Hi,
I would like to run a OPNsense Firewall as a virtual guest on a Linux KVM Hypervisor.
The Hypervisor is connected with 2x 10G Fiber to a Switch.
Now the question is how to best configure VLANs:
- My first idea was to have a network bridge for each VLAN on the Hypervisor and this seems to work fine. But adding each VLAN to the firewall with a own interface creates a lot of interfaces. Also it will require to reboot the firewall guest and I would like to avoid this.
Example: Interface A+B (eth0/1) -> Team (team0) -> VLAN (team0.100) -> Bridge (br.team0.100) added to the VM for each VLAN
- ChatGPT suggested to create a single bridge on the hypervisor and connect this bridge (without any VLANs)
Example: Interface A+B (eth0/1) -> Team (team0) -> Bridge (br.team0) added to the VM, VLANs configured in OPNsense
I couldn't find many guides about the second approach, but it sounds better, because a new VLAN would not require a guest reboot and it doesn't create lots of interfaces on the hypervisor. So I wonder if there is any best practices for this?
Thanks.
I use the latter approach (in ESXi) for the reason you mention, no need to restart when adding new vlan interfaces, another reason is that hypervisors can have an upper limit on the amount of interfaces per vm.
Hi!
Are there any downsides to this?
I just wonder why every guide takes the first approach.
I'd recommend PCIe passthrough if you have enough interfaces.