[SOLVED] By creating bridges, the server goes into continuous timeout.

W

WhiteTiger

Member
May 16, 2020
86
2
13
Italy
I had opened another post because I had encountered a problem in the VM consoles that were constantly crashing. After a few seconds "connecting" appeared and we could still work for a minute or two; then yet another block and so on all VMs.
However, we then noticed that the shell also crashed for no reason, although for over a week we were able to work without any problems.
The only difference was creating two bridges using the GUI.

Commenting on the references to these Bridges in Interfaces, the shell resumes working, but obviously the VMs don't work anymore.

This is the contents of my configuration file; the Bridges configuration was created in the GUI using the default values:
Code: 
source /etc/network/interfaces.d/*
auto lo

iface lo inet loopback

auto eno1
iface eno1 inet dhcp

iface eno2 inet manual

iface eno3 inet manual

iface eno4 inet manual

iface ens1f0 inet manual

iface ens1f1 inet manual

#auto vmbr3
#iface vmbr3 inet static
#       address 192.168.203.31/24
#       gateway 192.168.203.1
#       bridge-ports eno1
#       bridge-stp off
#       bridge-fd 0
#Bridge DMZ3

#auto vmbr1
#iface vmbr1 inet static
#       address 192.168.201.31/24
#       bridge-ports eno3
#       bridge-stp off
#       bridge-fd 0
#Bridge LAN1

The documentation states that when Proxmox is installed, vmbr0 is created, but we do not find any trace of it.

For your information:
eno1 is the first card on the motherboard and is connected to the DMZ switch.
eno3 is another card on the motherboard and is connected to the LAN switch.
eno2 is currently not used, but I wanted to use it in bond with eno1
eno3 is not currently used, but I wanted to use it for an additional reserved area.
The other two NICs, on a PCIe card, I still don't know how to use.

This is the Server Configuration
  • CPU(s) 24 x Intel(R) Xeon(R) CPU E5-2620 v2 @ 2.10GHz (2 Sockets)
  • RAM 64GB
  • Kernel Version Linux 5.11.22-5-pve #1 SMP PVE 5.11.22-10 (Tue, 28 Sep 2021 08:15:41 +0200)
  • PVE Manager Version pve-manager/7.0-13/7aa7e488
 
Last edited:
Looks fine to me. I guess you changed eno1 back to "iface eno1 inet manual" when not commenting out the vmbr3?
 
There are no more blocks if I remove the comments on vmbr3 and leave the comments on vmbr1.
On the other hand we need more bridges

My network is done like this:
1) Internet Router
2) Firewall that manages LAN and DMZ
3) There are 2 physical switches. One for the DMZ and one for the LAN.
4) Proxmox is on a server with one NIC in DMZ and one NIC in LAN. Proxmox can be reached from PCs in LAN with its NIC in DMZ.
5) There are two bridges, one on DMZ and one on LAN.
6) The VMs are associated with either one bridge or the other.
7) PCs on the LAN see servers in DMZ, including Proxmox and its VMs.

VMs on the LAN must be able to see other resources on the LAN, such as printers. For this there are two bridges.

Obviously all this is not working, but I don't think the problem depends on the firewall since all the VMs are reachable from the LAN and can access the Internet, for example for updates.
 
Last edited:
This is the simplified representation of the network I am implementing.
A physical PC in the LAN must be able to connect to a Host Proxmox server in DMZ3.
Inside this server there are 3 virtual networks corresponding to the LAN, DMZ2 and DMZ3.
Obviously, the PCs in the LAN (whether physical or virtual) must be able to connect to the PCs and Servers in the DMZ2 and DMZ3.
Instead:
  • the virtual PCs present in the DMZ2 must be able to connect only to the servers of the DMZ2.
  • The virtual PCs present in the DMZ3 must be able to connect only to the servers of the DMZ3.
Rete-Proxmox.png


Code: 
source /etc/network/interfaces.d/*

auto lo
iface lo inet loopback
iface eno1 inet manual
iface eno2 inet manual
iface eno3 inet manual
iface eno4 inet manual
iface ens1f0 inet manual
iface ens1f1 inet manual

auto vmbr1
iface vmbr1 inet static
       address 192.168.201.31/24
       gateway 192.168.201.1
       bridge-ports eno1
       bridge-stp off
       bridge-fd 0
#Bridge LAN

auto vmbr2
iface vmbr2 inet static
        address 192.168.202.31/24
        gateway 192.168.202.1
        bridge-ports eno2
        bridge-stp off
        bridge-fd 0
#Bridge DMZ2

auto vmbr3
iface vmbr3 inet static
        address 192.168.203.31/24
        gateway 192.168.203.1
        bridge-ports eno3
        bridge-stp off
        bridge-fd 0
#Bridge DMZ3
 
Looks fine except for the gateways. Your PVE host only should have one gateway or otherwise it can't decide where to send packets that have a target that is not in your 192.168.201.0/24, 192.168.202.0/24 or 192.168.203.0/24 nets. So you need to remove 2 of the 3 gateways and only set one gateway in either vmbr1, vmbr2 or vmbr3.
 
Last edited:
spirit said:
you don't need ip address on vmbrX, to have network working in the vms.
(until you want to uses theses vmbrX ips as gateway for yours vms)
Click to expand...
VMs must be able to browse the Internet and connect to other VMs in another network segment.
For example VMs in the LAN segment must be able to connect to servers in DMZ2 and DMZ3.
 
WhiteTiger said:
VMs must be able to browse the Internet and connect to other VMs in another network segment.
For example VMs in the LAN segment must be able to connect to servers in DMZ2 and DMZ3.
Click to expand...
if your pfsense is the gateway, and do the inter-vlan routing between dmz, you don't need ip on vmbr2/3. (you just need 1ip for proxmox administration)
 
I solved by removing both the gateways and the IP addresses of vmbr1 and vmbr2
Now I finally have no more interruptions and the VMs are still able to access the Internet.
Thank you all for your help and ... be patient with us novices. ;)

This is the final configuration.
Code: 
source /etc/network/interfaces.d/*

auto lo
iface lo inet loopback
iface eno1 inet manual
iface eno2 inet manual
iface eno3 inet manual
iface eno4 inet manual
iface ens1f0 inet manual
iface ens1f1 inet manual

auto vmbr1
iface vmbr1 inet static
#       address 192.168.201.31/24
#       gateway 192.168.201.1
       bridge-ports eno1
       bridge-stp off
       bridge-fd 0
#Bridge LAN

auto vmbr2
iface vmbr2 inet static
#        address 192.168.202.31/24
#        gateway 192.168.202.1
        bridge-ports eno2
        bridge-stp off
        bridge-fd 0
#Bridge DMZ2

auto vmbr3
iface vmbr3 inet static
        address 192.168.203.31/24
        gateway 192.168.203.1
        bridge-ports eno3
        bridge-stp off
        bridge-fd 0
#Bridge DMZ3
 
  • Like
Reactions: spirit
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back