Introduction

In today’s technology-driven world, the demand for efficient and flexible networking solutions has never been higher. Enter Software Defined Networking (SDN) – a revolutionary approach to network management that is changing the game for businesses of all sizes. In this blog post, we delve into the world of Proxmox VE and explore how leveraging the power of SDN can transform your network infrastructure.

By utilizing SDN in Proxmox VE, users can easily define and manage virtual network resources to suit their specific needs. This enables efficient allocation of resources, improved network performance, and streamlined management of virtual environments.
Additionally, the SDN feature enhances security by allowing for better isolation of network traffic, reducing the risk of unauthorized access and potential breaches. Overall, the integration of SDN within Proxmox VE offers a comprehensive solution for creating and managing virtualized networks effectively.

Protect Your Data with BDRSuite

Cost-Effective Backup Solution for VMs, Servers, Endpoints, Cloud VMs & SaaS applications. Supports On-Premise, Remote, Hybrid and Cloud Backup, including Disaster Recovery, Ransomware Defense & more!

What is Proxmox VE SDN ?

The SDN in Proxmox is nothing but a feature that enables the creation of virtual zones and VNETs. This functionality simplifies advanced networking configurations and multitenancy setup.

By leveraging the SDN feature in Proxmox VE, users can easily segment their infrastructure into isolated virtual zones, each with its own network resources and access controls. This capability streamlines the management of complex network setups and enhances security by enforcing strict segmentation between different environments. Additionally, the SDN functionality in Proxmox VE supports the implementation of multitenancy architectures, allowing multiple users or tenants to securely share the underlying physical network infrastructure while maintaining distinct virtual networks for their exclusive use. This versatility makes Proxmox VE a powerful platform for building agile and scalable network environments to meet diverse business requirements.

Installing SDN packages on Proxmox VE node

SDN Core package

From Proxmox VE 8.1 version the core SDN packages are installed by default. If you upgrade from an older version, you need to install the libpve-network-perl package on every Proxmox VE node

Download Banner

Use the below two commands to install the SDN packages.

  1. Apt update
  2. apt install libpve-network-perl

After installation, you need to ensure that the following line is present at the end of the /etc/network/interfaces configuration file on all nodes, so that the SDN configuration is included and activated.

source /etc/network/interfaces.d/*

Remember to save the changes after editing the configuration file. Once you have verified that the line is properly added, you can restart the network services for the changes to take effect. This step is crucial to ensure proper communication and connectivity within your SDN environment. By following these instructions, you will be able to successfully configure and activate SDN across all nodes in your network.

The below screenshot shows this step, if the SDN package is already installed you will get the notification that the latest version of the package is already installed.

Networking in Proxmox

DHCP IPAM Package

The DHCP integration in the PVE IP Address Management system relies on dnsmasq for assigning DHCP leases. Currently, this feature is not enabled by default and users have to opt-in to use it. To utilize this feature, the dnsmasq package must be installed on each node within the PVE environment.

  • apt update
  • apt install dnsmasq
  • # disable default instance
  • systemctl disable –now dnsmasq

FPR Routing Package

The Proxmox VE SDN stack integrates with the FRRouting project for advanced setups, but this feature is currently optional. In order to use the SDN routing integration, the frr-pythontools package must be installed on all nodes within the network.

  1. apt update
  2. apt install frr-pythontools

When you install this frr-pythontools, addional packages such as libc-ares2 and libyang2 packages will be installed automatically, as shown in the below screenshot. Click Y to proceed the installation.

Networking in Proxmox

SDN Configuration Overview

Users can configure SDN at the datacenter level in WebGUI, and is separated under the sections given below.

SDN

This is the main page of the SDN configured. By default “localnetwork is configured and you can check the status as OK. Below are the subsections under SDN

Zones

Zones play a crucial role in network security by creating isolated environments for different groups within a network. By limiting access to specific nodes and defining permissions within a zone, organizations can enforce strict boundaries that enhance the overall security posture. This approach helps in minimizing the risk of unauthorized access and data breaches, ensuring that users operate within designated boundaries to safeguard sensitive information and critical assets. In essence, the concept of zones adds a layer of control and protection to network environments, contributing to a more secure and well-organized infrastructure.

There are five types of zones you can create here depends on the technologies used for the separation of network. They are :

  1. Simple: Isolated Bridge. A simple layer 3 routing bridge (NAT)
  2. VLAN: Virtual LANs are the classic method of subdividing a LAN
  3. QinQ: Stacked VLAN (formally known as IEEE 802.1ad)
  4. VXLAN: Layer 2 VXLAN network via a UDP tunnel
  5. EVPN (BGP EVPN): VXLAN with BGP to establish Layer 3 routing

Choose Zone under SDN, click Add and choose any one of the network technologies listed. The below screenshot shows this page.

