Bridge anlegen nicht möglich

pointde

Active Member
Apr 13, 2020
37
0
26
47
Hallo zusammen.
Ich versuche gerade vergeblich eine Bridge anzulegen. Obwohl der Device-Name (ens1f1) genauso drin steht, lässt sich die Bridge nicht anlegen:
netlink : error: netlink: ens1f1: cannot enslave link ens1f1 to vmbr2: operation failed with 'No such device' (19)
vmbr2 : error: vmbr2: bridge port ens1f1 does not exist
TASK ERROR: command 'ifreload -a' failed: exit code 1

Ich hänge mal ein paar Bilder an.Interfaces.png
Bridge1.png
Bridge2.png
 
Hallo zusammen.
Ich versuche gerade vergeblich eine Bridge anzulegen. Obwohl der Device-Name (ens1f1) genauso drin steht, lässt sich die Bridge nicht anlegen:
netlink : error: netlink: ens1f1: cannot enslave link ens1f1 to vmbr2: operation failed with 'No such device' (19)
vmbr2 : error: vmbr2: bridge port ens1f1 does not exist
TASK ERROR: command 'ifreload -a' failed: exit code 1

Ich hänge mal ein paar Bilder an.View attachment 43765
View attachment 43766
View attachment 43767


Kennt das Problem niemand?
 
Ich würde mal mit: ip a gegenchecken, ob das entsprechende Interface dort (noch) aufgeführt wird und auch noch so heißt.
 
  • Like
Reactions: aaron
Hier die Ausgabe:
Code:
Linux proxmox 5.15.74-1-pve #1 SMP PVE 5.15.74-1 (Mon, 14 Nov 2022 20:17:15 +0100) x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Sat Nov 26 15:26:22 CET 2022 on pts/0
root@proxmox:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master vmbr0 state UP group default qlen 1000
    link/ether 5c:ba:2c:20:28:f2 brd ff:ff:ff:ff:ff:ff
    altname enp2s0f0
6: eno4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master vmbr1 state UP group default qlen 1000
    link/ether 5c:ba:2c:20:28:f5 brd ff:ff:ff:ff:ff:ff
    altname enp2s0f3
8: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 5c:ba:2c:20:28:f2 brd ff:ff:ff:ff:ff:ff
    inet 192.168.3.20/24 scope global vmbr0
       valid_lft forever preferred_lft forever
    inet6 fe80::5eba:2cff:fe20:28f2/64 scope link
       valid_lft forever preferred_lft forever
9: vmbr2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 6c:b3:11:5e:3e:d3 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::6eb3:11ff:fe5e:3ed3/64 scope link
       valid_lft forever preferred_lft forever
26: vmbr1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 5c:ba:2c:20:28:f5 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::5eba:2cff:fe20:28f5/64 scope link
       valid_lft forever preferred_lft forever
27: veth802i0@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr802i0 state UP group default qlen 1000
    link/ether fe:d2:60:d8:d6:d0 brd ff:ff:ff:ff:ff:ff link-netnsid 0
31: tap200i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master fwbr200i0 state UNKNOWN group default qlen 1000
    link/ether ee:0b:9f:b5:b3:06 brd ff:ff:ff:ff:ff:ff
32: fwbr200i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether ba:a1:bd:e9:06:31 brd ff:ff:ff:ff:ff:ff
33: fwpr200p0@fwln200i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr1 state UP group default qlen 1000
    link/ether 4a:3d:23:bf:90:0c brd ff:ff:ff:ff:ff:ff
34: fwln200i0@fwpr200p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr200i0 state UP group default qlen 1000
    link/ether 3a:af:b2:0a:6c:37 brd ff:ff:ff:ff:ff:ff
35: tap200i1: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master fwbr200i1 state UNKNOWN group default qlen 1000
    link/ether be:ce:ca:42:de:f2 brd ff:ff:ff:ff:ff:ff
36: fwbr200i1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 9a:f5:ac:90:11:f9 brd ff:ff:ff:ff:ff:ff
37: fwpr200p1@fwln200i1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr2 state UP group default qlen 1000
    link/ether 3e:cd:43:51:b8:a2 brd ff:ff:ff:ff:ff:ff
38: fwln200i1@fwpr200p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr200i1 state UP group default qlen 1000
    link/ether 22:c4:bc:6d:cc:8e brd ff:ff:ff:ff:ff:ff
39: veth803i0@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr803i0 state UP group default qlen 1000
    link/ether fe:ea:e7:9e:eb:9e brd ff:ff:ff:ff:ff:ff link-netnsid 1
46: fwbr803i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 1e:8e:5c:3b:a0:9c brd ff:ff:ff:ff:ff:ff
47: fwpr803p0@fwln803i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr1 state UP group default qlen 1000
    link/ether ee:45:e4:c9:a2:1b brd ff:ff:ff:ff:ff:ff
48: fwln803i0@fwpr803p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr803i0 state UP group default qlen 1000
    link/ether ca:11:8b:80:35:7a brd ff:ff:ff:ff:ff:ff
52: fwbr802i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 06:60:83:0f:8b:0d brd ff:ff:ff:ff:ff:ff
53: fwpr802p0@fwln802i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr1 state UP group default qlen 1000
    link/ether 32:85:c5:cf:d2:23 brd ff:ff:ff:ff:ff:ff
54: fwln802i0@fwpr802p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr802i0 state UP group default qlen 1000
    link/ether 6a:29:11:65:8d:a1 brd ff:ff:ff:ff:ff:ff
55: tap801i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master fwbr801i0 state UNKNOWN group default qlen 1000
    link/ether d6:65:dc:80:6f:1e brd ff:ff:ff:ff:ff:ff
56: fwbr801i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether b2:9e:3a:73:5d:ef brd ff:ff:ff:ff:ff:ff
57: fwpr801p0@fwln801i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr1 state UP group default qlen 1000
    link/ether 5a:40:04:b8:7d:65 brd ff:ff:ff:ff:ff:ff
58: fwln801i0@fwpr801p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr801i0 state UP group default qlen 1000
    link/ether e2:2e:75:6b:1a:c7 brd ff:ff:ff:ff:ff:ff
59: tap801i1: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master fwbr801i1 state UNKNOWN group default qlen 1000
    link/ether 8a:87:cd:ee:f3:44 brd ff:ff:ff:ff:ff:ff
60: fwbr801i1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether ca:ee:a3:8e:1d:af brd ff:ff:ff:ff:ff:ff
61: fwpr801p1@fwln801i1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr2 state UP group default qlen 1000
    link/ether 36:d3:c7:f5:0e:a4 brd ff:ff:ff:ff:ff:ff
62: fwln801i1@fwpr801p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr801i1 state UP group default qlen 1000
    link/ether 42:83:db:30:77:62 brd ff:ff:ff:ff:ff:ff
root@proxmox:~# ^C
root@proxmox:~#

