Proxmox networking
Setting up PVE networking Today I set up my mini pc and started configuring the networking for it. It took bit of iterating but this is what I ended up with for now: I set up OpenWrt as the virtual router inside Proxmox for now, but I might still swap it for OPNsense, Vyos, or something else. I just picked OpenWrt now because it felt like it would be quickest to get up as I’m already familiar with it. I accidentally created the openwrt VM with BIOS and I think I saw somewhere that UEFI would be actually recommended so I might recreate it anyways. If I stick with OpenWrt I need to rebuild a better disk image anyways with bigger root volume. The Originally I planned to route all internet traffic through my main router (openwrt-r5s) but I realized that my DOCSIS modem has multiple LAN ports. When I plugged the minipc in I saw that my ISP apparently just gives me another public IPv4 address. They probably have some limit on how many addresses I can get but even having two separate addresses is a win these days. The downside of this approach is that I lose some traffic shaping capability as the PVE traffic now bypasses my router. I have to test if this will have negative impact on bufferbloat scores, and in general how is the traffic balanced between the two routers if they both try to use full bandwidth. Proxmox has tons of networking stuff I haven’t really familiarized myself with yet. Tbh I’m not sure how much of the network config I should do on PVE side and how much in my own router. Right now this setup I have kinda makes sense for me but it might get tedious if I need to do setup on both PVE side and on the router when setting up new VMs etc. Right now also I haven’t yet configured any sensible firewalling rules and everything is sitting in “lan” zone on the main router. This means that for example that IPv6 is still completely missing from this picture, I really want to get that done too before I start using this more seriously. Another thing that I desperately need at this point is proper DNS. Typing in IP addresses manually is already now starting to feel old and I don’t think it is going to get any better from now on. Especially if I start using IPv6 as the primary addressing. One thing that I’d like to see is some way for As a side-note now that I started playing with PVE I must say I found creating VMs from disk images somewhat fiddly process there. I feel like I’m missing something, it is nowhere as convenient as e.g. AMIs on AWS. If I got the process right I have to I was kinda expecting a button that just lets me create VM directly from image with the correct volume size. But I guess that is not how things work. I did see the docs say something about creating VM templates and then using them but I have to read and experiment more on how this is supposed to work.
debian-test in that diagram is just a demo VM I quickly set up in Proxmox so I could see that everything works. It is currently just running Caddy as a proof of concept.debian-test VM actually has network access to PVE management interface through the main router, which is not intended.openwrt-pve to advertise its networks, especially its public IP address, to openwrt-r5s so that I could get more automated routing between the two. I have to read up on what is the right protocol for that; BGP is of course an option but idk if it is overkill here.