AORXI Homelab
Networking

Address-Block Convention

The per-/24 octet-band convention governing every routed subnet: gateways at .1, switches at .2–.9, host interfaces at .10–.39, service VMs at .40–.49, DHCP/static at .50–.199, and VIPs at .200–.254.

Every routed /24 in this homelab follows a fixed band assignment by last octet, so any IP address's final octet immediately identifies its role. The same bands apply at Site A (10.10.x.0) and Site B (10.20.x.0).

Convention at a Glance

Octet rangePurpose
.1OPNsense L3 gateway — absent on VLAN 25 (Corosync heartbeat) and VLAN 65 (Ceph cluster)
.2 – .9Network infrastructure: switches, APs, demoted-router management
.10 – .39Physical host interfaces — host-octet convention (same octet on every VLAN the host terminates)
.40 – .49Infrastructure service VMs: Proxmox Backup Server (PBS), pinned DNS appliances
.50 – .199DHCP pool (client/guest VLANs) or static services (server VLANs)
.200 – .254VIPs, MetalLB pools, load-balancer addresses

No gateway on VLAN 25 and VLAN 65

Corosync heartbeat (VLAN 25) and Ceph cluster replication (VLAN 65) carry no OPNsense gateway — no .1 address is assigned on these VLANs. Traffic must remain local to each site and must never be routed across WireGuard.

/22 blocks: VLAN 40 and VLAN 100

VLAN 40 (Kubernetes Nodes) and VLAN 100 (Lab / Trusted Client) are /22 blocks rather than /24 blocks, spanning four consecutive /24 networks. The same band logic applies within the first /24 of each block. K8s node IPs on VLAN 40 follow the host-octet rule: 10.x0.40.<octet>. For example, sa-cmp-01 appears as 10.10.40.11; sb-cmp-03 appears as 10.20.40.30.

Host-Octet Convention

A physical Proxmox host uses the same last octet on every VLAN it terminates. This makes the octet a stable identifier across the entire address plan: seeing .20 on any infrastructure VLAN at Site A identifies sa-stor-01, regardless of which subnet is being inspected.

HostSiteOctetProxmox mgmt (VLAN 20)IPMI (VLAN 10)
sa-edge-01Site A1010.10.20.1010.10.10.10
sa-cmp-01Site A1110.10.20.11
sa-cmp-02Site A1210.10.20.12
sa-stor-01Site A2010.10.20.2010.10.10.20
sb-edge-01Site B1010.20.20.1010.20.10.10
sb-cmp-01Site B2010.20.20.2010.20.10.20
sb-cmp-02Site B2110.20.20.2110.20.10.21
sb-cmp-03Site B3010.20.20.3010.20.10.30
sb-cmp-04Site B3110.20.20.3110.20.10.31
sb-cmp-05Site B3210.20.20.3210.20.10.32

The octet carries through to every infra VLAN the host terminates. For example, sa-stor-01 octet .20 appears on VLAN 20 (10.10.20.20), VLAN 25 (10.10.25.20), VLAN 60 (10.10.60.20), and VLAN 90 (10.10.90.20).

Host IP Policy

A Proxmox host receives an L3 address only on the infrastructure VLANs it physically terminates. Guest and VM VLANs are trunked to the host's Linux bridge, but the bridge holds no host IP on those segments.

Infrastructure VLANs — host IP assigned

VLANNameNotes
10Network Mgmt / IPMIAll Supermicro nodes (IPMI); all nodes for switch/AP management
20Proxmox ManagementAll Proxmox nodes
25Corosync heartbeatAll Proxmox nodes — no GW
60Storage / Ceph publicStorage and compute nodes; edge nodes excluded
65Ceph clusterSite B compute nodes only — no GW; VLAN 65 reserved at Site A
90Backup / ReplicationStorage and compute nodes; edge nodes excluded

Guest and VM VLANs — bridged, no host IP

VLANName
30VM Services
40Kubernetes Nodes
50K8s LB / VIPs
70DMZ
80Monitoring
100Lab / Trusted Client
110IoT
120Guest WiFi

On this page