
Firewall
You need to set up all the Firewalls to reflect the network. Proxmox Servers have 3
- Datacenter Firewall (it's off at install to not lock you out, configure and set on)
- Host Firewall
- VM Firewall
References
VLAN [1]