Hi guys,
We've installed proxmox with open-vswitch to use vxlan over a ovs-bridge. This has been working for a while but it seems that if you enable the pve-firewall, the VMs are not using the ovs-bridge any more and instead use a newly generated "fw" - bridge, e.g.
24: tap9999i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 8900 qdisc pfifo_fast master fwbr9999i0 state UNKNOWN group default qlen 1000
40: fwbr9999i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
41: fwln9999o0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr9999i0 state UNKNOWN group default qlen 1
So the primary interface of VM 9999 (tap9999i0) is using the new bridge fwbr9999i0 for its traffic. Previously (before the pve-firewall activation), it was set to use 'ovs-system', e.g.
10: tap19999i1: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 8900 qdisc pfifo_fast master ovs-system state UNKNOWN group default qlen 1000
Our main problem is that now we can't set the MTU to 8900 (for jumbo-frames) for that VM interface (and the ovs-bridge will fall back to MTU 1500). Without the firewall all is working as expected.
Has anyone had similar issues / setups or any thoughts?
/etc/network/interfaces:
iface eth0 inet manual
mtu 9000
auto vmbr1
iface vmbr1 inet manual
ovs_type OVSBridge
ovs_ports vx1 vx2
mtu 8900
auto vx1
allow-vmbr1 vx1
iface vx1 inet manual
ovs_type OVSTunnel
ovs_bridge vmbr1
ovs_tunnel_type vxlan
ovs_tunnel_options options:remote_ip=xx.xx.xx.xx options:key=flow options:dst_port=9999
We've installed proxmox with open-vswitch to use vxlan over a ovs-bridge. This has been working for a while but it seems that if you enable the pve-firewall, the VMs are not using the ovs-bridge any more and instead use a newly generated "fw" - bridge, e.g.
24: tap9999i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 8900 qdisc pfifo_fast master fwbr9999i0 state UNKNOWN group default qlen 1000
40: fwbr9999i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
41: fwln9999o0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr9999i0 state UNKNOWN group default qlen 1
So the primary interface of VM 9999 (tap9999i0) is using the new bridge fwbr9999i0 for its traffic. Previously (before the pve-firewall activation), it was set to use 'ovs-system', e.g.
10: tap19999i1: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 8900 qdisc pfifo_fast master ovs-system state UNKNOWN group default qlen 1000
Our main problem is that now we can't set the MTU to 8900 (for jumbo-frames) for that VM interface (and the ovs-bridge will fall back to MTU 1500). Without the firewall all is working as expected.
Has anyone had similar issues / setups or any thoughts?
/etc/network/interfaces:
iface eth0 inet manual
mtu 9000
auto vmbr1
iface vmbr1 inet manual
ovs_type OVSBridge
ovs_ports vx1 vx2
mtu 8900
auto vx1
allow-vmbr1 vx1
iface vx1 inet manual
ovs_type OVSTunnel
ovs_bridge vmbr1
ovs_tunnel_type vxlan
ovs_tunnel_options options:remote_ip=xx.xx.xx.xx options:key=flow options:dst_port=9999
