GUest has connection drops constantly, host uses OVS

[xed]

Hi,

The host has a trunk connected to a secondary 10G switch that uplinks to a main switch aggregating multiplke 10G links via fiber. All VLANs are tagged. The secondary switch uses a 1g link for the VLAN that is tagged for the guest NIC, and this is shared to the trunk port used by the VM host. It has STP disabled.

I'm seeing these in the affected guest:

[57343.067523] br-3d11e83edc61: port 8(vethdfe8c18) entered blocking state
[57343.069281] br-3d11e83edc61: port 8(vethdfe8c18) entered forwarding state
[57343.452042] br-3d11e83edc61: port 4(vethc6bf205) entered disabled state
[57343.453878] br-3d11e83edc61: port 5(veth9a9ca06) entered disabled state
[57343.455639] br-3d11e83edc61: port 6(vetha079471) entered disabled state
[57343.457734] br-3d11e83edc61: port 8(vethdfe8c18) entered disabled state
[57343.537357] eth0: renamed from vethd2e3945
[57343.560437] IPv6: ADDRCONF(NETDEV_CHANGE): vethc6bf205: link becomes ready
[57343.562666] br-3d11e83edc61: port 4(vethc6bf205) entered blocking state
[57343.564780] br-3d11e83edc61: port 4(vethc6bf205) entered forwarding state
[57343.608880] eth0: renamed from veth75dfee6
[57343.636306] IPv6: ADDRCONF(NETDEV_CHANGE): veth9a9ca06: link becomes ready
[57343.638819] br-3d11e83edc61: port 5(veth9a9ca06) entered blocking state
[57343.641080] br-3d11e83edc61: port 5(veth9a9ca06) entered forwarding state
[57343.772696] eth0: renamed from veth69b0714
[57343.792422] IPv6: ADDRCONF(NETDEV_CHANGE): vethdfe8c18: link becomes ready
[57343.794484] br-3d11e83edc61: port 8(vethdfe8c18) entered blocking state
[57343.796645] br-3d11e83edc61: port 8(vethdfe8c18) entered forwarding state
[57343.840363] eth0: renamed from veth0260ccf
[57343.870051] IPv6: ADDRCONF(NETDEV_CHANGE): vetha079471: link becomes ready
[57343.872134] br-3d11e83edc61: port 6(vetha079471) entered blocking state
[57343.873917] br-3d11e83edc61: port 6(vetha079471) entered forwarding state

The drops are constant. I suspect something related to STP, but I have it disabled, AFAIK, in my config:

auto lo
iface lo inet loopback


iface eno2 inet manual


iface eno1 inet manual


iface eno7 inet manual


auto eno8
iface eno8 inet manual
    ovs_type OVSPort
    ovs_bridge vmbr1
    ovs_options tag=4093 vlan_mode=native-untagged


auto vlanXXX
iface vlanXXX inet static
    ovs_type OVSIntPort
    ovs_bridge vmbr1
    ovs_options tag=XXX


...


auto vmbr0
iface vmbr0 inet dhcp
    bridge-ports eno2
    bridge-stp off
    bridge-fd 0


auto vmbr1
iface vmbr1 inet manual
    ovs_type OVSBridge
    ovs_ports eno8 vlanXXX...

I would appreciate some help in figuring out what is going on, as it is blocking all my attempts to configure the guest remotely.

 

[xed]

Some tests, running nc -l 4545 inside the guest (-k as option):

client date | nc -N guest 4545 inside a loop:

Thu Oct 14 15:38:44 CEST 2021
Thu Oct 14 15:38:44 CEST 2021
Thu Oct 14 15:38:44 CEST 2021
Thu Oct 14 15:38:44 CEST 2021
Thu Oct 14 15:38:44 CEST 2021
Thu Oct 14 15:38:44 CEST 2021
Thu Oct 14 15:38:44 CEST 2021
Thu Oct 14 15:38:44 CEST 2021
Thu Oct 14 15:38:44 CEST 2021
Thu Oct 14 15:38:44 CEST 2021
Thu Oct 14 15:38:44 CEST 2021
Thu Oct 14 15:38:44 CEST 2021
Thu Oct 14 15:38:44 CEST 2021
Thu Oct 14 15:38:44 CEST 2021
Thu Oct 14 15:38:44 CEST 2021
Thu Oct 14 15:38:44 CEST 2021
Thu Oct 14 15:38:44 CEST 2021
Thu Oct 14 15:38:45 CEST 2021
Thu Oct 14 15:38:45 CEST 2021
Thu Oct 14 15:38:45 CEST 2021
(hangs here)

I was trying to replicate the issue with ssh sessions: they literally slow down to a crawl and then die off completely. I shutdown all docker instances inside the container just to verify it wasn't conflicting.