Hi All,
Recently I posted in another forum about a strange issue I've discovered with one of our VM's. I had thought the issue may have been something specific to Debian as our windows hosts don't seem to have this issue, but it seems not.
In the proxmox environment I have one vmbr device which has two subnets running on top of it. What is happening is that a guest from one subnet is able to directly communicate with a guest in the other subnet without passing through the gateway; something that it should not be able to do.
Topology:
Server A > Gateway > Server B
Now, Server A and Server B both have IP addresses in /27 blocks adjacent to one another; for example:
Server A: 10.0.0.40/27
Server B: 10.0.0.2/27
When Server A is sends an ARP to the wire for 10.0.0.2, Server B is answering directly, instead of routing through the gateway.
I'm wondering if this is perhaps a bug/issue with the vmbr driver in Proxmox?
And just to answer the logical question... Yes, I have checked that the subnet's are specified correctly
Here is the relevant info from the servers:
SERVER A:
root@XXXXXX:~# ip addr show
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether XX:XX:XX:9e:26:52 brd ff:ff:ff:ff:ff:ff
inet XXX.XXX.210.40/27 brd XXX.XXX.210.63 scope global eth0
SERVER B:
root@XXXXXX:~# ip addr show
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether XX:XX:XX:39:30:ba brd ff:ff:ff:ff:ff:ff
inet XXX.XXX.210.2/27 brd XXX.XXX.210.31 scope global eth0
PCAP:
No. Time Source Destination Protocol Info
100 283.624027 XX:XX:XX:39:30:ba Broadcast ARP Who has XXX.XXX.210.40? Tell XXX.XXX.210.2
101 283.624226 XX:XX:XX:9e:26:52 XX:XX:XX:39:30:ba ARP XXX.XXX.210.40 is at XX:XX:XX:9e:26:52
Any help/comments on this is greatly appreciated.
Thanks
Anubis
Recently I posted in another forum about a strange issue I've discovered with one of our VM's. I had thought the issue may have been something specific to Debian as our windows hosts don't seem to have this issue, but it seems not.
In the proxmox environment I have one vmbr device which has two subnets running on top of it. What is happening is that a guest from one subnet is able to directly communicate with a guest in the other subnet without passing through the gateway; something that it should not be able to do.
Topology:
Server A > Gateway > Server B
Now, Server A and Server B both have IP addresses in /27 blocks adjacent to one another; for example:
Server A: 10.0.0.40/27
Server B: 10.0.0.2/27
When Server A is sends an ARP to the wire for 10.0.0.2, Server B is answering directly, instead of routing through the gateway.
I'm wondering if this is perhaps a bug/issue with the vmbr driver in Proxmox?
And just to answer the logical question... Yes, I have checked that the subnet's are specified correctly
Here is the relevant info from the servers:
SERVER A:
root@XXXXXX:~# ip addr show
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether XX:XX:XX:9e:26:52 brd ff:ff:ff:ff:ff:ff
inet XXX.XXX.210.40/27 brd XXX.XXX.210.63 scope global eth0
SERVER B:
root@XXXXXX:~# ip addr show
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether XX:XX:XX:39:30:ba brd ff:ff:ff:ff:ff:ff
inet XXX.XXX.210.2/27 brd XXX.XXX.210.31 scope global eth0
PCAP:
No. Time Source Destination Protocol Info
100 283.624027 XX:XX:XX:39:30:ba Broadcast ARP Who has XXX.XXX.210.40? Tell XXX.XXX.210.2
101 283.624226 XX:XX:XX:9e:26:52 XX:XX:XX:39:30:ba ARP XXX.XXX.210.40 is at XX:XX:XX:9e:26:52
Any help/comments on this is greatly appreciated.
Thanks
Anubis