Proxmox VE 8 SDN: Creating VLAN to Isolate User Networks

In a previous article, we used SDN’s Simple mode to implement network isolation for tenants (users), but it has a limitation: communication can only occur within a single physical node and not across multiple physical nodes (unless special handling is applied). However, in practical applications, Proxmox VE is often used in a multi-node cluster setup, where virtual machines on the same isolated subnet but located on different physical nodes need to communicate with each other. This can be achieved using VLANs.

Basic Steps

1. Create a VLAN on the Proxmox VE 8 cluster.

2. Create virtual machines on different physical nodes.

3. Test connectivity between the virtual machines.

Creating an SDN VLAN

Log in to the Debian host system on each node of the Proxmox VE 8 cluster. In the command line, append the following line to the end of the network configuration interface file `/etc/network/interfaces`: `source /etc/network/interfaces.d/*`. Then, switch to the Proxmox VE 8 cluster Web management interface. At the data center level, select the “SDN” submenu “Zones,” click the arrow next to the “Add” button at the top of the page, and select “VLAN” from the dropdown list, as shown in the figure below.

In the “Create VLAN” dialog box, enter a text ID of 8 characters or less, and name the zone. For the bridge interface, enter the actual name of the physical node (What if the bridge interface names are different on each node?). Use the default value for the nodes item.

You can create multiple zones following the same method to meet multi-tenant requirements. After creating the VLAN zone, create the virtual network VNET, and in the “Zone” field, select the previously created zone (in this case, vlan1).

Once the required virtual networks are created, click the “Apply” button associated with SDN to activate the configuration. If there are no errors, the created virtual network will be displayed normally under each node in Proxmox VE.

Testing Connectivity Within the VLAN

Create a virtual machine on each of the two physical nodes in Proxmox VE, with both VMs using the same virtual network interface (Vnet) for bridging, and enter the VLAN tag value set in the previous steps (in this case, 20). Install the operating system and set different IP addresses within the same subnet.

After installing the virtual machines located on different physical nodes, restart the systems and log in normally. Use the `ping` command or `ssh` to test network connectivity between them.

Interconnection with Other Networks

Requires support from a router or a Layer 3 switch.