Soweit ich sehen kann, tauchen hier die beiden Interfaces nicht auf. Funktionieren müssen sie aber, weil eine direkt an die opnSense VM durchgereicht wird. Mit der 2. wollte ich eben besagte Bridge erstellen....
 
Funktionieren müssen sie aber, weil eine direkt an die opnSense VM durchgereicht wird. Mit der 2. wollte ich eben besagte Bridge erstellen....

Dann reichst du vermutlich gerade beide Ports an die VM durch.

Poste mal bitte (auf dem PVE-Host), jeweils in Code-Tags, die VM-Konfig: qm config VMIDderOPNsenseVM und die vollständige Ausgabe von:
Bash:
for d in /sys/kernel/iommu_groups/*/devices/*; do n=${d#*/iommu_groups/*}; n=${n%%/*}; printf 'IOMMU group %s ' "$n"; lspci -nns "${d##*/}"; done
 
Code:
agent: 1
boot: order=scsi0
cores: 4
hostpci0: 0000:02:00.1
hostpci1: 0000:02:00.2
hostpci2: 0000:07:00.1
memory: 8096
meta: creation-qemu=6.1.1,ctime=1644143807
name: opnSense
numa: 0
onboot: 1
ostype: l26
parent: vor_Glasfaser
scsi0: local-lvm:vm-800-disk-0,size=64G
scsihw: virtio-scsi-pci
smbios1: uuid=99e8bde7-ffd7-41c7-8b62-ea1c98016620
sockets: 1
startup: order=1
vmgenid: 71e5e3b9-efd8-4080-961a-a00166131b45

