Hello all,
this is my first post and I really hope you can help me with a (at least for me) very weird problem.
I set up a cluster of 3 HPE servers where vmbr0 is the internal network and vmbr2 is the DMZ. The VLAN config is done on a Cisco ASA 5516. So no VLAN config on the cluster itself, just a normal LAN connection.
The topology looks like:
FW--SW1--SW2--Node1 NIC--Node1 Bridge--VM NIC
Whenever I install a VM in the DMZ network it asks often for the MAC of the GW but only sometimes gets an answer.... And only if there is an answer I can ping the GW and the outside resources from this VM (of course).
I don't see any rules here...... a VM asks for the MAC and at some point gets a reply..... but after some time it can happen that it loses the ARP entry again and loses the ability to contact the GW. Pinging the GW gives back: "Destination Host Unreachable"
VM I tried with Ubuntu 18.04, 16.04 and Windows 10
And it only happens on the DMZ network..
Observation1: On the firewall I don't see the multiple ARP requests, just a request and an answer... So I think most of the requests don't even reach the FW.
Observation 2: As soon as one VM gets a reply another machine loses connection.
I hope you have some ideas for me.
/etc/network/interfaces on node 1 (where the machines are running)
this is my first post and I really hope you can help me with a (at least for me) very weird problem.
I set up a cluster of 3 HPE servers where vmbr0 is the internal network and vmbr2 is the DMZ. The VLAN config is done on a Cisco ASA 5516. So no VLAN config on the cluster itself, just a normal LAN connection.
The topology looks like:
FW--SW1--SW2--Node1 NIC--Node1 Bridge--VM NIC
Whenever I install a VM in the DMZ network it asks often for the MAC of the GW but only sometimes gets an answer.... And only if there is an answer I can ping the GW and the outside resources from this VM (of course).
I don't see any rules here...... a VM asks for the MAC and at some point gets a reply..... but after some time it can happen that it loses the ARP entry again and loses the ability to contact the GW. Pinging the GW gives back: "Destination Host Unreachable"
VM I tried with Ubuntu 18.04, 16.04 and Windows 10
And it only happens on the DMZ network..
Observation1: On the firewall I don't see the multiple ARP requests, just a request and an answer... So I think most of the requests don't even reach the FW.
Observation 2: As soon as one VM gets a reply another machine loses connection.
I hope you have some ideas for me.
/etc/network/interfaces on node 1 (where the machines are running)
Code:
auto lo
iface lo inet loopback
iface eno1 inet manual
iface eno3 inet manual
iface eno4 inet manual
iface ens3f0 inet manual
iface ens3f1 inet manual
iface eno2 inet manual
auto bond0
iface bond0 inet manual
bond-slaves ens3f0 ens3f1
bond-miimon 100
bond-mode balance-rr
auto vmbr0
iface vmbr0 inet static
address 10.10.0.50
netmask 255.255.254.0
gateway 10.10.0.1
bridge-ports eno1
bridge-stp off
bridge-fd 0
auto vmbr1
iface vmbr1 inet static
address 10.10.12.150
netmask 255.255.255.0
bridge-ports bond0
bridge-stp off
bridge-fd 0
#CEPH NET
auto vmbr2
iface vmbr2 inet manual
bridge-ports eno4
bridge-stp off
bridge-fd 0
#dmz