Thanks for the helpful video. I use an SDN when I need to have someone I don't know remote access into a VM for troubleshooting. I don't want them to have any access to any other servers on my network.
Exactly, this is the perfect use case. I just found this video trying and searching about the proxmox networking to isolate containers or VMs for a similar purpose, a guest access to my infra but not touching/seeing anything else.
SDN has always interested me and I want to have a use case for it as well. I see this as being key to have a mini router that is very basic for connecting VMs and CTs to the internet but wonder if it separates them from the physical network enough for security without involving the firewall rules. That is the other thing I want to work on is actually using the proxmox firewall.
Thanks for this. I want to setup a HA cluster and the servers within the cluster are geographical separated and on different subnets. If I want a VM to start on a different server in HA mode, I need it to be reachable. The SDN feature will help me with this
Thank you for this. I'm recently studying Proxmox, baby steps for now. Is this do automatic name resolutions on DNS? Are there any firewall integration on this?
Hi David, thanks again for a quick and easy to follow Tutorial ... Learned a few things regarding Proxmox/Portainer/... from your Channel. keep doing what you doing !!
Thanks for the clear explanation! Could SDN be used to fully isolate services available to the internet via a cloudflare tunnel from the rest of proxmox and internal network(s)? I would for example create a vm on a dedicated SDN network which would be hosting a website and a cloudflare tunnel. Would that work and be safe to use?
Dude. I LOVE this question. This was the exact "weird use case" I was talking about in this video. So, yeah, if you wanted to keep a VM or LXC from pulling an IP and connecting to your "regular home network" then you could create an SDN like I showed here, give it an IP from the SDN and then attach it to the internet via a Cloudflare tunnel. Thanks for watching and commenting!! :)
Just in time! Now I can segment my containers and VMs into the desired range of IP addresses. Currently, I share the internet with a flatmate, and since we both work remotely, I'm concerned about disrupting our internet access. However, with Software Defined Networking (SDNs), I can continue to experiment and organize my VMs and containers without issues. Thanks for your video; I'm definitely going to give this a try!
I wish you a good yeah! As hell is bad and people don't realize they're saying "bad yeah"! :) (along with Holy sh*t associating Holy with feces, OMG, and saying Jesus Christ in place of a swear)
i've not looked into SDNs yet but it looks nice, i make use of SR-IOV so i give each container / VM their own dedicated nic but one of the features of esxi which i used before migrating to proxmox, was a private vlan which essentially was a /32 isolated network i wonder if you can do similarly with the SDNs in proxmox
Hi! I'm watching all the series about proxmox (as I watched all you past videos) because I'm planning to switch to it soon. Actually I'm using a RPi4 with OMV6, docker and portainer/dockge, one of the container is gluetun and there are a couple of other containers "linked" to it. I was wondering if I wanna create separate nodes as you do how can I communicate with gluetun and the other nodes, I don't know if you understand the question. I think you only talked about gluetun creating different "containers" in the same node where gluetun was installed. Thank you for you help
I've also got a gluetun config set up with a few apps, but I've got them all on my Synology NAS working together. I think putting them all on the same node is the easier way to get the other apps to work in a more streamlined fashion with the gluetun container as they all need to be on the same docker network.
Thanks for the review of SDN Proxmox. The topic that remains unsolved is how to harm access to servers from the Internet, for example, to several web servers on different virtual machines.
Set up an Ingress server, for example HAProxy installed on a server that is on your network and (the network of your actual router) and the HAProxy is set up to set traffic for all port to a specific VM based on the domain name used.
I am using SDN for my dedicated server hosted with Hetzner. Any traffic that hits the Hetzner infra and is not associated with my servers MAC address is blocked and flagged by Hetzner. I could buy more IP addresses, one for each VM/Container, but $$$. So instead, all my VMs and containers run inside a vnet, using the proxmox host for NAT. Traffic hitting the proxmox host on port 80 or 443 from external get routed to my traefik container. Before I found SDN, I had a similar setup, but using a pfsense VM, a bought IP for it and 2 vmbrs (one internal, one connected to the external hetzner infrastructure).
Huh, that's neat. I could see some use cases for this like joining together a set of vm's across disparate nodes, or just a simple vlan to separate out your services from your home network all internally on the server, without ever having to loop out to your router. Should, in principle, be a lot faster.
I think that will all be dependent on the hardware running in each situation, but, theoretically, the clients on the SDN *should* be able to communicate faster
Great videos and thanks for all of the effort you put in this! Complitely unrelated question, could you possible make a video on TrueNAS Scale Apps and how to run them with separate IP's? For example Transmission for Linux iSO downloading on a different IP and then route all traffic on firewall throug a wireguard VPN.
Remember that it won't work automatically if using Proxmox Firewall. This is because the dhcp request is blocked by the firewall. The official wiki page "Setup Simple Zone With SNAT and DHCP" shows how to solve the problem.
