loosing packets on SDN setup when VMs are on the same hypervisor

[hudecof]

Hello,

first the setup

PVE: 9.1.4, 6.17.4-2-pve
SDN: VLAN type zones
hypervizors: 14
network:

• bond0 on 2 interfaces, active/passive
• vmbr0 with bond0
• SDN Zone, VmTraffic type VLAN on vmbr0
• vlan100 as VNET on VmTraffic
• vlan200 as VNET on VmTraffic

Test setup:
2x VM, each in different vlan, so the traffic must be routed by upstream firewall/router which is out of the PVE enviroment.
VM1: vlan 100
VM2: vlan 200
testing: curl from VM1 to VM2
The same results I have got with kernels

• proxmox-kernel-6.17
• proxmox-kernel-6.14
• proxmox-kernel-6.8

The same results I have got hwne try to offload the interface with ethtool: tso off gso off gro off tx off rx off

test case 1
VM1 and VM2 are on the same hypervizor

The result is about 50% time the CURL will timeout, as the tcp packets are lost somewhere.
It looks like the time interval it is working and not are repaating periodicaly.
The MTU 1500 work, ping 195.168.1.196 -M do -s 1472

test case 2
VM1 and VM2 are on the different hypervizors
all CURL wil finish as expected

test case 3
change the configuration of VM1 network to vmbr0 with tag 100
changing the network configuration of VM2 do not have any effect
all CURL wil finish as expected

test case 4
migrate the VM to another hypervizor
the same result as 1)


The problem seem to be somewhere on PVE, not on the netwrok part.
The similar issue we have got on other VMs with external traffic, not orginated on the PVE, but this I'm not able to repoduce.

Any idea? I spent few days with debuging also with the network operations.

regards
Peter

 

[shanreich]

Can you post the output of the following files / commands?

cat /etc/network/interfaces
cat /etc/network/interfaces.d/sdn

ip a
ip r

qm config <vmid>