Can't figure out why proxmox crashes.

D

Dnezar

New Member
Jul 5, 2024
16
0
1
Hi, my standalone PVE node crashed 2 times this week. I noticed the GUI became unresponsive the first time. Second time it migrated to another NIC due to network crashes. I wasn't paying much attention with New Year and all.
My journalctl was flooded with 1300000 lines. I picked up the most important ones.

Code: 
Dec 30 00:33:48 pph1 dhclient[480613]: DHCPDISCOVER on vmbr1 to 255.255.255.255 port 67 interval 1
Dec 30 00:33:48 pph1 dhclient[480613]: DHCPDISCOVER on fwpr2116p2 to 255.255.255.255 port 67 interval 1
Dec 30 00:33:48 pph1 dhclient[480613]: DHCPDISCOVER on veth2100i0 to 255.255.255.255 port 67 interval 1
Dec 30 00:33:48 pph1 dhclient[480613]: DHCPDISCOVER on fwpr2110p1 to 255.255.255.255 port 67 interval 1
Dec 30 00:33:48 pph1 dhclient[480613]: DHCPDISCOVER on veth2112i1 to 255.255.255.255 port 67 interval 1
Dec 30 00:33:48 pph1 dhclient[480613]: DHCPDISCOVER on veth2051i1 to 255.255.255.255 port 67 interval 1
Dec 30 00:33:49 pph1 dhclient[480613]: No DHCPOFFERS received.
Dec 30 00:33:49 pph1 dhclient[480613]: No working leases in persistent database - sleeping.
Dec 30 00:33:49 pph1 dhclient[480613]: No DHCPOFFERS received.
Dec 30 00:33:49 pph1 dhclient[480613]: No working leases in persistent database - sleeping.
Dec 30 00:33:49 pph1 dhclient[480613]: No DHCPOFFERS received.
Dec 30 00:33:49 pph1 dhclient[480613]: No working leases in persistent database - sleeping.
Dec 30 00:33:49 pph1 dhclient[480613]: No DHCPOFFERS received.
Dec 30 00:33:49 pph1 dhclient[480613]: No working leases in persistent database - sleeping.
Dec 30 00:33:53 pph1 iptag[3026]: Checking fw net interface...
Dec 30 00:33:58 pph1 kernel: veth2051i2: left allmulticast mode
Dec 30 00:33:58 pph1 kernel: veth2051i2: left promiscuous mode
Dec 30 00:33:58 pph1 kernel: fwbr2051i2: port 2(veth2051i2) entered disabled state