Could almost use this for like a DMZ network so local services do not touch your may network. But I guess vlans would also fix this. Not real sure if your actual network can talk to this network or not.
Thanks for this. I think following your video I can finally get SDN up and running. I had attempted it before, but must have missed a step because I never got it to work. My use case is to be able to finally do a FOG video on Proxmox with two network cards (one on the prod network and one on an "imaging" network). I was able to do this easily in VirtualBox years ago, but since my switch to Proxmox it has given me nothing but problems.
Respect your work, but this felt kind of like you made it just to have content. Not meant negatively, but as you said you don't have a use case for it. Without more background of what/why etc, how do we know if we would benefit from setting it up or not?
Very nice thanks for sharing man. I'm sharing some services with people outside my network using tailscale serve and funnel and this would allow me for those services to not be on my main network. Nice.
I'm surprised you got away with the subnet being 10.10.10.[1]/24 (same as gateway) since that's not usually a valid networking cidr. I see it worked, but very odd from a networking POV.
With all due respect your subnet should have been 10.10.10.0/24 . Subnet can not have IP [ You have given 10.10.10.1/24 ip as subnet - fundamentally wrong ] Rest of the video is good. There are many many use cases of SDN.
Thanks for the helpful video. I use an SDN when I need to have someone I don't know remote access into a VM for troubleshooting. I don't want them to have any access to any other servers on my network.
Exactly, this is the perfect use case. I just found this video trying and searching about the proxmox networking to isolate containers or VMs for a similar purpose, a guest access to my infra but not touching/seeing anything else.
SDN has always interested me and I want to have a use case for it as well. I see this as being key to have a mini router that is very basic for connecting VMs and CTs to the internet but wonder if it separates them from the physical network enough for security without involving the firewall rules. That is the other thing I want to work on is actually using the proxmox firewall.
Thanks for this. I want to setup a HA cluster and the servers within the cluster are geographical separated and on different subnets. If I want a VM to start on a different server in HA mode, I need it to be reachable. The SDN feature will help me with this
That is a great shirt!
lmao
Thank you for this. I'm recently studying Proxmox, baby steps for now. Is this do automatic name resolutions on DNS? Are there any firewall integration on this?
Hi David,
thanks again for a quick and easy to follow Tutorial ... Learned a few things regarding Proxmox/Portainer/... from your Channel.
keep doing what you doing !!
What can this be used for? Could you make a video maybe explaining the different usecases of sdn on proxmox?
Thanks for the clear explanation!
Could SDN be used to fully isolate services available to the internet via a cloudflare tunnel from the rest of proxmox and internal network(s)?
I would for example create a vm on a dedicated SDN network which would be hosting a website and a cloudflare tunnel. Would that work and be safe to use?
Dude. I LOVE this question. This was the exact "weird use case" I was talking about in this video. So, yeah, if you wanted to keep a VM or LXC from pulling an IP and connecting to your "regular home network" then you could create an SDN like I showed here, give it an IP from the SDN and then attach it to the internet via a Cloudflare tunnel.
Thanks for watching and commenting!! :)
@9:49 - can you add multiple DHCP range per subnet ???
because it looks like you can click the "Add" button again.
Hi David, thanks for the great video! Do you have any use cases for SDN in PVE?
I think I said twice in the video that I don't really have a use case for something like this other than a strange one-off idea.
@8:35 - can we create IPv6 subnet ???
Just in time! Now I can segment my containers and VMs into the desired range of IP addresses. Currently, I share the internet with a flatmate, and since we both work remotely, I'm concerned about disrupting our internet access. However, with Software Defined Networking (SDNs), I can continue to experiment and organize my VMs and containers without issues. Thanks for your video; I'm definitely going to give this a try!
Hell yeah! I'm glad this was helpful for you :)
I wish you a good yeah! As hell is bad and people don't realize they're saying "bad yeah"! :) (along with Holy sh*t associating Holy with feces, OMG, and saying Jesus Christ in place of a swear)
what is the difference between SDN and regular VMBR0 with VLAN tag?
Really Enjoying this series on Proxmox. Great Job!
Thanks for watching and commenting!! Much appreciated :)
Thanks for sharing DB Tech.
Thanks for commenting on almost every (if not every) video I release!! You're a rockstar!! :)
Can I have your autograph?
i've not looked into SDNs yet but it looks nice, i make use of SR-IOV so i give each container / VM their own dedicated nic but one of the features of esxi which i used before migrating to proxmox, was a private vlan which essentially was a /32 isolated network
i wonder if you can do similarly with the SDNs in proxmox
Amazing channel to learn new real life skills.
Currently binging your series and flying though not only set up, but understanding. Thank you so much.
That's awesome!!
