N-DocsNetwork Configuration
Configure networking in Proxmox VE for optimal performance and security
Network Configuration
Proper network configuration is crucial for Proxmox VE performance and security. This guide covers essential networking concepts and configurations.
Network Interfaces Overview
Proxmox VE uses Linux networking with additional virtualization-specific features for VM and container networking.
Interface Types
- Physical Interfaces: Direct hardware network adapters
- Bridges: Virtual switches for VM/CT connectivity
- Bonds: Link aggregation for redundancy and performance
- VLANs: Network segmentation and isolation
Bridge Configuration
Bridges are essential for VM and container networking:
- Navigate to Datacenter → Node → System → Network
- Click Create → Linux Bridge
- Configure bridge settings:
- Name:
vmbr0(convention) - IPv4/CIDR: Your network configuration
- Gateway: Network gateway IP
- Bridge ports: Physical interface (e.g.,
enp0s3)
- Name:
Edit /etc/network/interfaces:
auto lo
iface lo inet loopback
iface enp0s3 inet manual
auto vmbr0
iface vmbr0 inet static
address 192.168.1.100/24
gateway 192.168.1.1
bridge-ports enp0s3
bridge-stp off
bridge-fd 0Apply changes:
systemctl restart networkingVLAN Configuration
VLAN configuration requires VLAN-aware switches and proper planning to avoid network isolation issues.
VLAN-Aware Bridge
auto vmbr0
iface vmbr0 inet static
address 192.168.1.100/24
gateway 192.168.1.1
bridge-ports enp0s3
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094VLAN Interface
auto vmbr0.100
iface vmbr0.100 inet static
address 192.168.100.1/24
vlan-raw-device vmbr0Bond Configuration
Link aggregation for redundancy and increased bandwidth:
auto bond0
iface bond0 inet manual
bond-slaves enp0s3 enp0s8
bond-miimon 100
bond-mode active-backup
bond-primary enp0s3
auto vmbr0
iface vmbr0 inet static
address 192.168.1.100/24
gateway 192.168.1.1
bridge-ports bond0
bridge-stp off
bridge-fd 0auto bond0
iface bond0 inet manual
bond-slaves enp0s3 enp0s8
bond-miimon 100
bond-mode 802.3ad
bond-xmit-hash-policy layer2+3
bond-lacp-rate fast
auto vmbr0
iface vmbr0 inet static
address 192.168.1.100/24
gateway 192.168.1.1
bridge-ports bond0
bridge-stp off
bridge-fd 0Firewall Configuration
Enable Datacenter Firewall
- Datacenter → Firewall → Options
- Enable Firewall
- Configure default policies:
- Input Policy:
DROPorACCEPT - Output Policy:
ACCEPT - Forward Policy:
ACCEPT
- Input Policy:
Security Groups
Create reusable rule sets:
Node-Level Rules
# Allow SSH from management network
IN SSH(ACCEPT) -source 192.168.1.0/24
# Allow Proxmox web interface
IN ACCEPT -p tcp -dport 8006
# Allow cluster communication
IN ACCEPT -source 192.168.1.0/24 -p tcp -dport 5404:5405
IN ACCEPT -source 192.168.1.0/24 -p udp -dport 5404:5405Advanced Networking
Software-Defined Networking (SDN)
SDN provides advanced networking features like VXLANs, EVPN, and network controllers.
- Datacenter → SDN
- Create Zones, VNets, and Subnets
- Apply configuration to cluster
Network Troubleshooting
Common network diagnostic commands:
# Check interface status
ip addr show
# Test connectivity
ping -c 4 gateway_ip
# Check bridge configuration
brctl show
# Monitor network traffic
tcpdump -i vmbr0
# Check firewall logs
journalctl -f | grep pve-firewallPerformance Optimization
Network Tuning
# Increase network buffer sizes
echo 'net.core.rmem_max = 134217728' >> /etc/sysctl.conf
echo 'net.core.wmem_max = 134217728' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_rmem = 4096 87380 134217728' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_wmem = 4096 65536 134217728' >> /etc/sysctl.conf
# Apply changes
sysctl -pVM Network Performance
- Use VirtIO network adapters for best performance
- Enable Multiqueue for high-traffic VMs
- Consider SR-IOV for maximum performance
Regular network monitoring helps identify bottlenecks and optimize performance for your specific workload.