Dec 30 00:35:20 pph1 iptag[3026]: Skipping 2113 cause ip no changes
Dec 30 00:35:23 pph1 iptag[3026]: Skipping 2114 cause ip no changes
Dec 30 00:35:25 pph1 kernel: veth2200i2: left allmulticast mode
Dec 30 00:35:25 pph1 kernel: veth2200i2: left promiscuous mode
Dec 30 00:35:25 pph1 kernel: fwbr2200i2: port 2(veth2200i2) entered disabled state
Dec 30 00:35:25 pph1 dhclient[480613]: receive_packet failed on fwln2200i2: Network is down
Dec 30 00:35:25 pph1 dhclient[480613]: receive_packet failed on fwpr2200p2: Network is down
Dec 30 00:35:25 pph1 kernel: fwbr2200i2: port 1(fwln2200i2) entered disabled state
Dec 30 00:35:25 pph1 kernel: vmbr2: port 12(fwpr2200p2) entered disabled state
Dec 30 00:35:25 pph1 kernel: fwln2200i2 (unregistering): left allmulticast mode
Dec 30 00:35:25 pph1 kernel: fwln2200i2 (unregistering): left promiscuous mode
Dec 30 00:35:25 pph1 kernel: fwbr2200i2: port 1(fwln2200i2) entered disabled state
Dec 30 00:35:25 pph1 kernel: fwpr2200p2 (unregistering): left allmulticast mode
Dec 30 00:35:25 pph1 kernel: fwpr2200p2 (unregistering): left promiscuous mode
Dec 30 00:35:25 pph1 kernel: vmbr2: port 12(fwpr2200p2) entered disabled state
Dec 30 00:35:25 pph1 dhclient[480613]: receive_packet failed on fwbr2200i2: Network is down
Dec 30 00:35:26 pph1 kernel: out: port 12(fwpr2200p2) entered blocking state
Dec 30 00:35:26 pph1 kernel: out: port 12(fwpr2200p2) entered disabled state
Dec 30 00:35:26 pph1 kernel: fwpr2200p2: entered allmulticast mode
Dec 30 00:35:26 pph1 kernel: fwpr2200p2: entered promiscuous mode
Dec 30 00:35:26 pph1 kernel: out: port 12(fwpr2200p2) entered blocking state
Dec 30 00:35:26 pph1 kernel: out: port 12(fwpr2200p2) entered forwarding state
Dec 30 00:35:26 pph1 kernel: fwbr2200i2: port 1(fwln2200i2) entered blocking state
Dec 30 00:35:26 pph1 kernel: fwbr2200i2: port 1(fwln2200i2) entered disabled state
Dec 30 00:35:26 pph1 kernel: fwln2200i2: entered allmulticast mode
Dec 30 00:35:26 pph1 kernel: fwln2200i2: entered promiscuous mode
Dec 30 00:35:26 pph1 kernel: fwbr2200i2: port 1(fwln2200i2) entered blocking state
Dec 30 00:35:26 pph1 kernel: fwbr2200i2: port 1(fwln2200i2) entered forwarding state
Dec 30 00:35:26 pph1 kernel: fwbr2200i2: port 2(veth2200i2) entered blocking state
Dec 30 00:35:26 pph1 kernel: fwbr2200i2: port 2(veth2200i2) entered disabled state
Dec 30 00:35:26 pph1 kernel: veth2200i2: entered allmulticast mode
Dec 30 00:35:26 pph1 kernel: veth2200i2: entered promiscuous mode
Dec 30 00:35:26 pph1 kernel: fwbr2200i2: port 2(veth2200i2) entered blocking state
Dec 30 00:35:26 pph1 kernel: fwbr2200i2: port 2(veth2200i2) entered forwarding state
Dec 30 00:35:26 pph1 iptag[3026]: Skipping 2115 cause ip no changes
Dec 30 00:35:29 pph1 iptag[3026]: Skipping 2116 cause ip no changes
Dec 30 00:35:32 pph1 iptag[3026]: Skipping 2117 cause ip no changes
Dec 30 00:35:35 pph1 iptag[3026]: Skipping 2200 cause ip no changes
Dec 30 00:35:38 pph1 iptag[3026]: Skipping 2252 cause ip no changes
Dec 30 00:36:20 pph1 dhclient[480613]: DHCPDISCOVER on fwpr2111p2 to 255.255.255.255 port 67 interval 5
Dec 30 00:36:20 pph1 dhclient[480613]: send_packet: No such device or address
Dec 30 00:36:20 pph1 dhclient[480613]: dhclient.c:2600: Failed to send 300 byte long packet over fwpr2111p2 interface.
