[PVE-User] Advices - Proxmox behind L3 or L2 network
Alexandre Kouznetsov
alk at ondore.com
Thu Nov 7 22:57:50 CET 2013
Hello.
El 07/11/13 15:09, Leslie-Alexandre DENIS escribió:
> I'm currently designing a Proxmox based virtualization solution and I'm
> wondering how guys do you manage your edge connection.
> Do you prefer to route and setup your own L3 network before exposing the
> server ? Or just let the server with a WAN IP ?
> What is your ideas regarding network security (BCP, RP Filtering...) ?
My Proxmox nodes are multihomed.
One interface goes to a "public" L2 manageable switch. The VMs hosted on
Proxmox usually have a virtual network interface with some VLAN tag. The
Internet access of those VLANs is handeled by other means, outside of
the Proxmox cluster. The addresses used in those VLANs are private and
public.
Other interface is used for administration and storage (mostly backup
and migration, the VMs use local sotrage). It also goes to a manageable
L2 switch, but the VLAN capability is not used, ethernet connections are
untagged. This network uses strictly private addressing and there is a
router/firewall between it and Internet. It's completely independent
form the router used by public VLAN's. I access the nodes for
administration via VPN (my router provides that) or a reverse proxy
(Nginx on the router). Special trick (DNAT+SNAT) was required on the
router in order to be able to access the VNC console from the web
interface. The preferred method of connection is VPN, reverse proxy is
auxiliary.
Greetings.
--
Alexandre Kouznetsov
More information about the pve-user
mailing list