To configure private network for client service you will need to assign some IP addresses to client in IPAM, either manually or trough automation modules like IP Provisioning.
VLAN Isolation
To make this work you will need to assign client with separate IPAM list, and assign that list with unique VLAN in IPAM.
In your product settings Connect with App > IPAM:
...
Enable Vlan tag
...
SDN & VNet Isolation
The module provides automated provisioning of a dedicated virtual network (VNet) for client services. This allows clients to have their private network space, isolated from public and other networks.
To enable VNet:
Navigate to Network > Private Bridge/VNet in the product settings.
Enable the option "Provision unique VNet for client".
Select a zone from the SDN Zone options.
In IPAM tab, set Network mapping for the Private Bridge/VNet option, if you plan to use private network map it to Private & Unmapped lists.
With this setup, client virtual machines or containers can be attached to their dedicated VNet instead of the public bridge (vmbr). This ensures that the private network is fully isolated from other clients environments.
VLAN Isolation
VLAN Isolation ensures that client services are segmented on different virtual LANs for better security and traffic separation.
To set it up in Proxmox:
Enable VLAN tag in the IPAM tab.
This will tag the network interface with the VLAN assigned to the IPAM list from which the client's IP is allocated.
Set the Client IPs option in your product settings:
IPs assigned to this service
...
: Select this if
...
the IPAM list is assigned to the same service you want to add a private network
...
for. This ensures other client services under the same product do not share those IPs.
...
Example: In Cloud Hosting
...
, where each service
...
requires a separate private network.
...
Specific Product: Select this if you want to use IPs assigned to
...
If you want to use separate bridge for private network, add Network Mapping for it with IP pool options set to All Unmapped Lists.
Automation with IP Provisioning
...
a different product. This allows multiple client services under that product to share access to the same private network.
Example: In Single VPS provisioning, where all client services access the same private network.
Choose one of the following:
Manually assign an IPAM list with private IP addresses to client service.
Use the IP Provisioning module as a submodule or sub-product to automate IP list assignment and VLAN assignment provisioning.
Set Network mapping for the bridge that you intend to use for private network, and map it to Private & Unmapped lists.
Automation with IP Provisioning
There are two options for automating private network provisioning in Proxmox:
Submodule:
In a cloud hosting scenario, you might want each service to have a separate subnet.
To enable this option, click the "Connect more apps" button in the Proxmox product and select IP Provisioning.In Proxmox section, IPAM tab, set Client IPs to "IPs assigned to this service" to ensure that each service receives its own subnet.
Sub-product or Standalone Service:
This option can be used for both VPS and cloud hosting environments, allowing flexibility in how clients manage their private networks.
Create a separate IP Provisioning product that can be offered as an optional sub-product for the Proxmox package or as a standalone service.In Proxmox section, IPAM tab, set Client IPs to include the product with IP Provisioning you created
IP Provisioning Configuration (applies to both options):
Select IPv4 Subnet size
Select IPv4 Subnet from IPAM, it which will be used to allocate smaller IP lists.
Enable Auto provision vlanVLAN if you intend to use VLAN isolation
Select Vlan VLAN group from IPAM
In Proxmox Product > Connect with App > Client IPs select your IP Provisioning product.
With this setup clients can purchase IP provisioning services to get private network, you can offer this in a bundle or a subproduct for proxmox services.
Make sure that you do not use the same list that was configured in proxmox IP pool, IP provisioning will split selected list into smaller subnets and assign those to client services.
Bridge Isolation
You will need to prepare your cluster and create multiple network bridges that can later be assigned to clients.
In your product settings Connect with App > Network:
Enable Assign Network Bridge, and select which bridges should be assigned to clients.
...
| Note |
|---|
Do not use subnets added in Proxmox configuration (Default IPv4 Pool, Network mapping) for IPv4 Subnet in IP Provisioning module configuration. |