Dec 30 00:36:20 pph1 dhclient[480613]: DHCPDISCOVER on veth2115i2 to 255.255.255.255 port 67 interval 7
Dec 30 00:36:25 pph1 dhclient[480613]: DHCPDISCOVER on fwpr2111p2 to 255.255.255.255 port 67 interval 14
Dec 30 00:36:25 pph1 dhclient[480613]: send_packet: No such device or address
Dec 30 00:36:25 pph1 dhclient[480613]: dhclient.c:2600: Failed to send 300 byte long packet over fwpr2111p2 interface.
Dec 30 00:36:27 pph1 dhclient[480613]: DHCPDISCOVER on veth2115i2 to 255.255.255.255 port 67 interval 8
Dec 30 00:36:29 pph1 dhclient[480613]: DHCPDISCOVER on fwbr2113i2 to 255.255.255.255 port 67 interval 8
Dec 30 00:36:29 pph1 dhclient[480613]: send_packet: No such device or address
Dec 30 00:36:29 pph1 dhclient[480613]: dhclient.c:2600: Failed to send 300 byte long packet over fwbr2113i2 interface.
Dec 30 00:36:29 pph1 dhclient[480613]: DHCPDISCOVER on fwln2100i2 to 255.255.255.255 port 67 interval 3
Dec 30 00:36:29 pph1 dhclient[480613]: send_packet: No such device or address
Dec 30 00:36:29 pph1 dhclient[480613]: dhclient.c:2600: Failed to send 300 byte long packet over fwln2100i2 interface.
Dec 30 00:36:31 pph1 dhclient[480613]: DHCPDISCOVER on fwbr2113i1 to 255.255.255.255 port 67 interval 8
Dec 30 00:36:32 pph1 dhclient[480613]: DHCPDISCOVER on fwln2100i2 to 255.255.255.255 port 67 interval 3
Dec 30 00:36:32 pph1 dhclient[480613]: send_packet: No such device or address
Dec 30 00:36:32 pph1 dhclient[480613]: dhclient.c:2600: Failed to send 300 byte long packet over fwln2100i2 interface.
Dec 30 00:36:35 pph1 dhclient[480613]: DHCPDISCOVER on veth2115i2 to 255.255.255.255 port 67 interval 11
Dec 30 00:36:35 pph1 dhclient[480613]: DHCPDISCOVER on fwln2100i2 to 255.255.255.255 port 67 interval 3
Dec 30 00:36:35 pph1 dhclient[480613]: send_packet: No such device or address
Dec 30 00:36:35 pph1 dhclient[480613]: dhclient.c:2600: Failed to send 300 byte long packet over fwln2100i2 interface.
Dec 30 00:36:37 pph1 dhclient[480613]: DHCPDISCOVER on fwbr2113i2 to 255.255.255.255 port 67 interval 7
Dec 30 00:36:37 pph1 dhclient[480613]: send_packet: No such device or address
Dec 30 00:36:37 pph1 dhclient[480613]: dhclient.c:2600: Failed to send 300 byte long packet over fwbr2113i2 interface.
Dec 30 00:36:38 pph1 dhclient[480613]: DHCPDISCOVER on veth2114i0 to 255.255.255.255 port 67 interval 8
Dec 30 00:36:38 pph1 dhclient[480613]: DHCPDISCOVER on fwln2100i2 to 255.255.255.255 port 67 interval 8
Dec 30 00:36:38 pph1 dhclient[480613]: send_packet: No such device or address
Dec 30 00:36:38 pph1 dhclient[480613]: dhclient.c:2600: Failed to send 300 byte long packet over fwln2100i2 interface.
Dec 30 00:36:38 pph1 iptag[3026]: Checking fw net interface...
Dec 30 00:36:38 pph1 dhclient[480613]: DHCPDISCOVER on fwln2113i2 to 255.255.255.255 port 67 interval 6
Dec 30 00:36:38 pph1 dhclient[480613]: send_packet: No such device or address
Dec 30 00:36:38 pph1 dhclient[480613]: dhclient.c:2600: Failed to send 300 byte long packet over fwln2113i2 interface.
Dec 30 00:36:38 pph1 dhclient[480613]: DHCPDISCOVER on veth2010i0 to 255.255.255.255 port 67 interval 3
Dec 30 00:36:39 pph1 dhclient[480613]: DHCPDISCOVER on fwpr2111p2 to 255.255.255.255 port 67 interval 14
