Hey,
I'm setting up Proxmox for the first time, after being a long-time ESXi user, and am somewhat confused on how to best configure networking.
I've decided to go with open vSwitch, and what I think I want to do is this (certainly up for debate if there's better ideas):
eno1/vmbr1 - Management net, connected to (untagged) VLAN 255
* mgmt1 - OVS_IntPort with proxmox management IP
* Any VMs which expose management interfaces will have a vNIC here
eno2/vmbr2 - WAN net, connected to (untagged) VLAN 1000
* VMs which expose directly to WAN. Initially will only be pfsense, but there are plans that could include others.
eno3/vmbr3 - "Internal" net, connected to trunked VLAN port for client lan, etc
* Most VMs
eno4/vmbr4 - Storage?
* If/when there are multiple nodes this will be used for storage
I'm hitting a road block pretty much right away when setting up pfsense, initially passing it NICs on the WAN and management bridges. Setting an IP on the management interface, I'm unable to reach it from other machines. The PVE host can reach it, though.
So, two questions:
1. Am I doing it wrong? Basically, this is translated as best as I could from how I'd do an ESXi setup, and it might not make sense here.
2. If not conceptually wrong, why can't I reach my VM? I tried enabling ip forwarding/routing on the PVE host, which didn't help (although I would expect this not to be needed, OVS should handle that, right?
I'm setting up Proxmox for the first time, after being a long-time ESXi user, and am somewhat confused on how to best configure networking.
I've decided to go with open vSwitch, and what I think I want to do is this (certainly up for debate if there's better ideas):
eno1/vmbr1 - Management net, connected to (untagged) VLAN 255
* mgmt1 - OVS_IntPort with proxmox management IP
* Any VMs which expose management interfaces will have a vNIC here
eno2/vmbr2 - WAN net, connected to (untagged) VLAN 1000
* VMs which expose directly to WAN. Initially will only be pfsense, but there are plans that could include others.
eno3/vmbr3 - "Internal" net, connected to trunked VLAN port for client lan, etc
* Most VMs
eno4/vmbr4 - Storage?
* If/when there are multiple nodes this will be used for storage
I'm hitting a road block pretty much right away when setting up pfsense, initially passing it NICs on the WAN and management bridges. Setting an IP on the management interface, I'm unable to reach it from other machines. The PVE host can reach it, though.
So, two questions:
1. Am I doing it wrong? Basically, this is translated as best as I could from how I'd do an ESXi setup, and it might not make sense here.
2. If not conceptually wrong, why can't I reach my VM? I tried enabling ip forwarding/routing on the PVE host, which didn't help (although I would expect this not to be needed, OVS should handle that, right?