====== Proxmox - Networking - Bridged VM Traffic ======

Used to directly connect the VMs to the network.

If there is two or more network cards in your system, then it is recommended to use a different network card for the VMs to separate the guest traffic from the management traffic.

----

===== Create a bridged network =====

To create a bridged network, create a virtual network card.

ssh into the Proxmox server.

<code bash>
vi /etc/network/interfaces
</code>

Add a new virtual network interface by adding those lines:

<file bash /etc/network/interfaces>
auto vmbr1
iface vmbr1 inet manual
        bridge_ports eth1
        bridge_stp off
        bridge_fd 0
</file>

<WRAP info>
**NOTE:**  This will create **vmbr1** which is bound to the **eth1** interface.

  * An IP address is not assigned to the **eth1** or the **vmbr1** interface.
  * This way, the guest VMs are not able to connect to the host directly.

</WRAP>

----

===== Only having a single interface =====

If there is no separate interface, the virtual network card can be bound to the available interface like this:

<file bash /etc/network/interfaces>
auto eth0
iface eth0 inet static

auto vmbr1
iface vmbr1 inet static
        address 10.3.5.1
        netmask 255.255.255.0
        bridge_ports eth0
        bridge_stp off
        bridge_fd 0
</file>

<WRAP info>
**NOTE:**  An IP address has to be assigned to **vmbr1** which is used for **eth0**.
</WRAP>


----

===== Using a VLAN =====

A VLAN can be used to separate the traffic, even if there is only one network interface.

This can be configured this way:

<code>
auto vmbr1
iface vmbr1 inet manual
        bridge_ports eth0.10
        bridge_stp off
        bridge_fd 0
</code>

<WRAP info>
**NOTE:**  Creating **vmbr1** and binding it to **eth0.10** will create the tagged VLAN 10 on **eth0**.

  * Ensure that the Switch port is configured with the same setting.
  * All VMs bound to this virtual bridge interface, will be placed into VLAN 10.

</WRAP>

----

===== Final Resulting file =====

<file bash /etc/network/interfaces>
# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!

auto lo
iface lo inet loopback

iface enp3s0 inet manual

iface enp11s0f0 inet manual

iface enp11s0f1 inet manual

iface enp11s0f2 inet manual

iface enp11s0f3 inet manual

auto vmbr0
iface vmbr0 inet static
        address 192.168.1.95/24
        gateway 192.168.1.1
        bridge-ports enp3s0
        bridge-stp off
        bridge-fd 0

auto vmbr1
iface vmbr1 inet manual
        bridge-ports enp11s0f0 enp11s0f1 enp11s0f2 enp11s0f3
        bridge-stp off
        bridge-fd 0
</file>

<WRAP info>
**NOTE:**  There are 2 separate physical network cards in the system:

  * enp3s0:   This only has a single port.
  * enp11s0:  This has 4 ports.

The host will use the **enp3s0** card.

The VMs will use the **enp11s0** card.

  * Notice the **bridge-ports enp11s0f0 enp11s0f1 enp11s0f2 enp11s0f3** line which will bridge all 4 ports on this card.

</WRAP>


----