"
Hi together,
I am just about to start a small project for my homelab and could use your thoughts.
In general it is about the topic HA with OPNsense. I would like to build a HA cluster, as well as set up a MultiWAN. (My neighbor is nice enough to let me use his internet line via a wireless link. :-) )
For this project I got these mini PCs from China: https://de.aliexpress.com/item/1005004054487971.html?spm=a2g0o.ams_97944.0.0.224ffziNfziNlv&pdp_ext_f=%7B%22ship_from%22:%22CN%22,%22sku_id%22:%2212000027878516610%22%7D&scm=1007.26694.140541.0&scm_id=1007.26694.140541.0&scm-url=1007.26694.140541.0&pvid=138c4588-1e9d-4e24-a1cd-ae4185ee7ea6&fromRankId=1544826&_t=fromRankId:1544826
I also equipped them with 32 GB RAM and a 512 GB SATA SSD. So actually enough power (maybe apart from the CPU).
Now comes the crux. I would like to map the whole thing virtually in a Proxmox HA cluster, which runs on these mini PCs.
This is no problem at first, but I am thinking about how to set up the network ports.
If I look at a single PC I need the following ports for OPNsense: WAN1, WAN2, LAN, HA-Sync, maybe optionally a DMZ port.
For Proxmox I actually wanted a dedicated management port and an extra port for the rest of the VMs.
Now I'm thinking about which ports I use directly physically and which I use virtually.
Currently I think that for OPNsense I will definitely forward WAN1, WAN2 and DMZ as physical port to the virtual OPNsense. If only for the security aspect.
For Proxmox then just two more ports for MGMT and VM traffic.
That's 5 used ports out of 6, leaving one for LAN and HA sync, which I honestly don't really like.
So I thought of a bond of two ports for LAN, HA-Sync and VM traffic.
As I said, my thinking is not quite done yet and I would be interested in your opinion. How would you implement something like this. Maybe a very large bond with 4 ports and all virtual ports. Or maybe VLANs???
Thanks a lot
Greetings
Joe
PS: Almost forgotten. Not that we misunderstand each other. These two mini PCs are not the complete Homelab and I don't want dozens of VMs on them. I also have another Proxmox cluster.
I thought only by virtualizing the OPNsense I am a bit more flexible in the future and can still use the remaining resources of the Mini PCs sensibly. For example a Unifi controller or similar. So nothing with much resource consumption.
I am just about to start a small project for my homelab and could use your thoughts.
In general it is about the topic HA with OPNsense. I would like to build a HA cluster, as well as set up a MultiWAN. (My neighbor is nice enough to let me use his internet line via a wireless link. :-) )
For this project I got these mini PCs from China: https://de.aliexpress.com/item/1005004054487971.html?spm=a2g0o.ams_97944.0.0.224ffziNfziNlv&pdp_ext_f=%7B%22ship_from%22:%22CN%22,%22sku_id%22:%2212000027878516610%22%7D&scm=1007.26694.140541.0&scm_id=1007.26694.140541.0&scm-url=1007.26694.140541.0&pvid=138c4588-1e9d-4e24-a1cd-ae4185ee7ea6&fromRankId=1544826&_t=fromRankId:1544826
I also equipped them with 32 GB RAM and a 512 GB SATA SSD. So actually enough power (maybe apart from the CPU).
Now comes the crux. I would like to map the whole thing virtually in a Proxmox HA cluster, which runs on these mini PCs.
This is no problem at first, but I am thinking about how to set up the network ports.
If I look at a single PC I need the following ports for OPNsense: WAN1, WAN2, LAN, HA-Sync, maybe optionally a DMZ port.
For Proxmox I actually wanted a dedicated management port and an extra port for the rest of the VMs.
Now I'm thinking about which ports I use directly physically and which I use virtually.
Currently I think that for OPNsense I will definitely forward WAN1, WAN2 and DMZ as physical port to the virtual OPNsense. If only for the security aspect.
For Proxmox then just two more ports for MGMT and VM traffic.
That's 5 used ports out of 6, leaving one for LAN and HA sync, which I honestly don't really like.
So I thought of a bond of two ports for LAN, HA-Sync and VM traffic.
As I said, my thinking is not quite done yet and I would be interested in your opinion. How would you implement something like this. Maybe a very large bond with 4 ports and all virtual ports. Or maybe VLANs???
Thanks a lot
Greetings
Joe
PS: Almost forgotten. Not that we misunderstand each other. These two mini PCs are not the complete Homelab and I don't want dozens of VMs on them. I also have another Proxmox cluster.
I thought only by virtualizing the OPNsense I am a bit more flexible in the future and can still use the remaining resources of the Mini PCs sensibly. For example a Unifi controller or similar. So nothing with much resource consumption.
