[SOLVED] Open vSwitch VMs connection lost

[showiproute]

Hello everyone,

I recently tried OVS and moved me network over to it.
After a server reboot everything worked fine and flawless but after a couple of minutes my VM began to loose connection.

I rebooted the server another time and the loop began again - worked, then didn't.

My initial setup was:

VLAN 10 for management (this was not tagged on Proxmox as the tagging happens on my switch)
VLAN 20 for my VMs.

A couple of the VMs was pingable - the rest not.
Also if I connect via console no ping was possible.

Any glues what happened?

 

[showiproute]

Just an additional thing which I found:

If I create a OVS via the GUI it looks like:

+auto vmbr1
+iface vmbr1 inet manual
+    ovs_type OVSBridge
+    ovs_ports ens5f0v1
+    ovs_mtu 9000

According to all the guidlines and manuals there should be an additional allow-ovs <bridge name>

Is this missing in the GUI config?

 

[spirit]

Just an additional thing which I found:

If I create a OVS via the GUI it looks like:

+auto vmbr1
+iface vmbr1 inet manual
+    ovs_type OVSBridge
+    ovs_ports ens5f0v1
+    ovs_mtu 9000

According to all the guidlines and manuals there should be an additional allow-ovs <bridge name>

Is this missing in the GUI config?

if you use ifupdown2, it's use classic "auto ..." configuration

 

[spirit]

A couple of the VMs was pingable - the rest not.
Also if I connect via console no ping was possible.

do you ping from the same vlan ? or remotly through gateway ?

 

[showiproute]

do you ping from the same vlan ? or remotly through gateway ?

I tried both.

Pinging on the same VLAN/subnet, pinging from external - did not work.

What is interessting: For the Proxmox server I created a dedicated port (OVSIntPort) - when pinging it from my workstation I got a timeout.
As soon I sent a ping from Proxmox to my workstation it took 2, 3 seconds but then the ping worked and also again from my workstation.

 

[spirit]

What is interessting: For the Proxmox server I created a dedicated port (OVSIntPort) - when pinging it from my workstation I got a timeout.
As soon I sent a ping from Proxmox to my workstation it took 2, 3 seconds but then the ping worked and also again from my workstation.

and your workstation is on same lan/subnet than your ovsinport ?

 

[showiproute]

Salut @spirit ,

yes they are on the same lan/subnet/vlan - even on the same switch.

First I have worked with untagged VLAN then tagged via the ovsintport - both do not work.

 

[showiproute]

Also my VMs which are running within the same subnet/vlan can ping each other and loose connection after a period of time.

 

[showiproute]

My configuration would look like this:

# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!

auto lo
iface lo inet loopback

iface eno2 inet manual

iface eno1 inet manual

iface eno3 inet manual

iface eno4 inet manual

auto ens5f0
iface ens5f0 inet manual

iface ens5f0v1 inet manual

iface ens5f0v2 inet manual

iface ens5f0v3 inet manual

iface ens5f1v0 inet manual

iface ens5f1v1 inet manual

iface ens5f1v2 inet manual

iface ens5f1v3 inet manual



auto ens5f1
allow-vmbr0 ens5f1
iface ens5f1 inet manual
        ovs_type OVSPort
        ovs_bridge vmbr0
        #ovs_options tag=1 vlan_mode=native-untagged other_config:rstp-enable=true other_config:rstp-path-cost=2100 other_config:rstp-port-admin-edge=false other_config:rstp-port-auto-edge=false other_config:rstp-port-mcheck=true
        ovs_mtu 9000

auto vlan10
allow-vmbr0 vlan10
iface vlan10 inet static
        address 192.168.10.242
        netmask 255.255.255.0
        gateway 192.168.10.254
        ovs_type OVSIntPort
        ovs_bridge vmbr0
        ovs_mtu 9000
        ovs_options tag=10

allow-ovs vmbr0
iface vmbr0 inet manual
        ovs_type OVSBridge
        ovs_ports ens5f1 vlan10
        #up ovs-vsctl set Bridge ${IFACE} rstp_enable=true other_config:rstp-priority=32768 other_config:rstp-forward-delay=15 other_config:rstp-max-age=20
        ovs_mtu 9000
        #post-up sleep 10

 

[showiproute]

Not sure if this is necessary or not but I am using an Intel X550-T2
ens5f0 is only being used as a Virtual Function being connected to my file server
ens5f1 would for bridges.

With a linux bridge it runs without any issues.

 

[spirit]

mmm, I really don't known what is the problem, but about the config:

if you use ifupdown2, you should only have "auto ..." and not "allow-*".

and if you use ifupdown1, you should have only "allow-xxx" and not "auto*".


I'really not sure about virtual functions, maybe it's not supported fine by ovs.
your problem looks like mac-address-table of ovs loosing macs address, but I never see this before.

do you have a special need for use ovs instead linux bridge ?

 

[showiproute]

if you use ifupdown2, you should only have "auto ..." and not "allow-*".

and if you use ifupdown1, you should have only "allow-xxx" and not "auto*".

I have tried both - they were working but then stopped.
I have tried allow-* as it was mentioned in the documentation but will try the auto-* thing as I am using ifupdown2

In general I do not have a special need for ovs instead of a Linux bridge. I was just playing around with it to see if I could get any benefits of it.

Regarding virtual functions: They are not part of the bridge (neither ovs nor linux).
It's dedicated for my fileserver which runs on a separate link.

Is there any log/journalct which I could verify for the suggeted loosing MAC addresses?

 

[showiproute]

Another information regarding my last post:
If I configure OVS via GUI and do not edit anything on the CLI I can see following error:
May 07 18:53:56 proxmox1 openvswitch-switch[1168]: error: main exception: no ifaces found matching given allow lists

 

[spirit]

Is there any log/journalct which I could verify for the suggeted loosing MAC addresses?

" ovs-appctl fdb/show vmbrX" should display the mac address table

In general I do not have a special need for ovs instead of a Linux bridge. I was just playing around with it to see if I could get any benefits of it.

I think the only usefull feature could be port mirroring, it's a little bit difficult to implement with linux bridge. but if you don"t need it, just keep linux bridge.

error: main exception: no ifaces found matching given allow lists

seem related to "allow-xxx", I don't known when it's occur if you have this with ifupdown1 or ifupdown2, and how is your /etc/network/interfaces.

 

[showiproute]

yeah I'll stick with regular linux bridges as it is a problem if VMs are no longer reachable via LAN.

seem related to "allow-xxx", I don't known when it's occur if you have this with ifupdown1 or ifupdown2, and how is your /etc/network/interfaces.

I have uninstall ifupdown1 and just kept ifupdown2. Even after a whole server restart this message can be found at the logs.