Dec 30 00:36:39 pph1 dhclient[480613]: send_packet: No such device or address
Dec 30 00:36:39 pph1 dhclient[480613]: dhclient.c:2600: Failed to send 300 byte long packet over fwpr2111p2 interface.
Dec 30 00:36:39 pph1 dhclient[480613]: DHCPDISCOVER on fwbr2113i1 to 255.255.255.255 port 67 interval 17
Dec 30 00:36:41 pph1 dhclient[480613]: DHCPDISCOVER on veth2111i0 to 255.255.255.255 port 67 interval 4
Dec 30 00:36:41 pph1 dhclient[480613]: DHCPDISCOVER on veth2010i0 to 255.255.255.255 port 67 interval 5
Dec 30 00:36:44 pph1 dhclient[480613]: DHCPDISCOVER on fwbr2050i1 to 255.255.255.255 port 67 interval 4
Dec 30 00:36:44 pph1 dhclient[480613]: DHCPDISCOVER on fwbr2113i2 to 255.255.255.255 port 67 interval 13
Dec 30 00:36:44 pph1 dhclient[480613]: send_packet: No such device or address
eases in persistent database - sleeping.
Dec 31 00:32:48 pph1 dhclient[480613]: DHCPDISCOVER on fwbr2117i2 to 255.255.255.255 port 67 interval 2
Dec 31 00:32:48 pph1 dhclient[480613]: send_packet: No such device or address
Dec 31 00:32:48 pph1 dhclient[480613]: dhclient.c:2600: Failed to send 300 byte long packet over fwbr2117i2 interface.
Dec 31 00:32:49 pph1 dhclient[480613]: DHCPDISCOVER on fwln2113i2 to 255.255.255.255 port 67 interval 1
Dec 31 00:32:49 pph1 dhclient[480613]: send_packet: No such device or address
Dec 31 00:32:49 pph1 dhclient[480613]: dhclient.c:2600: Failed to send 300 byte long packet over fwln2113i2 interface.
Dec 31 00:32:50 pph1 dhclient[480613]: No DHCPOFFERS received.
Dec 31 00:32:50 pph1 dhclient[480613]: No working leases in persistent database - sleeping.
Dec 31 00:32:50 pph1 dhclient[480613]: No DHCPOFFERS received.
Dec 31 00:32:50 pph1 dhclient[480613]: No working leases in persistent database - sleeping.
Dec 31 00:32:51 pph1 dhclient[480613]: DHCPDISCOVER on fwbr2117i1 to 255.255.255.255 port 67 interval 12
Dec 31 00:32:51 pph1 dhclient[480613]: DHCPDISCOVER on veth2200i1 to 255.255.255.255 port 67 interval 11
Dec 31 00:32:52 pph1 dhclient[480613]: DHCPDISCOVER on veth2117i0 to 255.255.255.255 port 67 interval 3
Dec 31 00:32:52 pph1 dhclient[480613]: DHCPDISCOVER on fwln2051i1 to 255.255.255.255 port 67 interval 19
Dec 31 00:32:52 pph1 dhclient[480613]: send_packet: No such device or address
Dec 31 00:32:52 pph1 dhclient[480613]: dhclient.c:2600: Failed to send 300 byte long packet over fwln2051i1 interface.
Dec 31 00:32:52 pph1 dhclient[480613]: DHCPDISCOVER on fwln2115i1 to 255.255.255.255 port 67 interval 17
Dec 31 00:32:53 pph1 dhclient[480613]: DHCPDISCOVER on veth2010i1 to 255.255.255.255 port 67 interval 8
Dec 31 00:32:54 pph1 dhclient[480613]: DHCPDISCOVER on fwbr2110i2 to 255.255.255.255 port 67 interval 11
Dec 31 00:32:54 pph1 dhclient[480613]: send_packet: No such device or address
Dec 31 00:32:54 pph1 dhclient[480613]: dhclient.c:2600: Failed to send 300 byte long packet over fwbr2110i2 interface.
Dec 31 00:32:54 pph1 dhclient[480613]: DHCPDISCOVER on eno2 to 255.255.255.255 port 67 interval 3
Dec 31 00:32:54 pph1 dhclient[480613]: DHCPOFFER of 172.16.32.2 from 172.16.32.1
Dec 31 00:32:54 pph1 dhclient[480613]: DHCPREQUEST for 172.16.32.2 on eno2 to 255.255.255.255 port 67
Dec 31 00:32:54 pph1 dhclient[480613]: DHCPACK of 172.16.32.2 from 172.16.32.1



