hautschi.at IT, Musik, Reisen
← Zurück zum Blog
Proxmox #Proxmox

OSPF Routing for a Three-Node Proxmox Interconnect

In this post I’ll show a routing-based approach for interconnecting two Proxmox VE nodes together with a Proxmox Backup Server using OSPF and Free Range Routing (FRR). Instead of relying on Layer-2 redundancy and Spanning Tree, the interconnect is routed, which keeps the design simple while still providing redundant paths between all systems.

Veröffentlicht am 09.03.2026

OSPF Routing for a Proxmox Cluster Interconnect

In this tutorial I’ll show how to interconnect two Proxmox VE nodes and a Proxmox Backup Server (PBS) using OSPF with Free Range Routing (FRR).

Instead of building the interconnect as a Layer‑2 network with Spanning Tree, every link is routed. This approach has several advantages:

  • deterministic routing
  • very fast failover
  • no STP required
  • simple and clean network design

Each link between nodes is its own /30 point‑to‑point network, and OSPF distributes the routes automatically.

The Proxmox Backup Server advertises a loopback address, which is used by the cluster nodes for:

  • backup datastore access
  • the qdevice used for cluster quorum

Network Topology

The network 192.168.103.0/24 is split into small /30 point‑to‑point networks.

Example layout:

Link Network
pve-1 ↔ pve-2 192.168.103.0/30
pve-1 ↔ pbs 192.168.103.4/30
pve-2 ↔ pbs 192.168.103.8/30

The Proxmox Backup Server uses a loopback address:

192.168.103.254/32

This address is advertised via OSPF and used by the cluster nodes to access the backup server.

Because it is a loopback address, it stays reachable even if one of the interconnect links fails.

Q: Why use /30 networks for the interconnect?

A /30 network contains exactly two usable addresses, which makes it ideal for point‑to‑point links.
This keeps the routing table clean and prevents accidental use of the network for other hosts.

Step 1 — Install FRR

Install Free Range Routing on all nodes.

On Proxmox VE nodes:

apt update
apt install frr frr-pythontools

On the Proxmox Backup Server:

apt update
apt install frr frr-pythontools

Enable the OSPF daemon.

Edit:

/etc/frr/daemons

Set:

ospfd=yes

Restart FRR:

systemctl restart frr

Q: Why use FRR instead of static routes?

Static routes would technically work, but they become difficult to maintain as soon as redundancy is introduced.

OSPF automatically:

  • detects failures
  • recalculates routes
  • converges to the best path

This makes the design self-healing.

Step 2 — Configure the Interconnect Networks

Configure the point-to-point networks on the interconnect interfaces.

Example configuration.

pve-1

nic3 → pve-2
192.168.103.1/30
nic4 → pbs
192.168.103.5/30

pve-2

nic3 → pve-1
192.168.103.2/30
nic4 → pbs
192.168.103.9/30

pbs

nic3 → pve-1
192.168.103.6/30
nic4 → pve-2
192.168.103.10/30

Q: Why route the interconnect instead of using a bridge with STP?

Layer‑2 redundancy typically requires:

  • bonding
  • STP
  • or MLAG

Routing removes these complexities. OSPF simply calculates the best path and reroutes traffic if a link fails.

This results in:

  • faster convergence
  • easier troubleshooting
  • deterministic traffic flow

When I first set this up, my initial idea was to use Linux bridges with Spanning Tree enabled and connect every node to each other. The main drawback of this approach is that one link will always be blocked by STP, which inevitably causes traffic to pass through a node that is not the actual destination.

Step 3 — Configure the PBS Loopback Address

On the Proxmox Backup Server, create a loopback IP used for:

  • backup traffic
  • qdevice communication

Example using /etc/network/interfaces:

auto lo:backup
iface lo:backup inet static
    address 192.168.103.254/32

Apply the configuration:

ifreload -a

Q: Why use a loopback IP for the backup server?

The loopback address is not tied to a specific interface.

This means:

  • the backup endpoint remains reachable
  • routing automatically chooses the best path
  • failover works transparently

Without a loopback IP, services would depend on the availability of a specific interface.

Step 4 — Configure FRR (OSPF)

Edit the FRR configuration file:

/etc/frr/frr.conf

pve-1

frr version 10.4.1
frr defaults traditional
hostname pve-1
log syslog informational
service integrated-vtysh-config
!
interface nic3
 ip ospf cost 200
 ip ospf dead-interval 3
 ip ospf hello-interval 1
exit
!
interface nic4
 ip ospf cost 10
 ip ospf dead-interval 3
 ip ospf hello-interval 1
exit
!
router ospf
 ospf router-id 192.168.102.1
 network 192.168.103.0/30 area 0.0.0.0
 network 192.168.103.4/30 area 0.0.0.0
exit
!

pve-2

frr version 10.4.1
frr defaults traditional
hostname pve-2
log syslog informational
service integrated-vtysh-config
!
interface nic3
 ip ospf cost 200
 ip ospf dead-interval 3
 ip ospf hello-interval 1
exit
!
interface nic4
 ip ospf cost 10
 ip ospf dead-interval 3
 ip ospf hello-interval 1
exit
!
router ospf
 ospf router-id 192.168.102.2
 network 192.168.103.0/30 area 0.0.0.0
 network 192.168.103.8/30 area 0.0.0.0
exit
!

pbs

frr version 10.3
frr defaults traditional
hostname pbs
log syslog informational
no ip forwarding
no ipv6 forwarding
service integrated-vtysh-config
!
interface nic3
 ip ospf dead-interval 3
 ip ospf hello-interval 1
exit
!
interface nic4
 ip ospf dead-interval 3
 ip ospf hello-interval 1
exit
!
router ospf
 ospf router-id 192.168.102.3
 redistribute connected
 network 192.168.103.4/30 area 0.0.0.0
 network 192.168.103.8/30 area 0.0.0.0
exit
!
end

redistribute connected advertises the loopback address (192.168.103.254/32) into OSPF.

Q: Why use different OSPF interface costs?

OSPF chooses the lowest cost path.

By assigning:

  • nic4 → lower cost
  • nic3 → higher cost

we create a preferred path while keeping the second link as a backup.

Step 5 — Restart FRR

Apply the configuration on all systems:

systemctl restart frr

Step 6 — Verify OSPF

Check neighbors:

vtysh -c "show ip ospf neighbor"

Check routes:

vtysh -c "show ip route"

You should see:

192.168.103.254/32

This confirms that the loopback IP from the backup server is being distributed.

Design Notes

Fast failover

hello-interval 1
dead-interval 3

These aggressive timers allow OSPF to detect failures quickly.

PBS does not route traffic

The backup server has:

no ip forwarding

This ensures it only participates in routing announcements but does not act as a transit router.

Result

With this setup:

  • the Proxmox nodes have redundant routed connectivity
  • the backup server remains reachable through multiple paths
  • no Spanning Tree is required
  • failover happens automatically via OSPF

For small Proxmox clusters with multiple interconnect links, this results in a simple, deterministic and reliable network design.