Enabling conntrack when migrating between datacenters.

[rekordskratch]

I'm not entirely sure if this is the root of my problem but I noticed that when migrating an Opnsense router from a node on a source cluster to a node on a destination cluster, Opnsense will lock up and can only be revived with a reboot of the VM. Looking at the VM console, Opnsense spams many errors about packets and MAC addresses etc.

This does not happen when I migrate that same VM between nodes on the same cluster and I see the default when doing so is to have Conntrack state enabled. Conversely, when migrating using PDM, you will see the warning "conntrack state migration not supported or disabled, active connections might get dropped". Does this mean the feature will never be implemented since it is technically impossible or that it may be added at a future release.

Apologies if this has been answered elsewhere before. I did search this forum and did not see a similar question asked.

 

[Gilou]

It's been mentioned on PVE (not PDM: there), so make sure to have matching qemu and qemu-server versions, and up to date ones.
I haven't tried production cross cluster migrations, but I saw that conntrack migration is on the changelog for 0.9 beta in the docs and in the Wiki. I will try that on a test setup and check what the actual code says, but I guess someone will answer about the details before I have time to do so, maybe!

 

[rekordskratch]

Ah right, thank you for that. Since it's in the roadmap section in both cases we can assume that it is still in the pipeline and not officially released. I did look through both documents however I searched for "conntrack" and not "connection tracking"

In my case it will be between clusters on the same layer2 network so here's hoping the feature will see the light of day soon!

 

[Gilou]

I edited my post, it's not on the roadmap, it's on the released features since the 0.9 beta in fact. So there is a restriction / prerequisite that you probably miss there!

 

[rekordskratch]

Oh interesting. I can't seem to find any documentation on what those prerequisites might be though. In my case I have 2 identical clusters on the same layer 2 network.

Unless our interpretation is incorrect. "Enable connection tracking when live migrating VMs on remotes" Could mean migrating on remotes and not between remotes

 

[Gilou]

Ahah, well, I'm not too familiar with cross cluster migrations using PDM, and that new-ish conntrack state migration is also not something I really use, so.. I'll have to try it, and look at what the code says.. I'm guessing your setup match the prerequisite.. but maybe the code indeed isn't there..

 

[cheiss]

Hi,

to clarify: conntrack live migration is indeed only available intra-cluster. And even there, it is best-effort, due to the inherit difficulties associated with it.
Inter-cluster conntrack migration has a lot more consideration to make it work. I can't make any promise if and when it becomes available for inter-cluster live migration.

You are free to open a feature request at our bug tracker though: https://bugzilla.proxmox.com/
This way you can get notified if something happens w.r.t. it.