Hi,
We are experiencing issues with IP fragmentation to and from VMs on Proxmox hosts.
The issue is impacting ONLY the VMs on all our Proxmox hosts, which VMs all have network interfaces tagged to various VLANs.
Note that we have NO issues when pinging from any Proxmox HOST servers to servers on the Internet using large datagrams (>1500bytes), but this DOESN'T work when we ping to/from VMs on those same hosts from the Internet.
This is is specific to Proxmox hosts - we also have a number of SmartOS hosts (from which we are migrating), and they do not have this issue (we tested this with SmartOS and Proxmox hosts plugged into the same switches).
We think that this may be related to something happening either at the vmbr interface level, or perhaps due to iptables on Proxmox dropping fragmented datagrams - all our Proxmox Hosts (12 nodes) are in a cluster and firewalls are enabled at cluster > hosts > VM level.
Output of pveversion -v from one of the Proxmox hosts (all hosts are similarly setup and fully updated - except not running the latest kernels - they have not been rebooted post updates):
Any ideas/suggestions?
Kind regards,
Angelo.
We are experiencing issues with IP fragmentation to and from VMs on Proxmox hosts.
The issue is impacting ONLY the VMs on all our Proxmox hosts, which VMs all have network interfaces tagged to various VLANs.
Note that we have NO issues when pinging from any Proxmox HOST servers to servers on the Internet using large datagrams (>1500bytes), but this DOESN'T work when we ping to/from VMs on those same hosts from the Internet.
This is is specific to Proxmox hosts - we also have a number of SmartOS hosts (from which we are migrating), and they do not have this issue (we tested this with SmartOS and Proxmox hosts plugged into the same switches).
We think that this may be related to something happening either at the vmbr interface level, or perhaps due to iptables on Proxmox dropping fragmented datagrams - all our Proxmox Hosts (12 nodes) are in a cluster and firewalls are enabled at cluster > hosts > VM level.
Output of pveversion -v from one of the Proxmox hosts (all hosts are similarly setup and fully updated - except not running the latest kernels - they have not been rebooted post updates):
Code:
proxmox-ve: 6.2-1 (running kernel: 5.3.13-1-pve)
pve-manager: 6.2-4 (running version: 6.2-4/9824574a)
pve-kernel-5.4: 6.2-1
pve-kernel-helper: 6.2-1
pve-kernel-5.3: 6.1-6
pve-kernel-5.0: 6.0-11
pve-kernel-5.4.34-1-pve: 5.4.34-2
pve-kernel-4.15: 5.4-9
pve-kernel-5.3.18-3-pve: 5.3.18-3
pve-kernel-5.3.13-1-pve: 5.3.13-1
pve-kernel-5.3.10-1-pve: 5.3.10-1
pve-kernel-5.0.21-5-pve: 5.0.21-10
pve-kernel-5.0.21-3-pve: 5.0.21-7
pve-kernel-4.15.18-21-pve: 4.15.18-48
pve-kernel-4.15.18-12-pve: 4.15.18-36
ceph: 12.2.13-pve1
ceph-fuse: 12.2.13-pve1
corosync: 3.0.3-pve1
criu: 3.11-3
glusterfs-client: 5.5-3
ifupdown: residual config
ifupdown2: 2.0.1-1+pve8
ksm-control-daemon: 1.3-1
libjs-extjs: 6.0.1-10
libknet1: 1.15-pve1
libproxmox-acme-perl: 1.0.3
libpve-access-control: 6.1-1
libpve-apiclient-perl: 3.0-3
libpve-common-perl: 6.1-2
libpve-guest-common-perl: 3.0-10
libpve-http-server-perl: 3.0-5
libpve-storage-perl: 6.1-7
libqb0: 1.0.5-1
libspice-server1: 0.14.2-4~pve6+1
lvm2: 2.03.02-pve4
lxc-pve: 4.0.2-1
lxcfs: 4.0.3-pve2
novnc-pve: 1.1.0-1
proxmox-mini-journalreader: 1.1-1
proxmox-widget-toolkit: 2.2-1
pve-cluster: 6.1-8
pve-container: 3.1-5
pve-docs: 6.2-4
pve-edk2-firmware: 2.20200229-1
pve-firewall: 4.1-2
pve-firmware: 3.1-1
pve-ha-manager: 3.0-9
pve-i18n: 2.1-2
pve-qemu-kvm: 5.0.0-2
pve-xtermjs: 4.3.0-1
qemu-server: 6.2-2
smartmontools: 7.1-pve2
spiceterm: 3.1-1
vncterm: 1.6-1
zfsutils-linux: 0.8.3-pve1Any ideas/suggestions?
Kind regards,
Angelo.