Search results

maybe the best way is to ask to the dev mailing list pve-devel@lists.proxmox.com. (I'm pretty sure that some users could be interested for routers vm appliance) the basic dev doc for patch submission is here: https://pve.proxmox.com/wiki/Developer_Documentation does it expose a vswitch ? if...

This is needed if you want to use iptables (used by pve-firewall) to have ip rules at bridge level. why do you want to disable them ? Alternatively, they shouldn't be needed by the new nftables based firewall (proxmox-firewall services), as nftables is able to handle it without tricks at...

Hi, I don't remember, but does it work with virtio-net ? I thinked it need vhost-user-net (that is not implement in proxmox currently )

mmm, this seem to be a change in debian13: https://www.debian.org/releases/trixie/release-notes/issues.html#etc-sysctl-conf-is-no-longer-honored In Debian 13, systemd-sysctl no longer reads <span>/etc/sysctl.conf</span>. The package linux-sysctl-defaults ships...

say thanks you to systemd. the nic naming is based of pci slot ordering. sometimes, when adding a pcie devices (or nvme drive), the internal order can change. (depend of the motherboard). pve9 have a new feature to add a statc name "nicX" based on mac-address, like 10year ago before this shit...

do you use bonding on your proxmox node ? if yes, which mode ? dropped traffic could be multicast or unicast flood with destination ip is not the ip of our vm. (check also if mac address ageing timeout not too low on your physical switch)

always use virtio. e1000 don't have any acceleration

I known that ext4 had problem with discard in the past (not about fragmentation, but discard not always working). Personally, I'm using xfs in production, and I never had this problem (on 4000 vms)

do you have any snapshot in theses vms ? (because triming on snapshot will take more space instead reduce the space)

they are an option on the zone: "exit nodes local routing"

(small reminder: don't use zfs on consumer ssd/nvme . they can't handle a lot of fsync because they don't have a PLP/powercapacitor), and zfs do a lot of sync. It's really like 200~1000 iops max with this kind of drive.

yes, I was thinking exactly the same

this is normal, don't use vmxnet3 or e1000, they are full software emulation. you need to use virtio which use vhost-net offloading on pvehost. your cpu is quite old, and it's possible that spectre/meltdown/.... mitigation impact performance nano /etc/default/grub to...

250566pps is quite low, I mean , you should reach 1~2mpps for any each packetsize. I remember to reach easily 7~9gbit with 1core/thread with standard 1500mtu. (with epyc v3 3,5ghz and cpu forced to max frequency)

as far I remember, virtio-net is limit is around 2millions pps by core (depend of the cpu frequency). The only way is to increase number of queue on the virtio nic. (if you are cpu limited, you should see a vhost-net process at 100% on the pve host) doing iperf with big packet will not help to...

I think it could be done with a dedicated interface in each zone/vrf, (not sure if a vlan tagged interface could work to avoid the need to have dedicated interfaces). That's why I'm doing it with my physical router/switch currently, with a lot of zones,it's more simplier

currently ipam/dns are working with dhcp only, and dhcp is working with simple zone. it's working in progress to add feature on other zones.

if you have talking about the vxlan tunnels themself or the bgp peers, they are simply using the route to reach to remote peers ips. so you can make simple routes on your host if needed. or do you want PBR specifically for the vxlan udp port on a different nic ????

do you have an example of what you need to do with manual routes to be sure to understand what you need? on the underlay, evpn/vxlan are using peers adress list to establish vxlan tunnel, and the vxlan tunnels are working in default vrf only. in the overlay, in evpn, if you define an...

currently the gateway ip from gui is only apply to simple zone && evpn zone as the ip is pushed on the vnet on all hosts. (or you could have ip conflict on layer2 zones like vlan,vxlan,....) you can add an ip with add in /etc/network/interfaces of the node iface vnet100 address...