Hi! I'm watching all the series about proxmox (as I watched all you past videos) because I'm planning to switch to it soon. Actually I'm using a RPi4 with OMV6, docker and portainer/dockge, one of the container is gluetun and there are a couple of other containers "linked" to it. I was wondering if I wanna create separate nodes as you do how can I communicate with gluetun and the other nodes, I don't know if you understand the question. I think you only talked about gluetun creating different "containers" in the same node where gluetun was installed. Thank you for you help
I've also got a gluetun config set up with a few apps, but I've got them all on my Synology NAS working together. I think putting them all on the same node is the easier way to get the other apps to work in a more streamlined fashion with the gluetun container as they all need to be on the same docker network.
Hello David keep it going. I like your videos, I follow you since years ago. Keep it going awesome 👏🏼
Awesome! Thank you!
Say I have my LXC under that SDN. I want to access it via my browser. How can I do that?
Thanks for the review of SDN Proxmox. The topic that remains unsolved is how to harm access to servers from the Internet, for example, to several web servers on different virtual machines.
Set up an Ingress server, for example HAProxy installed on a server that is on your network and (the network of your actual router) and the HAProxy is set up to set traffic for all port to a specific VM based on the domain name used.
@@fabricekabongo Thank you!
I need to know how to install proxmox in a server which is remote and the steps needed and also need to install in almalinux 8 or rocky linux 8
SDN is usefull for internal communicaiton between Kubernetes workers running on Proxmox cluster with multiple nodes
Hi; thank you for putting this together, it's been very handy as I learn Proxmox for some incidental work. Thanks!
I am using SDN for my dedicated server hosted with Hetzner. Any traffic that hits the Hetzner infra and is not associated with my servers MAC address is blocked and flagged by Hetzner. I could buy more IP addresses, one for each VM/Container, but $$$. So instead, all my VMs and containers run inside a vnet, using the proxmox host for NAT. Traffic hitting the proxmox host on port 80 or 443 from external get routed to my traefik container. Before I found SDN, I had a similar setup, but using a pfsense VM, a bought IP for it and 2 vmbrs (one internal, one connected to the external hetzner infrastructure).
How can I do static routing with this ?
Huh, that's neat. I could see some use cases for this like joining together a set of vm's across disparate nodes, or just a simple vlan to separate out your services from your home network all internally on the server, without ever having to loop out to your router. Should, in principle, be a lot faster.
Interesting how fast vms can talk with each other when using sdn. Will it work faster than device physical nic speed...
I think that will all be dependent on the hardware running in each situation, but, theoretically, the clients on the SDN *should* be able to communicate faster
Great videos and thanks for all of the effort you put in this!
Complitely unrelated question, could you possible make a video on TrueNAS Scale Apps and how to run them with separate IP's? For example Transmission for Linux iSO downloading on a different IP and then route all traffic on firewall throug a wireguard VPN.
Remember that it won't work automatically if using Proxmox Firewall.
This is because the dhcp request is blocked by the firewall. The official wiki page "Setup Simple Zone With SNAT and DHCP" shows how to solve the problem.
That worked like a charm! Thank you!
Awesome!
Great explanation! thanks
Glad it was helpful! Thanks for watching and commenting!! :)
Could almost use this for like a DMZ network so local services do not touch your may network. But I guess vlans would also fix this. Not real sure if your actual network can talk to this network or not.
Thanks for this. I think following your video I can finally get SDN up and running. I had attempted it before, but must have missed a step because I never got it to work.
My use case is to be able to finally do a FOG video on Proxmox with two network cards (one on the prod network and one on an "imaging" network). I was able to do this easily in VirtualBox years ago, but since my switch to Proxmox it has given me nothing but problems.
I was thinking of trying of the SDN Feature. This video really helped.
Thank you
😁
Glad it was helpful!
That helped me a lot! Thanks!
Respect your work, but this felt kind of like you made it just to have content. Not meant negatively, but as you said you don't have a use case for it. Without more background of what/why etc, how do we know if we would benefit from setting it up or not?
Awesome tutorial too btw!
Very nice thanks for sharing man. I'm sharing some services with people outside my network using tailscale serve and funnel and this would allow me for those services to not be on my main network. Nice.
I think the only way I would use SDN (with VPN setting if that's possible) would be maybe for the container sets for downloading wink wink.
I'm surprised you got away with the subnet being 10.10.10.[1]/24 (same as gateway) since that's not usually a valid networking cidr. I see it worked, but very odd from a networking POV.
Yeah. Someone else mentioned this as well. I'm not sure how/why it worked, but it did.
Wooohooo! Made it!
Great video sir! Thanks
Thanks for watching and commenting and being subscribed!! Much appreciated :)
Great !!!
glad you enjoyed it!
Why would u use something like this ? Why not just use pfsense and vlans and control everything?
This seems to only be useful in simple setups.
With all due respect your subnet should have been 10.10.10.0/24 . Subnet can not have IP [ You have given 10.10.10.1/24 ip as subnet - fundamentally wrong ] Rest of the video is good. There are many many use cases of SDN.
awesome ty!