Code:
IOMMU group 0 00:00.0 Host bridge [0600]: Intel Corporation 8th/9th Gen Core Processor Host Bridge/DRAM Registers [Coffee Lake] [8086:3e33] (rev 07)
IOMMU group 10 00:1d.2 PCI bridge [0604]: Intel Corporation Cannon Lake PCH PCI Express Root Port #11 [8086:a332] (rev f0)
IOMMU group 11 00:1d.3 PCI bridge [0604]: Intel Corporation Cannon Lake PCH PCI Express Root Port #12 [8086:a333] (rev f0)
IOMMU group 12 00:1f.0 ISA bridge [0601]: Intel Corporation Device [8086:a30a] (rev 10)
IOMMU group 12 00:1f.5 Serial bus controller [0c80]: Intel Corporation Cannon Lake PCH SPI Controller [8086:a324] (rev 10)
IOMMU group 13 02:00.0 Ethernet controller [0200]: Intel Corporation I350 Gigabit Network Connection [8086:1521] (rev 01)
IOMMU group 14 02:00.1 Ethernet controller [0200]: Intel Corporation I350 Gigabit Network Connection [8086:1521] (rev 01)
IOMMU group 15 02:00.2 Ethernet controller [0200]: Intel Corporation I350 Gigabit Network Connection [8086:1521] (rev 01)
IOMMU group 16 02:00.3 Ethernet controller [0200]: Intel Corporation I350 Gigabit Network Connection [8086:1521] (rev 01)
IOMMU group 17 01:00.0 System peripheral [0880]: Hewlett-Packard Company Integrated Lights-Out Standard Slave Instrumentation & System Support [103c:3306] (rev 07)
IOMMU group 17 01:00.1 VGA compatible controller [0300]: Matrox Electronics Systems Ltd. MGA G200eH3 [102b:0538] (rev 02)
IOMMU group 17 01:00.2 System peripheral [0880]: Hewlett-Packard Company Integrated Lights-Out Standard Management Processor Support and Messaging [103c:3307] (rev 07)
IOMMU group 17 01:00.4 USB controller [0c03]: Hewlett-Packard Company iLO5 Virtual USB Controller [103c:22f6]
IOMMU group 1 00:01.0 PCI bridge [0604]: Intel Corporation 6th-10th Gen Core Processor PCIe Controller (x16) [8086:1901] (rev 07)
IOMMU group 1 07:00.0 Ethernet controller [0200]: Broadcom Inc. and subsidiaries NetXtreme II BCM57810 10 Gigabit Ethernet [14e4:168e] (rev 10)
IOMMU group 1 07:00.1 Ethernet controller [0200]: Broadcom Inc. and subsidiaries NetXtreme II BCM57810 10 Gigabit Ethernet [14e4:168e] (rev 10)
IOMMU group 2 00:12.0 Signal processing controller [1180]: Intel Corporation Cannon Lake PCH Thermal Controller [8086:a379] (rev 10)
IOMMU group 3 00:14.0 USB controller [0c03]: Intel Corporation Cannon Lake PCH USB 3.1 xHCI Host Controller [8086:a36d] (rev 10)
IOMMU group 3 00:14.2 RAM memory [0500]: Intel Corporation Cannon Lake PCH Shared SRAM [8086:a36f] (rev 10)
IOMMU group 4 00:16.0 Communication controller [0780]: Intel Corporation Cannon Lake PCH HECI Controller [8086:a360] (rev 10)
IOMMU group 4 00:16.4 Communication controller [0780]: Intel Corporation Cannon Lake PCH HECI Controller #2 [8086:a364] (rev 10)
IOMMU group 5 00:17.0 SATA controller [0106]: Intel Corporation Cannon Lake PCH SATA AHCI Controller [8086:a352] (rev 10)
IOMMU group 6 00:1b.0 PCI bridge [0604]: Intel Corporation Cannon Lake PCH PCI Express Root Port #21 [8086:a32c] (rev f0)
IOMMU group 7 00:1c.0 PCI bridge [0604]: Intel Corporation Cannon Lake PCH PCI Express Root Port #1 [8086:a338] (rev f0)
IOMMU group 8 00:1d.0 PCI bridge [0604]: Intel Corporation Cannon Lake PCH PCI Express Root Port #9 [8086:a330] (rev f0)
IOMMU group 9 00:1d.1 PCI bridge [0604]: Intel Corporation Cannon Lake PCH PCI Express Root Port #10 [8086:a331] (rev f0)
 
Last edited:
Code:
IOMMU group 13 02:00.0 Ethernet controller [0200]: Intel Corporation I350 Gigabit Network Connection [8086:1521] (rev 01)
IOMMU group 14 02:00.1 Ethernet controller [0200]: Intel Corporation I350 Gigabit Network Connection [8086:1521] (rev 01)
IOMMU group 15 02:00.2 Ethernet controller [0200]: Intel Corporation I350 Gigabit Network Connection [8086:1521] (rev 01)
IOMMU group 16 02:00.3 Ethernet controller [0200]: Intel Corporation I350 Gigabit Network Connection [8086:1521] (rev 01)

Das sind die: eno[1-4].
Jeder Port ist in seiner eigenen IOMMU-Gruppe.

Code:
IOMMU group 1 07:00.0 Ethernet controller [0200]: Broadcom Inc. and subsidiaries NetXtreme II BCM57810 10 Gigabit Ethernet [14e4:168e] (rev 10)
IOMMU group 1 07:00.1 Ethernet controller [0200]: Broadcom Inc. and subsidiaries NetXtreme II BCM57810 10 Gigabit Ethernet [14e4:168e] (rev 10)

Das sind die: ens1f[0-1].
Beide Ports sind in der selben IOMMU-Gruppe.

Es kann immer nur die komplette IOMMU-Gruppe durchgereicht werden. Sprich reichst du ein Gerät in eine VM durch, verliert der PVE-Host auch alle anderen Geräte in der selben IOMMU-Gruppe.

Könntest schauen, ob es für diese NIC eine Lösung dafür gibt.

Es gibt noch den ACS-Override: [1]. Allerdings, vorausgesetzt es funktioniert in dem Fall überhaupt, verlierst du dadurch die Isolation, was gerade bei einer Firewall natürlich nicht wünschenswert ist.

Ansonsten bliebe wohl nur, den Port nicht durchzureichen und stattdessen auf dem PVE-Host eine weitere Bridge für ihn anzulegen und ausschließlich für die OPNsense-VM zu benutzen. Vorausgesetzt der Port wird nicht nativ in der VM benötigt...

Vielleicht fällt jemand anderem noch was ein.

[1] https://wiki.archlinux.org/title/PC...passing_the_IOMMU_groups_(ACS_override_patch)
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!