[Solved] More than one private ip subnet on LAN interface?

Derelict · Dec 22, 2019, 9:29 PM

No idea. I never use the CLI in proxmox. I have a vlan aware bridge consisting of a physical interface going to my switch. I just add an interface to a VM on that with the right VLAN tag and it just works.

johnpoz · Dec 23, 2019, 2:21 AM

@Derelict said in More than one private ip subnet on LAN interface?:

Putting multiple IP network ranges on the same interface is unsound design.

This is nice speak for utterly freaking borked ;)

JKnott · Dec 23, 2019, 2:21 AM

@johnpoz said in More than one private ip subnet on LAN interface?:

@Derelict said in More than one private ip subnet on LAN interface?:

Putting multiple IP network ranges on the same interface is unsound design.

This is nice speak for utterly freaking borked ;)

Yet entirely normal with IPv6. On the pfSense Router Advertisement page, it's quite easy to add multiple prefixes.

Derelict · Dec 23, 2019, 3:36 AM

That would be pertinent if we were talking about IPv6.

JKnott · Dec 23, 2019, 3:50 AM

@Derelict

Yet still doable with IPv4. I experimented with aliases on Linux several years ago. There's nothing to stop someone from having both a pubic and RFC 1918 address on an interface, for example.

lifeboy · Dec 24, 2019, 1:16 PM

Here's an updated diagram of what I'm trying to do.
I want to be able to reach "to here" "from here"

I have in the meantime figured out that I cannot "clone" a bridge to create a virtual bridge. I can however add a virtual NIC with ip link add link virt1 nic1 address xx:xx:xx:xx:xx:xx type macvlan, which then allows me to create a new bridge and then adding virt1 to the bridge. Once I add that to any KVM machine with an ip address in the 172.16.10.0/24 subnet, I'm then able to communicate with the other 172.16.10.0/24 machines. Of course, adding a 172.16.5.0/24 address allows me to reach the 172.16.5.0/24 devices.

Apart from above, is there a better way to achieve this? I only have to 2 x10G ports (ens6) and 2 x 25G ports (ens7) in these nodes and would like to work with these without added more NIC's.

Derelict · Dec 24, 2019, 8:14 PM

@lifeboy said in More than one private ip subnet on LAN interface? (emphasis added):

Apart from above, is there a better way to achieve this? I only have to 2 x10G ports (ens6) and 2 x 25G ports (ens7) in these nodes and would like to work with these without added more NIC's.

People use VLANs to achieve multiple broadcast domains presenting multiple virtual NICs to VM guests.

bond0 is an LACP LAGG to the switch for connectivity to the physical world.

default            172.25.228.1       UGS      vtnet1
172.25.228.0/24    link#2             U        vtnet1 (WAN)
172.25.234.0/24    link#1             U        vtnet0 (LAN)
172.25.235.12/31   link#3             U        vtnet2 (OPT1)

johnpoz · Dec 24, 2019, 6:08 PM

@JKnott said in More than one private ip subnet on LAN interface?:

There's nothing to stop someone from having both a pubic and RFC 1918 address on an interface, for example.

Other than just plain common sense... There would be ZERO freaking reason to do such thing... Its not actually isolating anything and no point to it..

You can put as many IPs you want on the same L2 - doesn't mean it makes any sense, or you should do it, etc.

The reason for the link-local on IPv6 is to get information on its neighbors, its sends the RS from its link-local address, etc. etc.. There is all kinds of things that happen with the link-local in IPv6 that don't really need to get into here, and you if anyone should know anyway.

This is in no way the same as putting a public IPv4 and a rfc1918 IPv4 address on an interface - what does that accomplish other than complications and nonsense? If a device needs to have a rfc1918 and a public IPv4 then they should be on different L2s

Lets not mix in how things are done with IPv6 with the IPv4 talking about here.. Derelict has given the correct solution to the OP question, which is vlans!

lifeboy · Dec 26, 2019, 12:38 PM

The use of VLAN's is the better way to achieve this (as answered by @Derelict), but I wanted to add this to my own question as far as it pertains to creating virtual bridges:

It seems that one cannot add a virtual device to a NIC that is already part of a bridge.

:~# ip link add link ens7f0 virt1 address 00:11:22:33:44:55 type macvlan
RTNETLINK answers: Device or resource busy

However, if I create the Virtual NIC and then add it to a bridge, it works.

:~# ip link add link ens7f1 virt1 address 00:11:22:33:44:55 type macvlan
:~# brctl addbr virtb1
:~# brctl addif virtb1 virt1
:~# brctl show
bridge name   bridge id             STP enabled        interfaces
virtb1        8000.001122334455        no              virt1
vmbr0         8000.ac1f6bcae3e2        no              ens7f0
                                                       tap101i0
vmbr1         8000.ac1f6bc59544        no              ens6f0
                                                       tap101i1

Although Proxmox's GUI doesn't "see" the new bridge, if I edit the qemu conf file for the VM, the port is added and the VM starts.

Derelict · Dec 26, 2019, 4:00 PM

Sounds like you should probably move to a proxmox forum.