Table of Contents

Proxmox - Networking - Bridged VM Traffic

Used to directly connect the VMs to the network.

If there is two or more network cards in your system, then it is recommended to use a different network card for the VMs to separate the guest traffic from the management traffic.

Create a bridged network

To create a bridged network, create a virtual network card.

ssh into the Proxmox server. 

vi /etc/network/interfaces

Add a new virtual network interface by adding those lines:

/etc/network/interfaces
auto vmbr1
iface vmbr1 inet manual
        bridge_ports eth1
        bridge_stp off
        bridge_fd 0

NOTE: This will create vmbr1 which is bound to the eth1 interface.

  • An IP address is not assigned to the eth1 or the vmbr1 interface.
  • This way, the guest VMs are not able to connect to the host directly.

Only having a single interface

If there is no separate interface, the virtual network card can be bound to the available interface like this:

/etc/network/interfaces
auto eth0
iface eth0 inet static
 
auto vmbr1
iface vmbr1 inet static
        address 10.3.5.1
        netmask 255.255.255.0
        bridge_ports eth0
        bridge_stp off
        bridge_fd 0

NOTE: An IP address has to be assigned to vmbr1 which is used for eth0.

Using a VLAN

A VLAN can be used to separate the traffic, even if there is only one network interface.

This can be configured this way: 

auto vmbr1
iface vmbr1 inet manual
        bridge_ports eth0.10
        bridge_stp off
        bridge_fd 0

NOTE: Creating vmbr1 and binding it to eth0.10 will create the tagged VLAN 10 on eth0.

  • Ensure that the Switch port is configured with the same setting.
  • All VMs bound to this virtual bridge interface, will be placed into VLAN 10.

Final Resulting file

/etc/network/interfaces
# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!
 
auto lo
iface lo inet loopback
 
iface enp3s0 inet manual
 
iface enp11s0f0 inet manual
 
iface enp11s0f1 inet manual
 
iface enp11s0f2 inet manual
 
iface enp11s0f3 inet manual
 
auto vmbr0
iface vmbr0 inet static
        address 192.168.1.95/24
        gateway 192.168.1.1
        bridge-ports enp3s0
        bridge-stp off
        bridge-fd 0
 
auto vmbr1
iface vmbr1 inet manual
        bridge-ports enp11s0f0 enp11s0f1 enp11s0f2 enp11s0f3
        bridge-stp off
        bridge-fd 0

NOTE: There are 2 separate physical network cards in the system:

  • enp3s0: This only has a single port.
  • enp11s0: This has 4 ports.

The host will use the enp3s0 card.

The VMs will use the enp11s0 card.

  • Notice the bridge-ports enp11s0f0 enp11s0f1 enp11s0f2 enp11s0f3 line which will bridge all 4 ports on this card.