Skip to content

Proxmox SDN as Reusable Network Foundation

Overview

Proxmox SDN as Reusable Network Foundation replaces manual bridge edits, subnet setup, and DHCP drift with one repeatable network baseline. The same control path can support host-routed bootstrap environments, edge-routed production designs, and IPAM export for downstream consumers.

It is the network layer that later NetBox, Kubernetes, WAN, and DR services depend on.

Case study

  • Context: Proxmox networking was configured through manual bridge edits applied directly to nodes. There was no repeatable path, no IPAM export, and no consistent topology model across environments.
  • Challenge: adding or changing network segments required direct node access and often left the Proxmox GUI in an inconsistent state that could not be corrected without rebuilding objects.
  • Approach: hybridops-tech/sdn/proxmox was extracted as a standalone, versioned Terraform module with explicit zone, VNet, and subnet contracts. HybridOps consumes the released module through core/onprem/network-sdn, keeping the topology definition separate from the platform runtime.
  • Outcome: zone shybzone is delivered repeatably from a single module version (v0.1.6). Host-routed and edge-routed designs share the same topology contract, and IPAM-ready data is available for downstream consumers.

Covers SDN apply, zone and VNet delivery, host-routed versus edge-routed posture, and the live Proxmox zone state after the apply run.

Outcome

The result is a reusable on-prem network baseline that later platform layers can trust.

  • Segmented VLAN-backed networking is delivered through one controlled path.
  • Host-routed and edge-routed operating modes share the same topology model.
  • IPAM-ready data can be exported from the same SDN definition.

Operating model

  • The released Terraform module defines the SDN zone, VNets, subnets, and optional host services.
  • HybridOps consumes that released module through core/onprem/network-sdn.
  • Host routing, DHCP, and NAT are optional behaviours, not one-off manual side effects.
  • The same baseline can support bootstrap estates and later edge-routed production designs.

Architecture

Proxmox SDN network foundation architecture showing the released public module, the HybridOps SDN runtime consumer, the resulting network baseline, and downstream platform consumers.

The SDN zone and VNets are delivered as versioned, repeatable infrastructure. Downstream platform layers consume the same baseline rather than managing network state independently.

Control sequence

  1. The released Terraform module defines the zone, VNets, and subnet behaviour.
  2. HybridOps consumes that module through the on-prem SDN runtime path.
  3. The zone and network objects become available to downstream platform layers.
  4. NetBox, VMs, Kubernetes, WAN, and DR then consume the same baseline.

Platform state

Proxmox node inventory on hybridhub, showing the downstream VM estate consuming the SDN baseline Proxmox VNets view with shybzone and the management, data, workload, and staging VNets visible with their VLAN tags

IP addresses, hostnames, and instance identifiers visible in screenshots and recordings reflect the ephemeral infrastructure provisioned during the recorded exercise.

Implementation

  • Released module: hybridops-tech/sdn/proxmox is the authoritative SDN release surface.
  • Runtime consumer: core/onprem/network-sdn applies the released baseline in HybridOps.
  • Operator posture: host-routed and edge-routed designs stay under one topology contract.
  • Downstream use: NetBox, VM delivery, Kubernetes, WAN extension, and DR consume the same network foundation.

Key components

Where it fits

  • Proxmox estates replacing manual network administration with a repeatable baseline
  • bootstrap environments that begin host-routed and later move to edge-routed designs
  • on-prem platforms preparing for NetBox, RKE2, WAN, or DR delivery

References

Further reading
Implementation references
  • core/onprem/network-sdn
  • hybridops-tech/sdn/proxmox

What was verified

Verified against HybridOps v1.0.1 and hybridops-tech/sdn/proxmox v0.1.6 with the shared on-prem SDN zone active.