Networking in Proxmox

VNETs

VNETS can create virtual network bridges and manage subnets by allowing users to define their own network topology, address space, and security policies. This flexibility enables better management of resources and improved security within the virtual environment. Subnet isolation, network access control, and traffic filtering are some of the key features that VNETS provides to enhance network security and performance. The ability to create multiple subnets within a virtual network bridge allows for better organization and segmentation of resources, resulting in a more efficient and secure network environment.

It has two portions VNET and Subnet

VNET : After creating a virtual network (VNet) through the SDN GUI, a local network interface with the same name is available on each node. To connect a guest to the VNet, assign the interface to the guest and set the IP address accordingly. Depending on the zone, these options have different meanings and are explained in the respective zone section in this document.

Subnet : A subnet define a specific IP range, described by the CIDR network address. Each VNet, can have one or more subnets.

A subnet can be used to:

  • Limit the IP addresses that can be specified on a particular VNet
  • Set up routes/gateways on a VNet within layer 3 zones
  • Activate SNAT on a VNet within layer 3 zones
  • Automatically allocate IPs to virtual guests (VM or CT) using IPAM plugins
  • Register DNS using DNS plugins

The below image shows the page to configure VNET and Subnet. First user needs to create VNET and subsequent Subnet in two separate tasks.

Networking in Proxmox

Options

Under options section, you have three configurations namely Controllers, IPAM and DNS

Controllers : Controllers can be useful to manage layer 3 routing in complex configurations. It provides three controller configurations, namely EVPN Controller, BGP Controller and ISIS Controller, and these are based on routing technologies and protocol used.

Some zones have a separate control and data plane, require an external controller to oversee the VNet’s control plane. Presently, the only zone that require an external controller is EVPN. The below screenshot shows where to configure the mentioned controllers in the Proxmox VE webgui.

Networking in Proxmox

IPAM

IP Address Management tools allows for efficient IP management within specific network segments, ensuring seamless allocation and utilization of IP addresses. By linking an IPAM instance to multiple zones, administrators can streamline the process of IP assignment and monitoring across different areas of the network. This centralized approach enhances control and visibility over IP address usage, facilitating better organization and optimization of resources. Furthermore, the integration of IPAM with SDN in Proxmox VE enables automated IP address provisioning and allocation, simplifying network configuration and enhancing overall network performance.

This IP managment can be achieved by three plugins namely PVE IPAM plugin, Netbox IPAM plugin and phpIPAM plugin. Here PVE IPAM plugin is the default plugin installed automatically in proxmox VE server. The other two plugins are open-source plugins and require additional configuration.

The below screenshot shows this configuration page.

Networking in Proxmox

DNS

The DNS plugin within Proxmox VE SDN is utilized to specify a DNS API server for the registration of your hostname and IP address. Each DNS configuration is linked to one or more zones to enable DNS registration for all the subnet IPs configured within a zone.

This can be acheived by configuring PowerDNS plugin. Below screenshot shows this configuration page.

Networking in Proxmox

DHCP

The DHCP plugin within Proxmox VE SDN facilitates the automatic deployment of a DHCP server for a Zone, delivering DHCP services to all Subnets with a configured DHCP range. Presently, the sole available backend plugin for DHCP is the dnsmasq plugin. The DHCP plugin operates by assigning an IP from the IPAM plugin set up in the Zone when a new network interface is added to a VM/CT.

Upon VM startup, the DHCP plugin in the zone creates a mapping for the MAC address and IP. Subsequently, when network interfaces are removed or the VM/CT is destroyed, the respective entries in the IPAM and DHCP server are also removed.

Conclusion

In conclusion, the potential for leveraging Software Defined Networking (SDN) within Proxmox VE is a promising pathway towards enhancing network management efficiency, scalability, and flexibility. As discussed in this article, the overview of SDN technology in Proxmox VE illuminates the transformative capabilities it brings to network infrastructure. By understanding the fundamental concepts and benefits highlighted, businesses and individuals alike can harness the power of SDN to optimize network performance and streamline operations. As the realm of technology continues to evolve, embracing SDN in Proxmox VE emerges as a strategic investment in the seamless, agile, and high-performing networks of tomorrow.

Related Posts:
Proxmox Virtualization Series: User and Permission Management in Proxmox VE – Part 7

Follow our Twitter and Facebook feeds for new releases, updates, insightful posts and more.

Rate this post