Dec 31 00:32:54 pph1-out dhclient[480613]: bound to 172.16.32.2 -- renewal in 34334 seconds.
Dec 31 00:32:54 pph1-out dhclient[480613]: DHCPDISCOVER on fwbr2114i2 to 255.255.255.255 port 67 interval 16
Dec 31 00:32:54 pph1-out dhclient[480613]: send_packet: No such device or address
Dec 31 00:32:54 pph1-out dhclient[480613]: dhclient.c:2600: Failed to send 300 byte long packet over fwbr2114i2 interface.
Dec 31 00:32:54 pph1-out dhclient[480613]: DHCPDISCOVER on veth2051i0 to 255.255.255.255 port 67 interval 16
Dec 31 00:32:54 pph1-out dhclient[480613]: send_packet: No such device or address
Dec 31 00:32:54 pph1-out dhclient[480613]: dhclient.c:2600: Failed to send 300 byte long packet over veth2051i0 interface.
Dec 31 00:32:55 pph1-out dhclient[480613]: DHCPDISCOVER on fwbr2111i2 to 255.255.255.255 port 67 interval 7
Dec 31 00:32:55 pph1-out dhclient[480613]: send_packet: No such device or address
Dec 31 00:32:55 pph1-out dhclient[480613]: dhclient.c:2600: Failed to send 300 byte long packet over fwbr2111i2 interface.
Dec 31 00:32:55 pph1-out dhclient[480613]: DHCPREQUEST for 172.16.32.2 on out to 172.16.32.1 port 67
Dec 31 00:32:55 pph1-out dhclient[480613]: DHCPACK of 172.16.32.2 from 172.16.32.1
Dec 31 00:32:55 pph1-out dhclient[480613]: bound to 172.16.32.2 -- renewal in 34341 seconds.
Dec 31 00:32:55 pph1-out dhclient[480613]: DHCPDISCOVER on fwln2110i1 to 255.255.255.255 port 67 interval 7
Dec 31 00:32:55 pph1-out dhclient[480613]: DHCPDISCOVER on veth2117i0 to 255.255.255.255 port 67 interval 4
Dec 31 00:32:55 pph1-out dhclient[480613]: DHCPDISCOVER on veth2116i0 to 255.255.255.255 port 67 interval 12
Dec 31 00:32:55 pph1-out dhclient[480613]: DHCPDISCOVER on veth2113i1 to 255.255.255.255 port 67 interval 3
Dec 31 00:32:55 pph1-out dhclient[480613]: DHCPDISCOVER on fwpr2117p1 to 255.255.255.255 port 67 interval 13
Dec 31 00:32:56 pph1-out dhclient[480613]: DHCPDISCOVER on veth2113i2 to 255.255.255.255 port 67 interval 21
Dec 31 00:32:57 pph1-out dhclient[480613]: DHCPDISCOVER on veth2114i0 to 255.255.255.255 port 67 interval 5
Dec 31 00:32:58 pph1-out dhclient[480613]: DHCPDISCOVER on veth2115i0 to 255.255.255.255 port 67 interval 16
Dec 31 00:32:58 pph1-out dhclient[480613]: DHCPDISCOVER on veth2113i1 to 255.255.255.255 port 67 interval 5
Dec 31 00:32:59 pph1-out dhclient[480613]: DHCPDISCOVER on fwbr2112i2 to 255.255.255.255 port 67 interval 5
Dec 31 00:32:59 pph1-out dhclient[480613]: send_packet: No such device or address
Dec 31 00:32:59 pph1-out dhclient[480613]: dhclient.c:2600: Failed to send 300 byte long packet over fwbr2112i2 interface.

