LXC Network issue

F

fine77

Active Member
Jul 30, 2015
11
0
41
Hello,

i'm new at your forum.
i got a issue with the network configuration.
i have two network cards with the following configuration:
...
allow-vmbr1 eth1
iface eth1 inet manual
ovs_type OVSPort
ovs_bridge vmbr1

allow-vmbr0 eth2
iface eth2 inet manual
ovs_type OVSPort
ovs_bridge vmbr0

auto vmbr0
iface vmbr0 inet static
address 192.168.6.250
netmask 255.255.255.0
network 192.168.6.0
broadcast 192.168.6.255
gateway 192.168.6.1
ovs_type OVSBridge
ovs_ports eth2
post-up ip route add table vlan50 default via 192.168.6.1 dev vmbr0
port-up ip rule add from 192.168.6.0/24 table vlan50
post-down ip route del table vlan50 default via 192.168.6.1 dev vmbr0
post-down ip rule add from 192.168.6.0/24 table vlan50

auto vmbr1
iface vmbr1 inet static
address 192.168.7.250
netmask 255.255.255.0
network 192.168.7.0
broadcast 192.168.7.255
ovs_type OVSBridge
ovs_ports eth1
post-up ip route add table vlan70 default via 192.168.7.1 dev vmbr1
port-up ip rule add from 192.168.7.0/24 table vlan70
post-down ip route del table vlan70 default via 192.168.7.1 dev vmbr1
post-down ip rule add from 192.168.7.0/24 table vlan70

...

those are two seperated networks.

my problem is, that the veth of the lxc container routes the network through the wrong interface.
in my case i've created a test machine and changed to vmbr1 to get the right network but i saw, that the most traffic goes out through the primary network interface (vmbr0).

i don't know how to fix this.
any suggestions?

btw. the lxc container implementation works great!

regards

fine
 
mir said:
Does it help if you tag the network in the lxc container (host nic I presume is on vlan 70)
Click to expand...

thanks for your feedback.

i've changed the network settings of the container to vlan70 and got "Destination Host Unreachable" at the console.
 
after a couple of hours, i've found out, that the lxc container uses the eth device correctly without the bridge ..
only the port...
 
I have the same problem as you have. The problem is related to the newest update then the vlan support does not exist anymore. The network between the servers housed by the same host have no problem to communicate between VPS to VPS but the vlan from the primary host to others is not working anymore, so this is something that proxmox have to fix!

And this is not related to just LXC, is also related to KVM so is for everything.
 
mir said:
You can temporarily convert to openvswitch. vlans work with ovs.
Click to expand...

Sorry it will not be an option, i want the vlan to be tagged directly to the virtual machine and i use a lot of vlans so that will be difficult to using ovs.
 
hello,

i've investigated more time with the situation and found out that the vlan configuration explained at the documentation: https://pve.proxmox.com/wiki/Open_vSwitch (chapter: Example 1: Bridge + Internal Ports + Untagged traffic) works a little bit better for my setup and i think this is the correct way to configure Proxmox for multi port use.
i can now set the vlan at the lxc container configuration without problems but i couldn't fix the bridge issue.
it seems that something goes wrong at the bridge setup.
 
yeah you are right! but we're talking about openvswitch implementation.

in that case .. the packages aren't forwarded to the bridge and routed back to the port.
or anything else.. :D

sorry i don't know exactly how to trace that issue.
 
Last edited:
my next step was to find out what works.
- kvm works without a problem. the traffic goes over the bridge.
- lxc containers routes only the ipv6 traffic over the bridge.

i have only a ipv4 setup in my testlab at present because my provider supports no ipv6 atm. and i'm not happy with a tunnel to get functionality.

just for info. i've found the issue here.

any suggestions?
 
Hi everybody!
I have the same problem in my Proxmox server. I will explain the whole schema to understand the problem.
Proxmox is installed on a one ethernet server.
There are two bridges, vmbr0 and vmbr1. vmbr0 is associated to eth0.
Inside, there are three KVM VM:
- pfSense (2 interfaces): wan interface is associated to vmbr0 and lan interface is associated to vmbr1
- Linux (1 interface): associated to vmbr1
- Win 7 (1 interface): associated to vmbr1
And I also have a LXC VM:
- Linux (1 interface): associated to vmbr1

The idea is use pfsense as a firewall for every VM. The KVM VMs works ok, the traffic goes by the bridge vmbr1 but on the LXC VM the traffic goes through vbmr0 so this VM doesn't work properly.

I think this schema is very simple to reproduce and it should work
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back