[SOLVED] LXC's on different linux bridges can still ping each other

anone

New Member
Nov 24, 2022
22
1
3
Here I am again,

the issue is quite simple (and was probably there for a few months but I never realised).

The promox I took over already had one linux bridge setup, VMBR0 (which I'm guessing is from the installation), I then created a second linux bridge to isolate my lxc's and vm's >> VMBR1.

All was good, untill I needed to make another linux Bridge. I do the exact same things, but when I try to make lxc's ping each other it doesn't work. So I look around, and surprise the NIC is down. I try to bring it up, but nothing. I go in the server room, and of course, no cables were plugged (except for the first one > VMBR0 ).

So I am sitting there with my colleagues, wondering how the heck it's been working for the past months.

Been doing some tests today and I realised that lxc's using VMBR0 could still ping lxc's using VMBR1 and vice versa. Am I missing something (probably) ?

192.168.100.10 can ping 192.168.100.254 and vice versa.

Physically speaking, eno5 (vmbr0) and eno6 (vmbr1) are plugged on a switch.​

Friendly yours,

Anone
 

Attachments

  • lxc_vmbr1.PNG
    lxc_vmbr1.PNG
    2 KB · Views: 11
  • lxc_vmbr2.PNG
    lxc_vmbr2.PNG
    7.9 KB · Views: 11
  • vmbr.PNG
    vmbr.PNG
    15.7 KB · Views: 11
eno5 and eno6 are in the same VLAN on the switch?

Then you have one large Ethernet over both bridges and all guests can see each other on layer 2. With the IP addresses in the same subnet they can also ping each other.

eno6 would have to be in a different VLAN and then you would need a router connecting both Ethernets, with a different IP subnet for the second.
 
Hello there,

thanks for the reply.

Yes eno5 and eno6 are in the same VLAN.

I have a router that does what you are saying, but since everything was working I didn't think eno's needed to be in a VLAN.
I only used addresses from same subnets to test, I assumed the linux bridges wouldn't be connected to one another.

So I MUST put eno5 and eno6 in different VLANS then ?

Friendly yours,

Anone
 
Indeed I am dumb ...

What was weird tho was the fact that I was able to ping a vm on VMBRR0 with a vm on VMBR1 (who's NIC wasn't connected to the switch).
I rebooted the whole thing and tried again and it seems like it's fixed (as they cannot communicate if one eno isn't connected which is good).

Thanks for your time and effort, I really need a break ahah

Friendly yours,

Anone
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!