For as far as I can tell it seems to be caused by a network issue.
I have no idea how to troubleshoot this.
Here's my /etc/network/interfaces:

Code: 
auto lo
iface lo inet loopback

iface eno1 inet manual

iface eno2 inet manual

auto vmbr0
iface vmbr0 inet static
    address 172.16.20.2/23
    gateway 172.16.20.1
    bridge-ports eno1
    bridge-stp off
    bridge-fd 0

auto vmbr1
iface vmbr1 inet static
    address 172.16.40.1/23
    bridge-ports none
    bridge-stp off
    bridge-fd 0
#Virtual LXC Bridge

auto vmbr2
iface vmbr2 inet static
    address 172.16.42.1/23
    bridge-ports none
    bridge-stp off
    bridge-fd 0
    mtu 9000
#Virtual Bridge To SMB

auto out
iface out inet manual
    bridge-ports eno2
    bridge-stp off
    bridge-fd 0

source /etc/network/interfaces.d/*

Can anyone help me find what's going on?

My system is Supermicro X10SRL-F with E5-2697A V4 and 256GB RAM.
 
gurubert said:
Why is there a DHCP client running on your Proxmox server?
Click to expand...
My LXC containers and VM's are DHCP clients. That way I can pin them in my router with DHCP reservation. The network 'out' has DHCP clients I want for some containers. The LXC containers can be managed in vmbr0 through NPM LXC container. That way no computer on my LAN can access them via their IP address. They (LXC containers) need to access the internet so they can through network 'out' which is attached to the second NIC.
I can assign them static IP addresses of course, but that is cumbersome to set up.
This is all for playing around and see what is possible.

EDIT: Good point. I will set static IP addresses to see what happens. At least my logs don't get flooded with DHCP lease messages. Which makes them much more readable.

But this still doesn't solve why the crashes happen. And especially not why the host itself got a DHCP lease on another NIC and VLAN than its management VLAN. My switch is setup that vmbr0 (where the fixed IP of the Proxmox machine is) is in another VLAN than 'out' (my sort of DMZ). The ports of the switch are untagged not trunked. And I double checked that VLAN where the local network doesn't live untagged on the same port as the VLAN where 'out' is attached to.
 
Last edited:
gurubert said:
OK, but then they need to run their own DHCP client and not the Proxmox host.
You have not posted log lines from the actual crash. Please set up remote syslogging or take a screen capture from the crash message.
Click to expand...
I think they do. I log into each one of them on the host by going into the console and type dhclient -r to release their first assigned IP address and then dhclient again to obtain a lease again with one I chose in the DHCP reservation pool on my router.
I don't even know how the Proxmox host itself would obtain an IP address for them.

EDIT: after reading all this I realize the server didn't actually crash. Its management port just jumped to another VLAN not reachable by my internal VLAN on another NIC, that's why I couldn't login to it's web GUI.
Some of the LXC containers kept their original IP address. Like my Pihole LXC. The host's name changed from pph1 to pph1-out, which is the name of the virtual bridge that connects to the aforementioned DMZ VLAN. And I can't find why.
 
Last edited:
Essentially what I'm trying to achieve is testing how far I can go with Proxmox to host public facing services on a DMZ in a dedicated VLAN on 1 NIC and having private and backend services on the VLAN for local access on the other and shared management NIC, for now. All of this seperation would be handled by the extensive firewall capabilities of the Proxmox software. Trying to mimic a cloud service provider as much as I can. I'm learning a lot in the process. I don't shy away from the CLI, but don't want to spend all of my time there either.
I'm trying to set up all the services and virtual network bridges so that everything works and is stable, before I deploy all the firewall rules. So far I haven't reached the stable stage.
This machine doesn't have data yet and is for testing purposes as intended by the developers.
I don't know how to disable logging for certain services in journalctl. And I thought syslog was depracated in favor of journalctl.
Again this is all for testing so far, before there will be data on the machine. Want to see how to segment and isolate services on 1 machine with as little networking hardware as possible and still be performant enough. Another major next step would be being capable of storing data that is readable outside of virtual disks so that I can take out a disk and mount it in another machine without virtualization for instance. If industry standard solutions can do it, I want to able to as well.
 
