J
joeblow
Guest
Hi all,
I have two subnets (on a larger network of course) that I call PROD and DEV. The proxmox box is on DEV subnet. Workstations that will be working
on VMs on the proxmox box are on PROD subnet.
I have duplicated the PROD system on a 'host-only subnet' aka 'protected vlan' on
the PROXMOX box. This 'protected vlan' is set up per http://pve.proxmox.com/wiki/Protected_VLAN.
IP addresses on the virtual PROD VM's that duplicate the real PROD boxes are unchanged from their physical counterparts. Network
details of the proxmox box are at the end of this note. The vPROD VM's all interact as expected with each other, mimicking the real PROD system very nicely.
Here's the problem. WKSx workstations on the real PROD subnet need to connect to the proxmox box web interface to work with the vPROD VM's, but they
cannot. However, if I turn off the Protected_VLAN vmbr17 and reboot (not sure the reboot is necessary, but I'm following the proxmox
recommendations to reboot anytime a network change is made) then the real WKSx can connect and work with the VM's. Reactivate vmbr17 and reboot, then
the WKSx on PROD are unable to connect to proxmox. This is repeatable.
I suspect that what is happening is that when vmbr17 is active, then the return traffic to the 192.168.17 subnet is being sent to the protected
vlan, rather than out to the gateway. I have not confirmed this, and am not really sure how to. Based on my reading, this should not be behaving this way anyway.
A Protected_VLAN is a VM only construct. Is this incorrect?
Any suggestions on how to configure the proxmox box so that WKSx on PROD can connect to proxmox and work with the vPROD system?
I suppose the obvious solution is to change the ip's on all the vPROD machines to a different subnet. Rather not do that for lots of reasons, not the least of which is it'll make cloning the
PROD system to vPROD way more complicated than just the single-script fire-and-forget operation that it is now.
thanks in advance.
---------
Details:
PROD: 192.168.17.0/24 gw 192.168.17.3
DBS1 192.168.17.11
DBS2 192.168.17.12
WINDS1 192.168.17.21
WINDS2 192.168.17.22
ORCL 192.168.17.30
WKS1 192.168.17.51
WKS2 192.168.17.52
WKS3 192.168.17.53
DEV: 192.168.21.0/24 gw 192.168.21.3
PDS1 192.168.21.11
PORCL 192.168.21.30
PROXMOX 192.168.21.200
The PROXMOX on DEV is a proxmox VE box.
root@proxmox:~# cat /etc/network/interfaces
# network interface settings
auto lo
iface lo inet loopback
iface eth0 inet manual
iface eth1 inet manual
iface eth2 inet manual
iface eth3 inet static
address 192.168.0.200
netmask 255.255.255.0
auto bond0
iface bond0 inet manual
slaves eth0 eth2
bond_miimon 100
bond_mode active-backup
#%09bond_mode balance-rr
auto vmbr0
iface vmbr0 inet static
address 192.168.21.200
netmask 255.255.255.0
gateway 192.168.21.3
bridge_ports bond0
bridge_stp off
bridge_fd 0
auto vmbr17
iface vmbr17 inet static
address 192.168.17.3
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
root@proxmox:~# ifconfig
bond0 Link encap:Ethernet HWaddr e4:1f:13:30:6d:dc
inet6 addr: fe80::e61f:13ff:fe30:6ddc/64 Scope:Link
UP BROADCAST RUNNING MASTER MULTICAST MTU:1500 Metric:1
RX packets:169183 errors:0 dropped:0 overruns:0 frame:0
TX packets:100280 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:32672599 (31.1 MiB) TX bytes:25114591 (23.9 MiB)
eth0 Link encap:Ethernet HWaddr e4:1f:13:30:6d:dc
UP BROADCAST RUNNING SLAVE MULTICAST MTU:1500 Metric:1
RX packets:169183 errors:0 dropped:0 overruns:0 frame:0
TX packets:100280 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:32672599 (31.1 MiB) TX bytes:25114591 (23.9 MiB)
Interrupt:28 Memory:92000000-92012800
eth2 Link encap:Ethernet HWaddr e4:1f:13:30:6d:dc
UP BROADCAST SLAVE MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:24 Memory:97b60000-97b80000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:316 errors:0 dropped:0 overruns:0 frame:0
TX packets:316 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:41602 (40.6 KiB) TX bytes:41602 (40.6 KiB)
venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet6 addr: fe80::1/128 Scope:Link
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:3 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
vmbr0 Link encap:Ethernet HWaddr e4:1f:13:30:6d:dc
inet addr:192.168.21.200 Bcast:192.168.21.255 Mask:255.255.255.0
inet6 addr: fe80::e61f:13ff:fe30:6ddc/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:166057 errors:0 dropped:0 overruns:0 frame:0
TX packets:99937 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:29396493 (28.0 MiB) TX bytes:24688283 (23.5 MiB)
vmbr17 Link encap:Ethernet HWaddr 12:67:19:e1:16:14
inet addr:192.168.17.3 Bcast:192.168.17.255 Mask:255.255.255.0
inet6 addr: fe80::1067:19ff:fee1:1614/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:186 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:8028 (7.8 KiB)
root@proxmox:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.21.0 0.0.0.0 255.255.255.0 U 0 0 0 vmbr0
192.168.17.0 0.0.0.0 255.255.255.0 U 0 0 0 vmbr17
0.0.0.0 192.168.21.3 0.0.0.0 UG 0 0 0 vmbr0
root@proxmox:~# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
I have two subnets (on a larger network of course) that I call PROD and DEV. The proxmox box is on DEV subnet. Workstations that will be working
on VMs on the proxmox box are on PROD subnet.
I have duplicated the PROD system on a 'host-only subnet' aka 'protected vlan' on
the PROXMOX box. This 'protected vlan' is set up per http://pve.proxmox.com/wiki/Protected_VLAN.
IP addresses on the virtual PROD VM's that duplicate the real PROD boxes are unchanged from their physical counterparts. Network
details of the proxmox box are at the end of this note. The vPROD VM's all interact as expected with each other, mimicking the real PROD system very nicely.
Here's the problem. WKSx workstations on the real PROD subnet need to connect to the proxmox box web interface to work with the vPROD VM's, but they
cannot. However, if I turn off the Protected_VLAN vmbr17 and reboot (not sure the reboot is necessary, but I'm following the proxmox
recommendations to reboot anytime a network change is made) then the real WKSx can connect and work with the VM's. Reactivate vmbr17 and reboot, then
the WKSx on PROD are unable to connect to proxmox. This is repeatable.
I suspect that what is happening is that when vmbr17 is active, then the return traffic to the 192.168.17 subnet is being sent to the protected
vlan, rather than out to the gateway. I have not confirmed this, and am not really sure how to. Based on my reading, this should not be behaving this way anyway.
A Protected_VLAN is a VM only construct. Is this incorrect?
Any suggestions on how to configure the proxmox box so that WKSx on PROD can connect to proxmox and work with the vPROD system?
I suppose the obvious solution is to change the ip's on all the vPROD machines to a different subnet. Rather not do that for lots of reasons, not the least of which is it'll make cloning the
PROD system to vPROD way more complicated than just the single-script fire-and-forget operation that it is now.
thanks in advance.
---------
Details:
PROD: 192.168.17.0/24 gw 192.168.17.3
DBS1 192.168.17.11
DBS2 192.168.17.12
WINDS1 192.168.17.21
WINDS2 192.168.17.22
ORCL 192.168.17.30
WKS1 192.168.17.51
WKS2 192.168.17.52
WKS3 192.168.17.53
DEV: 192.168.21.0/24 gw 192.168.21.3
PDS1 192.168.21.11
PORCL 192.168.21.30
PROXMOX 192.168.21.200
The PROXMOX on DEV is a proxmox VE box.
root@proxmox:~# cat /etc/network/interfaces
# network interface settings
auto lo
iface lo inet loopback
iface eth0 inet manual
iface eth1 inet manual
iface eth2 inet manual
iface eth3 inet static
address 192.168.0.200
netmask 255.255.255.0
auto bond0
iface bond0 inet manual
slaves eth0 eth2
bond_miimon 100
bond_mode active-backup
#%09bond_mode balance-rr
auto vmbr0
iface vmbr0 inet static
address 192.168.21.200
netmask 255.255.255.0
gateway 192.168.21.3
bridge_ports bond0
bridge_stp off
bridge_fd 0
auto vmbr17
iface vmbr17 inet static
address 192.168.17.3
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
root@proxmox:~# ifconfig
bond0 Link encap:Ethernet HWaddr e4:1f:13:30:6d:dc
inet6 addr: fe80::e61f:13ff:fe30:6ddc/64 Scope:Link
UP BROADCAST RUNNING MASTER MULTICAST MTU:1500 Metric:1
RX packets:169183 errors:0 dropped:0 overruns:0 frame:0
TX packets:100280 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:32672599 (31.1 MiB) TX bytes:25114591 (23.9 MiB)
eth0 Link encap:Ethernet HWaddr e4:1f:13:30:6d:dc
UP BROADCAST RUNNING SLAVE MULTICAST MTU:1500 Metric:1
RX packets:169183 errors:0 dropped:0 overruns:0 frame:0
TX packets:100280 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:32672599 (31.1 MiB) TX bytes:25114591 (23.9 MiB)
Interrupt:28 Memory:92000000-92012800
eth2 Link encap:Ethernet HWaddr e4:1f:13:30:6d:dc
UP BROADCAST SLAVE MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:24 Memory:97b60000-97b80000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:316 errors:0 dropped:0 overruns:0 frame:0
TX packets:316 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:41602 (40.6 KiB) TX bytes:41602 (40.6 KiB)
venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet6 addr: fe80::1/128 Scope:Link
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:3 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
vmbr0 Link encap:Ethernet HWaddr e4:1f:13:30:6d:dc
inet addr:192.168.21.200 Bcast:192.168.21.255 Mask:255.255.255.0
inet6 addr: fe80::e61f:13ff:fe30:6ddc/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:166057 errors:0 dropped:0 overruns:0 frame:0
TX packets:99937 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:29396493 (28.0 MiB) TX bytes:24688283 (23.5 MiB)
vmbr17 Link encap:Ethernet HWaddr 12:67:19:e1:16:14
inet addr:192.168.17.3 Bcast:192.168.17.255 Mask:255.255.255.0
inet6 addr: fe80::1067:19ff:fee1:1614/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:186 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:8028 (7.8 KiB)
root@proxmox:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.21.0 0.0.0.0 255.255.255.0 U 0 0 0 vmbr0
192.168.17.0 0.0.0.0 255.255.255.0 U 0 0 0 vmbr17
0.0.0.0 192.168.21.3 0.0.0.0 UG 0 0 0 vmbr0
root@proxmox:~# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination