Packet loss issue at VLAN SDN VNet.

dusatvoj · Nov 2, 2023

Hello,
I have a problem that I'm using VLAN SDN zones and at almost every VNet it looks good. But one VNet has a problem with packet loss (ping between VMs at same VLAN at same / diferrent nodes).

I have a stack with 4 nodes, connected via 2x 25Gbps LACP (DACs to nexus 9300 series).

This is result of long time ping:

Code:

--- XXX ping statistics ---
3260 packets transmitted, 2694 received, 17.362% packet loss, time 3335487ms
rtt min/avg/max/mdev = 0.095/0.193/0.464/0.037 ms

It looks that when I do a ping between nodes, the VLAN interface receives the ping but not forward to VM.

Ping betweeen VMs at diferrent hosts:

Code:

# ping elastic-01 | ts '[%Y-%m-%d %H:%M:%S]'
...
[2023-11-02 17:04:22] 64 bytes from elastic-01 (192.168.63.11): icmp_seq=29 ttl=64 time=0.286 ms
[2023-11-02 17:04:42] 64 bytes from elastic-01 (192.168.63.11): icmp_seq=48 ttl=64 time=0.328 ms
[2023-11-02 17:04:43] 64 bytes from elastic-01 (192.168.63.11): icmp_seq=49 ttl=64 time=0.229 ms

TcpDump at bridge VLAN IF from host with destination of ping at time:

Code:

17:04:22.933995 IP 192.168.63.1 > 192.168.63.11: ICMP echo request, id 2870, seq 29, length 64
17:04:22.934143 IP 192.168.63.11 > 192.168.63.1: ICMP echo reply, id 2870, seq 29, length 64
17:04:22.937027 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from ca:fe:42:e9:44:be (oui Unknown), length 300
17:04:22.937159 ARP, Request who-has 192.168.63.130 tell 192.168.63.1, length 42
17:04:22.937461 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from ca:fe:42:e9:44:be (oui Unknown), length 303
17:04:23.328730 STP 802.1w, Rapid STP, Flags [Learn, Forward], bridge-id 803f.00:23:04:ee:be:01.908f, length 42
17:04:23.936299 ARP, Request who-has 192.168.63.130 tell 192.168.63.1, length 42
17:04:23.957992 IP 192.168.63.1 > 192.168.63.11: ICMP echo request, id 2870, seq 30, length 64
17:04:23.958123 IP 192.168.63.11 > 192.168.63.1: ICMP echo reply, id 2870, seq 30, length 64
17:04:24.936309 ARP, Request who-has 192.168.63.130 tell 192.168.63.1, length 42
17:04:24.981987 IP 192.168.63.1 > 192.168.63.11: ICMP echo request, id 2870, seq 31, length 64
17:04:24.982091 IP 192.168.63.11 > 192.168.63.1: ICMP echo reply, id 2870, seq 31, length 64
17:04:25.328986 STP 802.1w, Rapid STP, Flags [Learn, Forward], bridge-id 803f.00:23:04:ee:be:01.908f, length 42
17:04:25.492452 IP 192.168.63.16.47442 > 192.168.63.1.domain: 13956+ SRV? _http._tcp.ftp.sh.cvut.cz. (43)
17:04:26.005984 IP 192.168.63.1 > 192.168.63.11: ICMP echo request, id 2870, seq 32, length 64
17:04:26.006112 IP 192.168.63.11 > 192.168.63.1: ICMP echo reply, id 2870, seq 32, length 64
17:04:26.936077 IP 192.168.63.4.57838 > 192.168.63.1.domain: 29567+ A? ftp.sh.cvut.cz. (32)
17:04:26.936086 IP 192.168.63.4.57838 > 192.168.63.1.domain: 54397+ AAAA? ftp.sh.cvut.cz. (32)
17:04:27.030052 IP 192.168.63.1 > 192.168.63.11: ICMP echo request, id 2870, seq 33, length 64
17:04:27.030188 IP 192.168.63.11 > 192.168.63.1: ICMP echo reply, id 2870, seq 33, length 64
17:04:27.329394 STP 802.1w, Rapid STP, Flags [Learn, Forward], bridge-id 803f.00:23:04:ee:be:01.908f, length 42
17:04:27.937265 IP 192.168.63.4.52032 > 192.168.63.1.domain: 58547+ A? security.debian.org. (37)
17:04:27.937273 IP 192.168.63.4.52032 > 192.168.63.1.domain: 20301+ AAAA? security.debian.org. (37)
17:04:28.054005 IP 192.168.63.1 > 192.168.63.11: ICMP echo request, id 2870, seq 34, length 64
17:04:28.054154 IP 192.168.63.11 > 192.168.63.1: ICMP echo reply, id 2870, seq 34, length 64
17:04:29.020972 ARP, Request who-has 192.168.63.1 tell 192.168.63.11, length 28
17:04:29.021035 ARP, Reply 192.168.63.1 is-at e0:23:ff:50:88:f0 (oui Unknown), length 42
17:04:29.077958 IP 192.168.63.1 > 192.168.63.11: ICMP echo request, id 2870, seq 35, length 64
17:04:29.078034 IP 192.168.63.11 > 192.168.63.1: ICMP echo reply, id 2870, seq 35, length 64
17:04:29.329074 STP 802.1w, Rapid STP, Flags [Learn, Forward], bridge-id 803f.00:23:04:ee:be:01.908f, length 42
17:04:29.828173 ARP, Request who-has 192.168.63.5 tell 192.168.63.1, length 42
17:04:30.102049 IP 192.168.63.1 > 192.168.63.11: ICMP echo request, id 2870, seq 36, length 64
17:04:30.102239 IP 192.168.63.11 > 192.168.63.1: ICMP echo reply, id 2870, seq 36, length 64
17:04:30.497741 IP 192.168.63.16.57505 > 192.168.63.1.domain: 23929+ A? ftp.sh.cvut.cz. (32)
17:04:30.497747 IP 192.168.63.16.57505 > 192.168.63.1.domain: 36728+ AAAA? ftp.sh.cvut.cz. (32)
17:04:30.651296 ARP, Request who-has 192.168.63.1 tell 192.168.63.16, length 28
17:04:30.651341 ARP, Reply 192.168.63.1 is-at e0:23:ff:50:88:f0 (oui Unknown), length 42
17:04:31.126031 IP 192.168.63.1 > 192.168.63.11: ICMP echo request, id 2870, seq 37, length 64
