Simple Proxmox VLAN Setup

Took me a while to figure out because there are a lot of sources out there talking about different ways of applying VLAN to Proxmox, often on multiple NICs.

I will keep this post short. I needed to run my HA cluster chatter in a VLAN to keep my LAN free of congestion. Here is what needed to be done:

auto vmbr1
iface vmbr1 inet static
        address <LAN IP IN CIDR>
        gateway <LAN GATEWAY>
        bridge-ports enp1s0
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 50

auto vmbr1.50
iface vmbr1.50 inet static
        address <LAN IP IN CIDR>

What is going on here?

bridge-vlan-aware yes adds VLAN capability to vmbr1 interface.

bridge-vids 50 specifies VLAN tags other than 50 will be ignored by the interface.

We then define VLAN50 below. Notation follows <interface>.<VLAN ID>

Took me a while to figure out because there are a lot of sources out there talking about different ways of applying VLAN to Proxmox, often on multiple NICs.

The sample config above shows how to do it on single NIC.

You can define the same on UI.

Under your PVE node > Network > Edit your bridge interface:

Make sure to check VLAN aware and add your VLAN IDs in Advanced settings.

Then in Network > Create > Linux VLAN:

As you type vmbr1.50 in Name field, Vlan raw device and VLAN tag will turn grayed out.

Coming back to HA cluster links... I do not know of a quick and clean way to update link addresses of nodes under cluster to their VLAN counterparts. I updated corosync configuration and it ended up splitting the cluster into two shards. I had to rebuild the cluster and restore guests from the backup. It was not a nice transition.

Here is a quick command I got from ChatGPT for checking HA traffic. If you see only VLAN IPs on the output, then it is good to go.

tcpdump -i vmbr1 port 5405 -n

I noticed improvements over speed on my network after moving HA traffic to its own VLAN. I see the common recommendation in such Proxmox setups is to have distinct VLANs for HA, data and backup/replication traffic to isolate user application data traffic as much as possible. I run my backup/replication jobs in ungodly hours so it is not something I explored at this time.

That's it!

Apply Configuration and then observe. Before you apply the changes, make sure your switch ports connecting Proxmox node(s) are tagged - not to mention that your switch needs to support VLAN tagging.