Re: [PVE-User] looking for recommendations of VLAN setup
Hi, On 02/06/2017 11:31 AM, Thomas Lamprecht wrote: > Hi, > >> >> But this setup is exactly what I'd want to avoid. Imagine you have a >> VM running on Node A that needs VLAN 7. With this kind of >> setup Proxmox could migrate the VM to Node B or C in case of failure >> of node A. But if the VM is put on Node C the VM has no >> connectivity to VLAN 7 which is against the concept of HA. What good >> is a VM when it has no connectivity to the network it >> requires for its services? >> > > You could use HA groups to ensure a VM can run only on those nodes which > provides the necessary abilities. Yep, we use weighted resource groups, so the VM will failover and migrate back to only those nodes capable of servicing hardware resources needed for the VM (eg. CPU type, network, storage). > > ___ > pve-user mailing list > pve-user@pve.proxmox.com > http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user -- Cheers, Alwin ___ pve-user mailing list pve-user@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
Re: [PVE-User] looking for recommendations of VLAN setup
Hi, But this setup is exactly what I'd want to avoid. Imagine you have a VM running on Node A that needs VLAN 7. With this kind of setup Proxmox could migrate the VM to Node B or C in case of failure of node A. But if the VM is put on Node C the VM has no connectivity to VLAN 7 which is against the concept of HA. What good is a VM when it has no connectivity to the network it requires for its services? You could use HA groups to ensure a VM can run only on those nodes which provides the necessary abilities. ___ pve-user mailing list pve-user@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
Re: [PVE-User] looking for recommendations of VLAN setup
Hi Alwin, thanks for your suggestion. Comments below. Am 04.02.2017 um 12:04 schrieb Alwin Antreich: […] >> >> What kind of network setup would you recommend? > > We also use multiple VLANs on our network. As linux bridges are > VLAN-aware (bridge-vlan-aware yes), we set the VLAN in the VM config and > leave the interface without any VLAN (ethX), all traffic of the VM is > passing as tagged through the bridge. You only need to make sure that > you have the same bridge configured (vmbrX -> bridge-vlan-aware yes) on > all Proxmox hosts. > > Eg: > > Node A (eth0 -> vmbr0) - switch port VLAN 4,7,12 > Node B (eth3 -> vmbr0) - switch port VLAN 3,4,7 > Node C (bond0 -> vmbr0)- switch port VLAN 4,5,6 > > So all VMs can move between nodes, as the bridge is the same. Traffic > between VMs and devices outside the node will only happen if VLANs are > corresponding. > But this setup is exactly what I'd want to avoid. Imagine you have a VM running on Node A that needs VLAN 7. With this kind of setup Proxmox could migrate the VM to Node B or C in case of failure of node A. But if the VM is put on Node C the VM has no connectivity to VLAN 7 which is against the concept of HA. What good is a VM when it has no connectivity to the network it requires for its services? Regards, Uwe ___ pve-user mailing list pve-user@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
Re: [PVE-User] looking for recommendations of VLAN setup
Hi Uwe, On 02/02/2017 10:22 AM, Uwe Sauter wrote: > Hi all, > > I would like to hear recommendations regarding the network setup of a Proxmox > cluster. The situation is the following: > > * Proxmox hosts have several ethernet links > * multiple VLANs are used in our datacenter > * I cannot guarantee that the VLANs are on the same interface for each host > (meaning VLAN 1234 could be on eth1 for host A but on > eth3 for host B, e.g. due to performance reasons) > * passing through a VLAN trunk to a VM currently doesn't seem to be necessary > > My thought was that I would need to create a VLAN interface for each used > VLAN (say ethX.1234) and on top of that configure a > Linux bridge (vmbr1234). This should abstract away the physical network > situation from the VMs. > > What kind of network setup would you recommend? We also use multiple VLANs on our network. As linux bridges are VLAN-aware (bridge-vlan-aware yes), we set the VLAN in the VM config and leave the interface without any VLAN (ethX), all traffic of the VM is passing as tagged through the bridge. You only need to make sure that you have the same bridge configured (vmbrX -> bridge-vlan-aware yes) on all Proxmox hosts. Eg: Node A (eth0 -> vmbr0) - switch port VLAN 4,7,12 Node B (eth3 -> vmbr0) - switch port VLAN 3,4,7 Node C (bond0 -> vmbr0)- switch port VLAN 4,5,6 So all VMs can move between nodes, as the bridge is the same. Traffic between VMs and devices outside the node will only happen if VLANs are corresponding. > > One additional question: does Proxmox stop me from migration a VM to a host > that doesn't provide VLANs necessary to that > particular VM? (e.g. a VM needs VLAN 1234 but some of the hosts aren't > connected to this VLAN) > > > Regards, > > Uwe > ___ > pve-user mailing list > pve-user@pve.proxmox.com > http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user > -- Cheers, Alwin ___ pve-user mailing list pve-user@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
Re: [PVE-User] looking for recommendations of VLAN setup
Hi, just answering the additional question, the rest may get better answered by our community. On 02/02/2017 10:22 AM, Uwe Sauter wrote: Hi all, I would like to hear recommendations regarding the network setup of a Proxmox cluster. The situation is the following: * Proxmox hosts have several ethernet links * multiple VLANs are used in our datacenter * I cannot guarantee that the VLANs are on the same interface for each host (meaning VLAN 1234 could be on eth1 for host A but on eth3 for host B, e.g. due to performance reasons) * passing through a VLAN trunk to a VM currently doesn't seem to be necessary My thought was that I would need to create a VLAN interface for each used VLAN (say ethX.1234) and on top of that configure a Linux bridge (vmbr1234). This should abstract away the physical network situation from the VMs. What kind of network setup would you recommend? One additional question: does Proxmox stop me from migration a VM to a host that doesn't provide VLANs necessary to that particular VM? (e.g. a VM needs VLAN 1234 but some of the hosts aren't connected to this VLAN) Yes and no, you need the interface you use on Node A available on Node B, else PVE cannot start the VM after the migration on the target node, as the interface does not exists anymore. So if you create a vmbr1234 and let the VM use it then there needs to be a vmbr1234 available on each needed migration target node. But this can be just a "dummy" bridge, then the migration works but the VM has no network connection, as expected. Additional note: When creating the dummy bridge with no physical interface connect on which you wantto start a VM with VLAN tag configured you just need to ensure that the dummy bridge allowsvlan_filtering ( in /etc/network/interface it would be the "bridge_vlan_aware yes" option). cheers, Thomas ___ pve-user mailing list pve-user@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
