I have a VM running Immich on an outward facing vlan on my main server. I have a old dell with some GPUs in them running llm/ml workloads, on my internal, private vlan. The outward facing vlan can not talk to any other networks other than the internet. I wanted to use the old dell as the remote ML server for Immich, and am looking for possible solutions to my problem.

I have an intel dual x540 nic in the old dell as well as the built in gigabit. I was going to attempt to run the x540 on the external vlan, allowing the old dell to be seen on both networks. Just was not sure if this was the easiest or or most secure solution. I could also set up a wireguard connection between them, but wasn’t sure about bandwidth or any other issues that would come with that setup. I was also contemplating just putting the old dell on the same vlan, which there is nothing important or critical on it, just always like to practice best security.

Am I on the right track with wireguard? it seems like it would be the easiest to set up and most secure. Or am I overlooking some other solution someone is using for this predicament?

  • SwingingTheLamp@midwest.social
    link
    fedilink
    English
    arrow-up
    5
    ·
    15 hours ago

    I feel like there’s a lot of information missing here. VLANs operate at OSI layer 2, and Immich connects to its ML server via IP in layer 3. It could talk to a remote server in Ecuador over the Internet, so the layer 2 configuration is irrelevant.

    What you have is an issue of routing IP packets between subnets. You just need to set up a rule on your router to allow the Immich server on the Internet-facing IP subnet to connect to the correct port(s) for the ML server on the private subnet. Or maybe use the router’s port-forwarding feature. Lacking further information about the setup, I have to be vague here. In any case, it’s conceptually the same as punching a hole in the firewall to let IP packets from an Immich server in Ecuador get to the ML server on your private subnet, except that the server is not in Ecuador.

    • snekerpimp@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      10 hours ago

      Thank you. I knew I was overthinking it. I know I was being vague, wasn’t sure how much info is too much info when it comes to troubleshooting networking.

      • phanto@lemmy.ca
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 hour ago

        I have immich running in a VM in proxmox… There’s ML? What does it do? I have internet facing stuff behind a reverse proxy, but I use two different subnets for different kinds of traffic, no issues. My 192.168.0.0/24 network does not everything, but I move files around Plex and immich and stuff on a separate 192.168.3.0/24 network. I imagine you could do the same thing without too much trouble.