Search results

We host virtual routers and firewalls, so we need the ability to QinQ a virtual guest to a VLAN tag. The equivalent of this action is configuring a Cisco switch port in 'dot1q-tunnel' mode. Any untagged or tagged packets are essentially wrapped in another VLAN tag on ingress from the VM and the...

IRQ balance isn't recommended and attempting to mitigate this had disastrous effects resulting in packet loss, latency and service interruptions. What I've learnt: Running Open vSwitch (OvS) LACP bonding is not recommended, one should either run OvS bonds for VM traffic as active-backup bonds...

Apologies about not seeing your message earlier. As wbumiller said, you most probably haven't enabled firewalling on the VMs network interface itself. Herewith the relevant entry directly from the VM config file: [root@kvm1a ~]# grep firewall /etc/pve/nodes/kvm1a/qemu-server/*...

I experienced a similar problem recently where either the latest kernel or converting from the Linux Bridge to OvS fixed the issue: https://forum.proxmox.com/threads/firewall-not-matching.46671/ Please however check that you: Enabled firewalling on Data Centre options Enabled firewalling on...

We have certain guests which perform badly until we disable certain offloading features such as TSO. We already disable GRO on physical uplink ports by calling 'ethtool -K ethX gro off' in /etc/rc.local but want to stop applying per VM customisations by disabling offload capabilities on the TAP...

We have a dual core Intel Wildcat Pass server with Intel E5-2640 processors. We have Hyper Threading enabled so the system reports a total of 40 cores. Reviewing individual core utilisation showed CPU 0 running at 100% which was causing packet loss. We've subsequently used the taskset utility...

Linux bridge implementation: /etc/network/interfaces: auto lo iface lo inet loopback auto bond0 iface bond0 inet manual slaves eth0,eth1 bond_miimon 100 bond_mode active-backup mtu 9216 auto bond1 iface bond1 inet static address 10.254.1.2 netmask 255.255.255.0...

We got this working by converting networking to OvS and simultaneously applying the latest kernel during the restart to change networking. I assume the non VLAN aware bridge was at fault here, probably worth mentioning on the Proxmox firewall Wiki, if it's a known issue.

Herewith the full report with customer's DNS domain, PVE key and public subnets replaced.

Hi Richard, Apologies about not seeing this earlier, herewith the requested output: [root@kvm1c ~]# iptables-save # Generated by iptables-save v1.6.0 on Tue Sep 11 17:13:32 2018 *filter :INPUT ACCEPT [74773175:13446008020] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [71106382:11700562612]...