Network storm

P

popey

New Member
Jul 24, 2020
22
0
1
40
I've created network storm and unaccessible switches :/ I didn't configure interfaces properly and take out whole network in my company. From the switches side - there was configured a port channel made up from two links.

Here is my configuration. Is this really so easy to take out two enterprise switches or network guys didn't configure port channel properly?
auto vmbr0
iface vmbr0 inet manual
bridge_ports eth1 eth2
bridge_stp off
bridge_fd 0
bridge_vlan_aware yes

auto vmbr0.666
iface vmbr0.666 inet static
address 10.0.0.2
netmask 255.255.255.0
gateway 10.0.0.1
Click to expand...
 
You connected two interfaces to a bridge in linux, you created a loop, you have stp turned off too, which could have prevented the issue.

I dont see any LAG/LACP configuration.
 
Old discussion but in my opinion default network configuration created by Proxmox VE installer is dangerous.
Why not create bond0 in active/passive by default and set bridge_ports to bond0?

That would also allow to add all ports to bond by default instead of just one and it would be must more clear for users that which part of config to modify.

PS. So yes, I managed also cause network loop with this as it is a bit too easy to just add second port to bridge_ports and config in switch side was incorrect.
 
olljanat said:
Why not create bond0 in active/passive by default and set bridge_ports to bond0?
Click to expand...
Because not all NICs are necessarily part of the same network. The installer is mainly for getting basic network connectivity in the management network going. Advanced network configuration should be made via the PVE Web UI.
 
  • Like
Reactions: wigor and PmUserZFS
If you happen to choose wrong interface in installer (like I did) then you don't have access to PVE Web UI and you are forced to manually modify interface config (and I thought that it would be good idea to add "secondary" interface when needed anyway modify that config without realizing that it is bridge, not bond config).

But that was just tip to how make new users experience a bit easier as I know that example Nutanix AHV works exactly like that all NICs are part of bond by default to make it simple to get network working and and actual network configuration will be done after access to management tools works (and I'm actually trying to install Proxmox VE to old Nutanix nodes to be able to compare).
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom