[SOLVED] IPv6 Neighbor Solicitation not forwarded to VM

kokel

Member
Mar 9, 2021
34
5
13
37
Hi,

I have a weird problem here. Sometimes the IPv6 connectivity of VMs is broken.
In this case the Router send ICMP Neighbor Solicitations to the VM, but doesn't get a response back, so the neigbor entry for these VMs are in failed or incomplete state on the router.

After capturing a bit it turns out that these Neigbhor Solicitations from the router comes in the active slave interface of the bond (active/passive), but proxmox doesn't forward the packets towards the vm. Verified this by sniffing on the VMs tap interface.

Running a 3-node PVE-CEPH Cluster with Proxmox 6.4-13 and ifupdown2.

Network Configuration on the proxmox hosts:

Code:
auto bond1
iface bond1 inet manual
    bond-slaves ens2f0 ens4f0
    bond-miimon 100
    bond-mode active-backup
    bond-primary ens2f0
    
auto ens2f0
iface ens2f0 inet manual

auto ens4f0
iface ens4f0 inet manual

auto vmbr0
iface vmbr0 inet manual
    bridge-ports bond1
    bridge-stp off
    bridge-fd 0
    bridge-vlan-aware yes
    bridge-vids 2-4094

These are the neighbor solicitations from the router to the VM, captured on the active slave interface of bond1:

Code:
10:09:04.314586 IP6 fe80::21a:8cff:fef0:4faa > ff02::1:ff00:251: ICMP6, neighbor solicitation, who has caffe::251, length 32
10:09:05.313507 IP6 fe80::21a:8cff:fef0:4faa > ff02::1:ff00:251: ICMP6, neighbor solicitation, who has caffe::251, length 32

Maybe an multicast issue?

After the vm is migrated to another host IPv6 connectivity is back again. Don't know how long it takes, but after a while it is lost again. Sometime a reboot of the VM helps, sometimes not. I observed this behaviour on all 3-nodes.

Anyone any idea?

Thanks in advance and kind regards,
Kokel
 
Hi,

I had a similar issue. Can you try disabling mulicast snooping on the bridge device:

echo -n 0 > /sys/class/net/<BRIDGE>/bridge/multicast_snooping

Cheers
 
  • Like
Reactions: pfz4 and kokel
I had a similar issue. Can you try disabling mulicast snooping on the bridge device:

echo -n 0 > /sys/class/net/<BRIDGE>/bridge/multicast_snooping

Thanks, that helped. In case using ifupdown2 you can use the "bridge-mcsnoop" parameter to make this persistent, e.g.:

Code:
auto vmbr0
iface vmbr0 inet manual
    bridge-ports bond1
    bridge-stp off
    bridge-fd 0
    bridge-vlan-aware yes
    bridge-vids 2-4094
    bridge-mcsnoop 0
 
  • Like
Reactions: pfz4 and Wolfilux

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!