In the last post I installed Proxmox and set up a cluster with three VM hosts. Before I start setting up virtual machines, I need a way to segment the network so I can make it match the diagram below. To meet this requirement, I need to enable communication between the hosts, but keep the networks segmented using the firewall. The best way I found to accomplish this was to configure software defined networking in Proxmox to create VXLANs for the DMZ and LAN.

Diagram of lab network with firewall, external, DMZ, and internal networks.
Overview of Lab Network Topology

Preparing the Hosts

Prerequisite: Install Proxmox and Configure a Cluster

The first step in any installation is to make sure your hosts are updated. By default, Proxmox hosts will reach out to the enterprise repository, so I need to configure the pve-no-subscription repository. To enable that, I added it to /etc/apt/sources.list like the image below.

View of /etc/apt/sources.list file with pve-no-subscription repository added.
Add the pve-no-subscription repository

After adding the repository, I run an apt update and upgrade to install the latest patches and make sure the new repository works.

# apt update && apt upgrade -y

Now I can install the needed dependencies on each host. Important note here, the next few steps are run on EVERY node in the cluster.

# apt install libpve-network-perl ifupdown2

Configure Software Defined Networking in Proxmox

After updating the hosts and installing the dependencies the last step to enable software defined networking is to add a line to the interface configuration. I added the line below to the /etc/network/interfaces file on every host.

source /etc/network/interfaces.d/*
Image of the /etc/network/interfaces file with added line from one of the hosts.
Example /etc/network/interfaces file with additional line

Once added, you should automatically see the software defined network menu in your datacenter view.

Software defined network menu in Proxmox datacenter view

Adding VXLANs to the Lab Network

Configuring a software defined network in Proxmox consists of three steps for each network. I need to configure a Zone, a Vnet, and if I want to assign an IP range, a Subnet for each VXLAN.

Adding a VXLAN zone

To add a VXLAN zone, you select that zone type in the Proxmox SDN interface. According to Proxmox SDN documentation, when adding a VXLAN, you need to set the MTU to a slightly lower value than the standard 1500. A VXLANs is a simulated layer 2 network on top of the existing network. So the extra 50 bytes allows for the VXLAN header added to each packet. You also need to configure an ID and peer IP address list.

Example VXLAN zone configuration for Lab Network
Example VXLAN zone configuration
Overview of VXLAN zones in Lab Network
DMZ and LAN VXLAN zones added to Lab Network

Adding Vnets and Subnets

Once you configure a VXLAN zone, the next step is to add the associated Vnets and Subnets to each zone. In my lab, each zone will have a single Vnet and Subnet. Here is an example configuration of the LANnet and LAN subnet.

Example Vnet configuration in Proxmox
LANnet Vnet configuration
Vnets overview for the Proxmox lab network
Vnet configuration overview for Lab Network
Example subnet configuration for the LAN network
Example subnet configuration

Apply to Configure Software Defined Networking in Proxmox Lab

The last step is to go back to the SDN overview and apply the configuration. I hit apply and then Proxmox configures the DMZ and LAN VXLANs on each host in the cluster.

Lab Network SDN overview after applying the software defined networking configuration.
Data center overview after software defined network configuration

That’s all there is to it, my lab network is ready for virtual machines. Next up, I create a virtual firewall running pfsense and configure the WAN, LAN, and DMZ interfaces.

Previous: Install and Configure Proxmox Cluster
Next: Creating the Firewall