Comment on Planning on setting up Proxmox and moving most services there. Some questions
Edgarallenpwn@midwest.social 1 year agoSo dual NIC on each device and set up another lan on my router? Sorry it seems like a dumb question but just want to make sure.
fuckwit_mcbumcrumble@lemmy.world 1 year ago
Why would you need two nics unless you’re planning on having a proxmox Vm being your router?
atzanteol@sh.itjust.works 1 year ago
I haven’t done it - but I believe Proxmox allows for creating a “backplane” network which the servers can use to talk directly to each other. This would be used for ceph and server migrations so that the large amount of network traffic doesn’t interfere with other traffic being used by the VMs and the rest of your network.
You’d just need a second NIC and a switch to create the second network, then staticly assign IPs. This network wouldn’t route anywhere else.
fuckwit_mcbumcrumble@lemmy.world 1 year ago
In proxmox there’s no need to assign it to a physical NIC. If you want a virtual network that goes as frast as possible you’d create a bridge or whatever and assign it to nothing. If you assign it to a NIC then since it wants to use SR-IOV it would only go as fast as the NIC can go.
stown@sedd.it 1 year ago
Security. Keeping publicly accessible and locally accessible on different networks.
DeltaTangoLima@reddrefuge.com 1 year ago
Hmmm - not really any more. I have everything on the same VLAN, with publiclya ccessible services sitting behind nginx reverse proxy (using Authelia and 2FA).
The real separation I have is the separate physical interface I use for WAN connectivity to my virtualised firewall/router - OPNsense. But I could also easily achieve that with VLANs on my switch, if I only had a single interface.
The days of physical DMZs are almost gone - virtualisation has mostly superseded them. Not saying they’re not still a good idea, just less of an explicit requirement nowadays.
FiduciaryOne@lemmy.world 1 year ago
I think two NICs is required to do VLANing properly? Not 100% sure.
DeltaTangoLima@reddrefuge.com 1 year ago
Nope - Proxmox lets you create VLAN trunks, just like a physical switch.
monkinto@lemmy.world 1 year ago
Is there a reason to do this over just giving the nic for the vm/container a vlan tag?
FiduciaryOne@lemmy.world 1 year ago
Huh, cool, thank you! I’m going to have to look into that. I’d love for some of my containers and VMs to be on a different VLAN from others. I appreciate the correction. 😊
Live2day@lemmy.sdf.org 1 year ago
No, you can do more than 1 VLAN per port. It’s called a trunk
PlasterAnalyst@kbin.social 1 year ago
You want to have at least 3 if you're going to do that. I usually use the one on the mobo for all the other services and management. Then a dedicated port for lan and wan on a separate nic.
DeltaTangoLima@reddrefuge.com 1 year ago
This is exactly my setup on one of my Proxmox servers - a second NIC connected as my WAN adapter to my fibre internet. OPNsense firewall/router uses it.