Initial commit

2025-11-30 08:47:38 +08:00
commit 18faa0569e
47 changed files with 7969 additions and 0 deletions
--- a/skills/proxmox/references/networking.md
+++ b/skills/proxmox/references/networking.md
@@ -0,0 +1,153 @@
+# Proxmox Networking Reference
+
+## Linux Bridges
+
+Default networking method for Proxmox VMs and containers.
+
+### Bridge Configuration
+
+```
+# /etc/network/interfaces example
+auto vmbr0
+iface vmbr0 inet static
+    address 192.168.1.10/24
+    gateway 192.168.1.1
+    bridge-ports eno1
+    bridge-stp off
+    bridge-fd 0
+    bridge-vlan-aware yes
+```
+
+### VLAN-Aware Bridge
+
+Enable VLAN tagging at VM level instead of separate bridges:
+
+- Set `bridge-vlan-aware yes` on bridge
+- Configure VLAN tag in VM network config
+- Simpler management, fewer bridges needed
+
+### Separate Bridges (Alternative)
+
+One bridge per VLAN:
+
+- vmbr0: Untagged/native VLAN
+- vmbr1: VLAN 10
+- vmbr5: VLAN 5
+
+More bridges but explicit network separation.
+
+## VLAN Configuration
+
+### At VM Level (VLAN-aware bridge)
+
+```
+net0: virtio=XX:XX:XX:XX:XX:XX,bridge=vmbr0,tag=20
+```
+
+### At Bridge Level (Separate bridges)
+
+```
+net0: virtio=XX:XX:XX:XX:XX:XX,bridge=vmbr20
+```
+
+## Firewall
+
+Three levels of firewall rules:
+
+| Level | Scope | Use Case |
+|-------|-------|----------|
+| Datacenter | Cluster-wide | Default policies |
+| Node | Per-node | Node-specific rules |
+| VM/Container | Per-VM | Application-specific |
+
+### Default Policy
+
+- Input: DROP (only allow explicit rules)
+- Output: ACCEPT
+- Enable firewall per VM in Options
+
+### Common Rules
+
+```
+# Allow SSH
+IN ACCEPT -p tcp --dport 22
+
+# Allow HTTP/HTTPS
+IN ACCEPT -p tcp --dport 80
+IN ACCEPT -p tcp --dport 443
+
+# Allow ICMP (ping)
+IN ACCEPT -p icmp
+```
+
+## SDN (Software Defined Networking)
+
+Advanced networking for complex multi-tenant setups.
+
+### Zone Types
+
+| Type | Use Case |
+|------|----------|
+| Simple | Basic L2 network |
+| VLAN | VLAN-based isolation |
+| VXLAN | Overlay networking |
+| EVPN | BGP-based routing |
+
+### When to Use SDN
+
+- Multi-tenant environments
+- Complex routing requirements
+- Cross-node L2 networks
+- VXLAN overlay needs
+
+For homelab: Standard bridges usually sufficient.
+
+## Network Performance
+
+### Jumbo Frames
+
+Enable on storage network for better throughput:
+
+```
+# Set MTU 9000 on bridge
+auto vmbr40
+iface vmbr40 inet static
+    mtu 9000
+    ...
+```
+
+Requires: All devices in path support jumbo frames.
+
+### VirtIO Multiqueue
+
+Enable parallel network processing for high-throughput VMs:
+
+```
+net0: virtio=XX:XX:XX:XX:XX:XX,bridge=vmbr0,queues=4
+```
+
+## Troubleshooting
+
+### Check Bridge Status
+
+```bash
+brctl show              # List bridges and attached interfaces
+ip link show vmbr0      # Bridge interface details
+bridge vlan show        # VLAN configuration
+```
+
+### Check VM Network
+
+```bash
+qm config <vmid> | grep net   # VM network config
+ip addr                        # From inside VM
+```
+
+### Common Issues
+
+| Problem | Check |
+|---------|-------|
+| No connectivity | Bridge exists, interface attached |
+| Wrong VLAN | Tag matches switch config |
+| Slow network | MTU mismatch, driver type |
+| Firewall blocking | Rules, policy, enabled status |