Last edited:
The loglines you posted from the Proxmox host contain dhclient lines which is unusual.

Can you show more details about the "crash"?

My suspicion is that dhclient on the host messes up the network config and this makes the host unreachable but does not crash it.
 
gurubert said:
The loglines you posted from the Proxmox host contain dhclient lines which is unusual.
Click to expand...
They're for container vifs. not unexpected. I dont think they have much to do with the crash, although they may be suffering from the cause.

@Dnezar Do you have any pve controlled network mounts (eg, NAS shares)? also, keep an eye on system load, as well as nic statistics for eno1.
 
gurubert said:
The loglines you posted from the Proxmox host contain dhclient lines which is unusual.

Can you show more details about the "crash"?

My suspicion is that dhclient on the host messes up the network config and this makes the host unreachable but does not crash it.
Click to expand...
That's the thing. I don't know what happened. I did cp journalctl > logs.txt. That file is 134 MB large and contains millions of DHCP requests from the 14 - 15 LXCs. I can't really see the network instability happen. Just that for some reason the network was gone according to the logs.
I did host a LXC named zamba-tools to create a storage pool on one of the hosts ZFS pools. Nothing is written to that pool by the host, but I did attach it to vmbr2 so I could access it via SMB on a virtual machine. The zamba LXC has 2 eth, one is attached to vmbr2 and has a static IP and one is attached to vmbr0 so I can access it on LAN. That one is set as a DHCP client. But just like the others the dhclient command is issued inside the LXC. Nothing on host itself is configured as a DHCP client.
The last network I made was 'out' and is bridged to the eno2 on host but doesn't have a gateway assigned. In order to make the LXC's that are connected to this 'out' virtual bridge to have a route to internet they get a DHCP lease from router. I don't see any other way to force their traffic to the internet without going through LAN gateway.
Unless someone can show me a more logical approach.
For some reason the network lost stability and/or went down. In such case one would DEFINITELY not want to the management port to jump from an internal VLAN to a DMZ port. I can't configure that virtual bridge 'out' as static as I would assign it an IP address in the DMZ zone. And if I don't specify a static IP it gets one from the router.
Perhaps I can blacklist the MAC address from the physical NIC to not get a DHCP lease. Need to test this and see if the residing clients get one. But I doubt it.
So the way I see it, it's not secure to host clients in a isolated virtual DMZ because in case of a network instability, could be in another scenario as well e.g. disconnected cable, failing switch on internal LAN side or router failure. That would also create a "network not reachable" and the management port shouldn't jump to the other VLAN where different firewallcn rules apply.
Of course one could block traffic on that VLAN on port 8006, but still perhaps other ports that are needed on LAN side are open there and are exposed when the jump happens.

Are there any steps or commands you can point me to, to dig deeper into what happened?

EDIT: I'm going to simulate the jump by disconnecting the management NIC.
 
Last edited:
alexskysilk said:
They're for container vifs. not unexpected. I dont think they have much to do with the crash, although they may be suffering from the cause.

@Dnezar Do you have any pve controlled network mounts (eg, NAS shares)? also, keep an eye on system load, as well as nic statistics for eno1.
Click to expand...

Yes I do, you can read about it in my next post.
 
UPDATE: I gave all my clients static IP's and disabled the ip-tagging service. Not only did is clutter the journalctl but also caused some serious write amplification on the host's SSD.
I'll flush the logs and see what happens. So far host has been stable and I don't see any logs.
I can't pull the cord from to switch now to emulate a network down situation as I don't have physical access to it.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom