Blog/hull-au
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
master
hull-au/content/blog/proxmox-networking-for-vspherites.md

6.0 KiB
Raw Permalink Blame History

title date draft
Proxmox Networking for VMware People 2024-01-08T22:13:32.9467494+08:00 false

I've been making the move from VMware vSphere to Proxmox as part of a 2024 New Year resolution, and this has led to a lot of silly questions as Proxmox's networking can best be described as "similar, but different".

This post will cover how to replicate common vSphere networking setups in Proxmox. Please note, I'll only cover Linux networking, not OVS or the newish SDN feature in Proxmox.

Why do I have to "Apply Configuration"?

Proxmox is fundamentally based on Debian Linux whose networking is built upon the ifupdown package. Proxmox builds on this by using ifupdown2, an improved version that makes life easier for developers, but the fundamentals for end users are the same.

When a configuration change is made, you're editing /etc/network/interfaces to include the new configuration. Proxmox won't apply the changes straight away as you may be making multiple changes which are dependant on each other and reloading the configuration does have the potential to briefly disrupt the network.

Creating vSwitches in Proxmox

Proxmox's Linux networking can act like a standard vSwitch within vSphere, but the terminology is a little different. Of the options presented, the one you're interested in is "Linux Bridge".

Screenshot of Proxmox networking options

Once you click this, you'll be presented with this.

Screenshot of Proxmox Linux Bridge wizard

This is one aspect of Proxmox you'll have to get used to: Endless forms with not a lot of hints, though the Help button generally works well.

Here are the options relevant for vSwitches

VLAN Aware

This allows the bridge to pass around dot1q tagged traffic. If you leave this unchecked, it is still possible to use VLANs on a guest's NIC, but Proxmox will create VLAN NICs bridged to your Linux bridge in the background to achieve this.

If you are using VLANs, I strongly recommend you enable VLAN awareness.

Bridge Ports

This is the equivalent of assigned physical adapters in VMware and is essentially what interfaces the bridge is actually connected to. Unlike VMware, this doesn't need to be a real physical adapter. I'll cover bridging to bonded interfaces in the link failover section.

IP Addresses?

One thing that may seem confusing is the form asks for IP networking configuration. This is because Linux bridges combine two separate VMware concepts, that of a VMkernel adapter and its associated network.

Configuring an IP address is optional, guests can still use the bridge without it.

Networking Within the Hypervisor Only

With vSphere, it's possible to create a vSwitch with no physical ports that just passes traffic between connected guests. This is useful if you use a software router such as OPNsense to handle layer 3 routing, NAT, etc. for your guests as you won't want to connect them to an outside network.

This is extremely simple with Proxmox. It's literally as simple as leaving the "Bridge ports" field empty.

Link Failover Configuration

VMware vSphere standard switches have a direct relationship with the physical network adapters they're assigned to (if any). In VMware, active-active, active-passive, etc. link failover is achieved by just setting the interface order for the vSwitch.

Screenshot of the Manage Physical Network Adapters modal in vSphere Client

Proxmox approaches this a little differently, failover is achieved by creating a new interface called a Linux Bond. Below is an example configuration that mimics the active-passive configuration above.

Screenshot of a Proxmox Linux Bond NIC

In this instance, eno3 and enp65s0f1 are actual physical network interfaces. As enp65s0f1 is the primary, it'll always use that whenever a link is available and only use eno3 as a last resort.

As with bridges, IP address configuration is optional. You cannot plug a guest's NIC directly into a bond, so an IP address configuration is likely only useful for creating a management interface that has link redundancy.

A Linux bridge may make use of a bonded interface by simply bridging to it. Specifying the Linux bond's interface name as the bridged port is all you need to do.

Port Groups

In the VMware world, a port group is used for connecting guests to a vSwitch. It is intended to be analogous to a switchport on a real world network switch.

Proxmox approaches this a little differently, there are no port groups and the VLAN configuration is held by the guest's NIC. This is akin to if you could attach a VMware guest directly to a vSwitch and just specify the VLAN directly on the guest interface.

Screenshot of the NIC configuration on a Proxmox guest

VLAN Tag

The VLAN Tag field is self-explanatory, guest traffic passing through the bridge will be tagged with the value you specify here. However the "no VLAN" placeholder when nothing is inserted is somewhat misleading, as in the case of a VLAN Aware bridge, it acts like a port group tagged 4095. It'll pass all tagged and untagged traffic.

If you just want untagged traffic, you may "tag" the port as VLAN 1, which acts like the "None" option in VMware, and disables VLANing for the NIC.

VMkernel NICs on Specific VLANs

In vSphere, it's possible to configure the management interface to sit on a specific VLAN by configuring a VLAN ID for the VMkernel NIC's port group. Proxmox approaches this a little differently, since any interface is a candidate for carrying management traffic, we instead just create a Linux VLAN interface and configure an IP on it.

Screenshot of a Linux VLAN interface's configuration in Proxmox

In this example, I've used a common naming convention of Device.VLAN, which Proxmox picks up on and auto fills to the correct device and tag. Any guest or physical network plugged into vmbr1 can reach Proxmox on VLAN 601 with this configuration, and no IP configuration is required on the bridge.