Hi,
we have a Proxmox VE cluster with four physical hosts. One or sometimes two hosts have a problem and don't forward packets from a KVM VM to a windows nlb cluster IP.
The nlb cluster is not on the Proxmox cluster but in the same VLAN as the VM.
bond0 are 10G interfaces for communication with the storage (VLAN 55 for host <-> storage communication)
bond1 is connected to the 1G network (VLAN 52 for host management, 2098 for backup storage)
VMs are configured with a VLAN ID, so vmbr1v50 is set up by proxmox.
VM with vlan 50 -> tap...i1 -> vmbr1v50 -> bond1.50 -> bond1 -> eth0+eth1
Detail to the nlb cluster IP:
Does someone know a way to find the reason for this problem or even knows how to fix it?
Some more stuff:
we have a Proxmox VE cluster with four physical hosts. One or sometimes two hosts have a problem and don't forward packets from a KVM VM to a windows nlb cluster IP.
The nlb cluster is not on the Proxmox cluster but in the same VLAN as the VM.
Code:
auto lo
iface lo inet loopback
auto bond0
iface bond0 inet manual
bond-slaves eth4 eth5
bond-mode 802.3ad
bond-miimon 100
mtu 9000
auto bond1
iface bond1 inet manual
bond-slaves eth0 eth1
bond-mode 802.3ad
bond-miimon 100
auto vmbr0
iface vmbr0 inet manual
bridge_ports bond0
bridge_stp off
bridge_fd 0
mtu 9000
auto vmbr1
iface vmbr1 inet manual
bridge_ports bond1
bridge_stp off
bridge_fd 0
auto bond0.55
iface bond0.55 inet static
address 10.20.55.83
netmask 255.255.255.0
mtu 9000
auto bond1.52
iface bond1.52 inet static
address 10.20.52.83
netmask 255.255.255.0
gateway 10.20.52.1
auto bond1.2098
iface bond1.2098 inet static
address 10.20.98.83
netmask 255.255.255.0bond1 is connected to the 1G network (VLAN 52 for host management, 2098 for backup storage)
VMs are configured with a VLAN ID, so vmbr1v50 is set up by proxmox.
VM with vlan 50 -> tap...i1 -> vmbr1v50 -> bond1.50 -> bond1 -> eth0+eth1
- I did run tcpdump on the complete chain and could see that the syn-/icmp-packets get to vmbr1v50 but not to bond1.50.
- /proc/sys/net/bridge/* were already set to 0
- net.ipv4.conf.*.forwarding ist set to "1"
- ebtables (additionally installed and purged again): empty and default chain is/was accept
- iptables-save: empty and chain default is accept
- ARP reaches VM and i have an arp table entry
- If i migrate the VM to another host, the communication with the nlb cluster IP works again
Detail to the nlb cluster IP:
- IP has mac address 03:bf:0a:..... (microsoft nlb range)
- Answer is from mac address 00:50:.... (real host macaddress, VMware in our case)
Does someone know a way to find the reason for this problem or even knows how to fix it?
Some more stuff:
Code:
root@proxmox04:~# brctl show
bridge name bridge id STP enabled interfaces
vmbr0 8000.6805ca22b6c6 no bond0
vmbr0v56 8000.6805ca22b6c6 no bond0.56
tap102i0
tap135i0
vmbr1 8000.002564fc2c5b no bond1
vmbr1v50 8000.002564fc2c5b no bond1.50
tap102i1
tap135i1
root@proxmox04:~# brctl showstp vmbr1v50
vmbr1v50
bridge id 8000.002564fc2c5b
designated root 8000.002564fc2c5b
root port 0 path cost 0
max age 19.99 bridge max age 19.99
hello time 1.99 bridge hello time 1.99
forward delay 0.00 bridge forward delay 0.00
ageing time 299.95
hello timer 0.71 tcn timer 0.00
topology change timer 0.00 gc timer 0.71
flags
bond1.50 (1)
port id 8001 state forwarding
designated root 8000.002564fc2c5b path cost 100
designated bridge 8000.002564fc2c5b message age timer 0.00
designated port 8001 forward delay timer 0.00
designated cost 0 hold timer 0.00
flags
tap102i1 (2)
port id 8002 state forwarding
designated root 8000.002564fc2c5b path cost 100
designated bridge 8000.002564fc2c5b message age timer 0.00
designated port 8002 forward delay timer 0.00
designated cost 0 hold timer 0.00
flags
tap135i1 (3)
port id 8003 state forwarding
designated root 8000.002564fc2c5b path cost 100
designated bridge 8000.002564fc2c5b message age timer 0.00
designated port 8003 forward delay timer 0.00
designated cost 0 hold timer 0.00
flags
Last edited: