Onnowpurbo: New page: Sumber: http://pve.proxmox.com/wiki/Network_Model Proxmox VE uses a bridged networking model. Each host can have up to 4094 bridges. Bridges are like physical network switches implemented...

2013-04-23T22:20:55Z

New page: Sumber: http://pve.proxmox.com/wiki/Network_Model Proxmox VE uses a bridged networking model. Each host can have up to 4094 bridges. Bridges are like physical network switches implemented...

New page

Sumber: http://pve.proxmox.com/wiki/Network_Model

Proxmox VE uses a bridged networking model. Each host can have up to 4094 bridges. Bridges are like physical network switches implemented in software on the Proxmox VE host. All VMs can share one bridge as if virtual network cables from each guest were all plugged into the same switch. For connecting VMs to the outside world, bridges are attached to physical network cards assigned a TCP/IP configuration. For further flexibility, VLANs (IEEE 802.1q) and network [[bonding]]/aggregation are possible. In this way it is possible to build complex, flexible virtual networks.

The network configuration is usually changed using the web interface. Changes are stored to <code>/etc/network/interfaces.new</code>, and are activated when you reboot the host. Actual configuration resides in <code>/etc/network/interfaces</code>. The following examples list the contents of that file.

==Default Configuration (bridged)==
The installation program creates a single bridge (vmbr0), which is connected to the first ethernet card (eth0).

<pre>
auto lo
iface lo inet loopback
iface eth0 inet manual

auto vmbr0
iface vmbr0 inet static
address 192.168.10.2
netmask 255.255.255.0
gateway 192.168.10.1
bridge_ports eth0
bridge_stp off
bridge_fd 0
</pre>

Virtual machine behave as if they were directly connected to the physical network. The network, in turn, sees each virtual machine as having its own MAC, even though there is only one network cable connecting all of these VMs to the network.

==Routed Configuration==
Most hosting providers do not support the above setup. For security reasons they disable networking as soon as they detect multiple MAC addresses on a single interface.

A common setup is a public IP (assume 192.168.10.2 for this example), and additional IP blocks for your VMs (10.10.10.1/255.255.255.0). For such situations we recommend the following setup:

<pre>
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
address 192.168.10.2
netmask 255.255.255.0
gateway 192.168.10.1
post-up echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp

auto vmbr0
iface vmbr0 inet static
address 10.10.10.1
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0

</pre>

===Masquerading (NAT)===
In some cases you may want to use private IPs behind your Proxmox host's true IP, and masquerade the traffic using NAT:

<pre>
auto vmbr0
iface vmbr0 inet static
address 10.10.10.1
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0

post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o eth0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o eth0 -j MASQUERADE
</pre>

==Configuring VLAN in a cluster==

'''For the simplest way to create VLAN follow the link''': [[vlan|VLAN]]

Goal:
* Have two separate network on the same NIC
* Another host (firewall) manage the routing and rule to access to these VMs (out of this doc)

Suppose this scenario:
* A cluster with two nodes
* Each node have two NIC
* We want bonding the NIC
* We use two network: one untagged 192.168.1.0/24 and one tagged (VLanID=53) 192.168.2.0/24, we must configure the switch with port vlan.
* We want separate these network at layer 2

===Create bond0===
First of all we create the bond0 (switch assisted 802.3ad) at the proxmox web interface, follow the video.

At the end we have a /etc/network/interface like this:

<pre>
# network interface settings
auto lo
iface lo inet loopback

iface eth0 inet manual

iface eth1 inet manual

auto bond0
iface bond0 inet manual
slaves eth0 eth1
bond_miimon 100
bond_mode 802.3ad

auto vmbr0
iface vmbr0 inet static
address 192.168.1.1
netmask 255.255.255.0
gateway 192.168.1.250
bridge_ports bond0
bridge_stp off
bridge_fd 0
</pre>

Configure your switch appropriately. If you're using a bond of multiple links, you need to tell this to your switch and put the switch ports in a Link Aggregation Group or Trunk.

===Create VLAN===
We have two methods to follow:

====First explicit method====
<pre>
auto vlan53
iface vlan53 inet manual
vlan_raw_device bond0
</pre>

====Second method====
We can use direct the NIC dot VLAN ID, like bond0.53

I prefer the first one!

===Create manually the bridge===
Now we create manually the second bridge.
<pre>
auto vmbr1
iface vmbr1 inet static
address 192.168.2.1
netmask 255.255.255.0
network 192.168.2.0
bridge_ports vlan53
bridge_stp off
bridge_fd 0
post-up ip route add table vlan53 default via 192.168.2.250 dev vmbr1
post-up ip rule add from 192.168.2.0/24 table vlan53
post-down ip route del table vlan53 default via 192.168.2.250 dev vmbr1
post-down ip rule del from 192.168.2.0/24 table vlan53
</pre>

'''NOTE:'''
* We must not indicate the gateway, we must manually modify the routing table use '''ip route 2'''
* The whole configuration must replicate on the other cluster's node, the only change is the IP of the node.

===Create the table in ip route 2===
We must change the file '''/etc/iproute2/rt_tables''', add the following line:

<pre>
# Table for vlan53
53 vlan53
</pre>

use these commands to add:
<pre>
echo "# Table for vlan53" >> /etc/iproute2/rt_tables
echo "53 vlan53" >> /etc/iproute2/rt_tables
</pre>

===Create the vlan on switch===
For example on a HP Procurve 52 ports we use the following instructions to create the vlan.

Suppose:
* Ports 47-48 trunk (switch assisted 802.3ad) for gateway
* Ports 1-2 trunk (switch assisted 802.3ad) for the first node of cluster proxmox
* Ports 3-4 trunk (switch assisted 802.3ad) for the second node

Enter in configuration mode and type:

<pre>
trunk 1-2 Trk1 LACP
trunk 3-4 Trk2 LACP
trunk 47-48 Trk3 LACP
vlan 2
name "Vlan2"
untagged Trk1-Trk3
ip address 192.168.1.254 255.255.255.0
exit
vlan 53
name "Vlan53"
tagged Trk1-Trk3
exit
</pre>

===Test the configuration===
Reboot the cluster node one by one for testing this configuration.

==Unsupported Routing==
Physical NIC (eg., eth1) cannot currently be made available exclusively for a particular KVM / Container , ie., without bridge and/or bond.

==Naming Conventions==

* Ethernet devices: eth0 - eth99
* Allowable bridge names: vmbrn, where 0 ≤ n ≤ 4094
* Bonds: bond0 - bond9
* VLANs: Simply add the VLAN number to the ethernet device name, separated by a period. For example "eth0.50"

==Video Tutorials==
*[http://www.youtube.com/proxmoxve Proxmox VE YouTube Channel]
*[[Bond configuration (Video)]]
*[[Bridge configuration (Video)]]

==Referensi==

* http://pve.proxmox.com/wiki/Network_Model

Proxmox 2.2: Menggunakan Beberapa NIC - Revision history

Onnowpurbo: New page: Sumber: http://pve.proxmox.com/wiki/Network_Model Proxmox VE uses a bridged networking model. Each host can have up to 4094 bridges. Bridges are like physical network switches implemented...