Why the MTU change?
Comment on choosing a NIC for OPNsense
lightnegative@lemmy.world 4 days ago
I just attached the host NIC to OPNSense and then have a vxlan in proxmox to make the VM network separate from the rest of my home network.
The OPNsense VM acts as a router between the two networks. I host all my shit on the VM network under *.internal.legit.tld and use LetsEncrypt + Traefik to issue SSL certs which work without having to load a CA cert everywhere because I own legit.tld
Cyber@feddit.uk 4 days ago
lightnegative@lemmy.world 4 days ago
Proxmox requires subtracting 50 from the MTU so it can store it’s vxlan information in the packet.
From the docs:
Because VXLAN encapsulation uses 50 bytes, the MTU needs to be 50 bytes lower than the outgoing physical interface.
It’s super annoying but I couldn’t see another way of having vms be able to talk to each other transparently regardless of which node they are on
Cyber@feddit.uk 3 days ago
Ah, ok, good to know, thanks
possiblylinux127@lemmy.zip 3 days ago
Why did you choose Vxlan over regular vlans?
lightnegative@lemmy.world 2 days ago
My proxmox “cluster” is a bunch of old laptops with a single consumer grade NIC in each. I wanted to isolate the VM network from my main home network (have it on a different range) while still allowing all the VM’s to transparently talk to each other regardless of which physical host they happen to be on.
Could I have achieved this with normal vlans? I wanted an overlay network on the VM side but they still need to use my main home network to get internet and I only have a single physical interface.
The OPNsense VM routes between the two networks (the virtual vxlan within Proxmox + my physical home network)
possiblylinux127@lemmy.zip 2 days ago
Vxlan is way overkill
It would be way more performant to use 802.1q vlan tags
lightnegative@lemmy.world 2 days ago
Wouldn’t all my consumer grade switches need to support vlan tagging? I’m pretty sure a bunch of them dont