Comment on Planning on setting up Proxmox and moving most services there. Some questions
Edgarallenpwn@midwest.social 10 months agoSo dual NIC on each device and set up another lan on my router? Sorry it seems like a dumb question but just want to make sure.
fuckwit_mcbumcrumble@lemmy.world 10 months ago
Why would you need two nics unless you’re planning on having a proxmox Vm being your router?
atzanteol@sh.itjust.works 10 months ago
I haven’t done it - but I believe Proxmox allows for creating a “backplane” network which the servers can use to talk directly to each other. This would be used for ceph and server migrations so that the large amount of network traffic doesn’t interfere with other traffic being used by the VMs and the rest of your network.
You’d just need a second NIC and a switch to create the second network, then staticly assign IPs. This network wouldn’t route anywhere else.
fuckwit_mcbumcrumble@lemmy.world 10 months ago
In proxmox there’s no need to assign it to a physical NIC. If you want a virtual network that goes as frast as possible you’d create a bridge or whatever and assign it to nothing. If you assign it to a NIC then since it wants to use SR-IOV it would only go as fast as the NIC can go.
stown@sedd.it 10 months ago
Security. Keeping publicly accessible and locally accessible on different networks.
DeltaTangoLima@reddrefuge.com 10 months ago
Hmmm - not really any more. I have everything on the same VLAN, with publiclya ccessible services sitting behind nginx reverse proxy (using Authelia and 2FA).
The real separation I have is the separate physical interface I use for WAN connectivity to my virtualised firewall/router - OPNsense. But I could also easily achieve that with VLANs on my switch, if I only had a single interface.
The days of physical DMZs are almost gone - virtualisation has mostly superseded them. Not saying they’re not still a good idea, just less of an explicit requirement nowadays.
FiduciaryOne@lemmy.world 10 months ago
I think two NICs is required to do VLANing properly? Not 100% sure.
DeltaTangoLima@reddrefuge.com 10 months ago
Nope - Proxmox lets you create VLAN trunks, just like a physical switch.
monkinto@lemmy.world 10 months ago
Is there a reason to do this over just giving the nic for the vm/container a vlan tag?
FiduciaryOne@lemmy.world 10 months ago
Huh, cool, thank you! I’m going to have to look into that. I’d love for some of my containers and VMs to be on a different VLAN from others. I appreciate the correction. 😊
Live2day@lemmy.sdf.org 10 months ago
No, you can do more than 1 VLAN per port. It’s called a trunk
PlasterAnalyst@kbin.social 10 months ago
You want to have at least 3 if you're going to do that. I usually use the one on the mobo for all the other services and management. Then a dedicated port for lan and wan on a separate nic.
DeltaTangoLima@reddrefuge.com 10 months ago
This is exactly my setup on one of my Proxmox servers - a second NIC connected as my WAN adapter to my fibre internet. OPNsense firewall/router uses it.