Thanks for the feedback, much appreciated I like diagrams myself and was using them in my earlier videos, so I'm not sure why I've stopped adding them in It will be interesting to see where this SDN solution goes mind For now I'm not touching DHCP or EVPN as they're still in tech preview I did try the DHCP server for instance but I was getting error messages after uninstalling Dnsmasq Even in a lab that's not a good situation to be in Fortunately I use nested hypervisors so I just rolled them back to a snapshot

Thanks for sharing I don't use Windows much, but yeah -f is to set the do not fragment flag On the Linux computer I was using the equivalent of -M do

I think Proxmox are still primarily focused on the hypervisor being just a hypervisor Although to be fair, it's Debian underneath the hood While VXLAN is in public release, EVPN is still in tech-preview The deployment of virtual networks is simple, but it's not fully automated You can't define an application for instance and everything that goes with it is deployed automatically through the click of a button I doubt Proxmox have the deep pockets of Broadcom, but VMWare have had a head start on this for well over a decade after their acquisition of Nicira But even at this stage you should be able to save a lot of time and money deploying a basic physical network and PVE can build an SDN over that Any further network changes would be in PVE, hence the need for only a basic physical network And if a physical switch needed replacing, it would be very easy to swap it out It's only a matter of time I think before a 3rd party taps into this Proxmox API though to let you automate things You can get Ansible to roll out an entire deployment if you like, it just needs a lot of thought and coding to build the playbooks I don't know how good AI is, but at some point that should simplify things even further To me, companies like Cisco don't bring anything to the table for SDN because they don't make hypervisors For SDN, you only need enough from physical Layer 2 switches to allow the hypervisors their basic connectivity Everything else is done by the hypervisor So physical Data Centre networking solutions from the likes of Cisco, Arista and Juniper are old school You'll still need an entry and exit point for the building and that will be a virtual router offering an SDWAN solution At the moment for PVE, that would have to be a 3rd party offering But I fail to understand why anybody would want to buy an SD-WAN solution that's managed through a public facing Internet cloud I think at this turning point, you may as well just pay an ISP the money to include a basic physical router along with the WAN link and leave them to manage both All the physical router needs to do is to route the IP addressing for the SD-WAN router and know how to reach your firewall The SD-WAN router will take care of everything else through DMVPN/IPSec tunnels between the sites And if you ever need to change providers, it would be very easy to do

Not that I can see The documentation says a VNet will be "available as a common Linux Bridge" and can "be assigned to VMs and Containers" I'm not seeing any option to connect a node's physical interface to a VNet or to create a virtual interface for a node in a VNet

Normally you'd want computers behind a firewall So I have a virtual firewall that has an interface in the vxlan network of the vms and its wan interface connects to the default linux bridge I still have a physical firewall in between the internet and my hypervisors though for extra security

@@TechTutorialsDavidMcKone normally i would do the same😁 Interesting just for some kind of weird practice

Use a firewall or router if you need to connect them VNets are similar to VLANs, i.e. they provide logical separation of traffic From a private user/company perspective, each VNet will represent a different subnet e.g. 192.168.1.0/24 and 192.168.2.0/24 These days, computers in two different subnets shouldn't be able to communicate directly So in this case we've been given VNet instead of VLAN separation to achieve that You could setup a virtual router to route between the two But a firewall would be better from a security perspective

Thanks for the feedback I'm glad this SDN module is now supported as it's very useful Looking forward to other parts being added

I see this as a real game changer, and there's more to come when EVPN comes out of tech preview But VXLAN alone really simplifies Datacenter design as you just need to build the underlying physical network once and then after that you just make changes in the PVE cluster So much time and money to be saved and it will make life so much simpler

As long as there's no need for direct contact with a physical device, then anything virtual should benefit Proxmox VE just needs to be able to put the traffic into a tunnel and then it can send it to any other node

Not sure on your setup In mine, although I configured a VNet and 192.168.50.x subnet, it's only for reference Even if the extra software is installed, at the moment, Proxmox VE will only supply an address for that subnet via DHCP if a Simple Zone is configured So for now, to supply an IP address via DHCP to VNets in a VXLAN Zone, you have to use a separate DHCP server And I had one connected to the subnet handing out IP addresses in the 192.168.1.x range Later on, hopefully, we'll be able to take advantage of the IPAM and DHCP solution for SDN

Yeah, like I was mentioning in the video it's still in tech preview It only works for simple networks, which is a shame And you can't take advantage of the built-in IPAM solution either So I just carried on using an external DHCP server

@@TechTutorialsDavidMcKone thanks for replying! I'm using a Mikrotik GR3 to make my network. Is possible to use mix Mikrotik with Proxmox vxlan?

@@eduardooroedell None of my devices support vxlan so it's not something I've tried I haven't seen any mention of connecting to other devices in the documentation But all the config asks for is IP addressing, so it could be worth trying

can you just setup a dnsmasq container or something to pass out IPs or is it that the dhcp broadcasts don’t make it to the hosts?

@@ipstacks11 From what I've experienced dhcp doesn't work well in containers because the container platform is using NAT So not only do broadcasts not reach the container but the source address is masked and so the server can't decide what IP to allocate With docker for instance you have to put the container in say host mode to bypass the network virtualisation Even still, I've found having a dhcp relay agent that unicasts the broadcasts back to the dhcp server can help

Disappointing to know this video wasn't to your liking, but thanks for the feedback Personally I prefer detailed presentations, rather than someone just saying do this, do that An explanation for the choices is a vital part of the learning experience So that's why my videos are done this way To some they'll be informative, to others stretched out C'est la vie I did make it clear at the start of the video mind that IPAM and the DHCP service do not work with VXLAN I can only assume therefore you skipped that chapter since you're trying to point out to me the very thing I mentioned I also pointed out that these are currently in tech preview In other words, as I mentioned, these shouldn't go into a production environment Currently, these features are more for niche users who run labs and are interested in learning about technology as Proxmox develops it However, as I demonstrated, you can still use the traditional DHCP server to provide IP addressing for vNets you deploy with VXLAN And chances are, companies will continue to use 3rd party IPAM solutions anyway From a business perspective alone, it would be difficult to justify the extra work when you already have a working solution The main gain I see from this use of VXLAN at the moment though is the ability to create an SDN overlay and simplify the underlying network What I certainly wouldn't do though is have the hypervisor act as a gateway for vNets using SNAT Not only does NAT cause all sorts of complications for security and troubleshooting but some applications can't work with it; Just look at some of the workarounds firewall vendors had to deploy over the years Besides, the default gateway should be a dedicated firewall Granted Proxmox offers the ability to firewall traffic using iptables, but it's not as sophisticated as a dedicated firewall