Private Network

Owned by Hostbill Support
Last updated: about 13 hours ago
2 min read

To configure private network for client service you will need to assign IP addresses to client in IPAM, either manually or trough automation modules like IP Provisioning.

SDN & VNet Isolation

The module provides automated provisioning of a dedicated virtual network (VNet) for client services. This allows clients to have their private network space, isolated from public and other networks.

To enable VNet:

  1. Navigate to Network > Private Bridge/VNet in the product settings.

  2. Enable the option "Provision unique VNet for client".

  3. Select a zone from the SDN Zone options.

  4. In IPAM tab, set Network mapping for the Private Bridge/VNet option, if you plan to use private network map it to Private & Unmapped lists.

With this setup, client virtual machines or containers can be attached to their dedicated VNet instead of the public bridge (vmbr). This ensures that the private network is fully isolated from other clients environments.

VLAN Isolation

VLAN Isolation ensures that client services are segmented on different virtual LANs for better security and traffic separation.

To set it up in Proxmox:

  1. Enable VLAN tag in the IPAM tab.

    • This will tag the network interface with the VLAN assigned to the IPAM list from which the client's IP is allocated.

  2. Set the Client IPs option in your product settings:

    • IPs assigned to this service: Select this if the IPAM list is assigned to the same service you want to add a private network for. This ensures other client services under the same product do not share those IPs.
      Example: In Cloud Hosting, where each service requires a separate private network.

    • Specific Product: Select this if you want to use IPs assigned to a different product. This allows multiple client services under that product to share access to the same private network.
      Example: In Single VPS provisioning, where all client services access the same private network.

  3. Choose one of the following:

    • Manually assign an IPAM list with private IP addresses to client service.

    • Use the IP Provisioning module as a submodule or sub-product to automate IP list assignment and VLAN assignment provisioning.

  4. Set Network mapping for the bridge that you intend to use for private network, and map it to Private & Unmapped lists.

Automation with IP Provisioning

There are two options for automating private network provisioning in Proxmox:

  1. Submodule:
    In a cloud hosting scenario, you might want each service to have a separate subnet.
    To enable this option, click the "Connect more apps" button in the Proxmox product and select IP Provisioning.

    • In Proxmox section, IPAM tab, set Client IPs to "IPs assigned to this service" to ensure that each service receives its own subnet.

  2. Sub-product or Standalone Service:
    This option can be used for both VPS and cloud hosting environments, allowing flexibility in how clients manage their private networks.
    Create a separate IP Provisioning product that can be offered as an optional sub-product for the Proxmox package or as a standalone service.

    • In Proxmox section, IPAM tab, set Client IPs to include the product with IP Provisioning you created

IP Provisioning Configuration (applies to both options):

  • Select IPv4 Subnet size

  • Select IPv4 Subnet from IPAM, which will be used to allocate smaller IP lists.

  • Enable Auto provision VLAN if you intend to use VLAN isolation

  • Select VLAN group from IPAM

Do not use subnets added in Proxmox configuration (Default IPv4 Pool, Network mapping) for IPv4 Subnet in IP Provisioning module configuration.