17:04:31.126177 IP 192.168.63.11 > 192.168.63.1: ICMP echo reply, id 2870, seq 37, length 64
17:04:31.328997 STP 802.1w, Rapid STP, Flags [Learn, Forward], bridge-id 803f.00:23:04:ee:be:01.908f, length 42
17:04:31.941165 IP 192.168.63.4.57838 > 192.168.63.1.domain: 29567+ A? ftp.sh.cvut.cz. (32)
17:04:31.941174 IP 192.168.63.4.57838 > 192.168.63.1.domain: 54397+ AAAA? ftp.sh.cvut.cz. (32)
17:04:32.150022 IP 192.168.63.1 > 192.168.63.11: ICMP echo request, id 2870, seq 38, length 64
17:04:32.150185 IP 192.168.63.11 > 192.168.63.1: ICMP echo reply, id 2870, seq 38, length 64
17:04:32.942347 IP 192.168.63.4.52032 > 192.168.63.1.domain: 58547+ A? security.debian.org. (37)
17:04:32.942355 IP 192.168.63.4.52032 > 192.168.63.1.domain: 20301+ AAAA? security.debian.org. (37)
17:04:33.173993 IP 192.168.63.1 > 192.168.63.11: ICMP echo request, id 2870, seq 39, length 64
17:04:33.174171 IP 192.168.63.11 > 192.168.63.1: ICMP echo reply, id 2870, seq 39, length 64
17:04:33.329253 STP 802.1w, Rapid STP, Flags [Learn, Forward], bridge-id 803f.00:23:04:ee:be:01.908f, length 42
17:04:34.121353 IP 192.168.63.4.60609 > ntp1.karneval.cz.ntp: NTPv4, Client, length 48
17:04:34.124982 IP ntp1.karneval.cz.ntp > 192.168.63.4.60609: NTPv4, Server, length 48
17:04:34.197999 IP 192.168.63.1 > 192.168.63.11: ICMP echo request, id 2870, seq 40, length 64
17:04:34.198175 IP 192.168.63.11 > 192.168.63.1: ICMP echo reply, id 2870, seq 40, length 64
17:04:35.222011 IP 192.168.63.1 > 192.168.63.11: ICMP echo request, id 2870, seq 41, length 64
17:04:35.222184 IP 192.168.63.11 > 192.168.63.1: ICMP echo reply, id 2870, seq 41, length 64
17:04:35.328904 STP 802.1w, Rapid STP, Flags [Learn, Forward], bridge-id 803f.00:23:04:ee:be:01.908f, length 42
17:04:35.502870 IP 192.168.63.16.57505 > 192.168.63.1.domain: 23929+ A? ftp.sh.cvut.cz. (32)
17:04:35.502878 IP 192.168.63.16.57505 > 192.168.63.1.domain: 36728+ AAAA? ftp.sh.cvut.cz. (32)
17:04:36.246008 IP 192.168.63.1 > 192.168.63.11: ICMP echo request, id 2870, seq 42, length 64
17:04:36.246154 IP 192.168.63.11 > 192.168.63.1: ICMP echo reply, id 2870, seq 42, length 64
17:04:36.946327 IP 192.168.63.4.38107 > 192.168.63.1.domain: 41495+ A? ftp.sh.cvut.cz.mon.private. (44)
17:04:36.946337 IP 192.168.63.4.38107 > 192.168.63.1.domain: 27418+ AAAA? ftp.sh.cvut.cz.mon.private. (44)
17:04:37.269988 IP 192.168.63.1 > 192.168.63.11: ICMP echo request, id 2870, seq 43, length 64
17:04:37.270149 IP 192.168.63.11 > 192.168.63.1: ICMP echo reply, id 2870, seq 43, length 64
17:04:37.329490 STP 802.1w, Rapid STP, Flags [Learn, Forward], bridge-id 803f.00:23:04:ee:be:01.908f, length 42
17:04:37.947501 IP 192.168.63.4.40717 > 192.168.63.1.domain: 40539+ A? security.debian.org.mon.private. (49)
17:04:37.947510 IP 192.168.63.4.40717 > 192.168.63.1.domain: 5470+ AAAA? security.debian.org.mon.private. (49)
17:04:38.293985 IP 192.168.63.1 > 192.168.63.11: ICMP echo request, id 2870, seq 44, length 64
17:04:38.294117 IP 192.168.63.11 > 192.168.63.1: ICMP echo reply, id 2870, seq 44, length 64
17:04:39.126387 ARP, Request who-has 192.168.63.4 tell 192.168.63.1, length 42
17:04:39.126532 ARP, Reply 192.168.63.4 is-at ca:fe:42:e1:c4:0e (oui Unknown), length 28
17:04:39.318011 IP 192.168.63.1 > 192.168.63.11: ICMP echo request, id 2870, seq 45, length 64
17:04:39.318199 IP 192.168.63.11 > 192.168.63.1: ICMP echo reply, id 2870, seq 45, length 64
17:04:39.328155 IP 192.168.63.11.34150 > netopyr.hanacke.net.ntp: NTPv4, Client, length 48
17:04:39.329046 STP 802.1w, Rapid STP, Flags [Learn, Forward], bridge-id 803f.00:23:04:ee:be:01.908f, length 42
17:04:39.334937 IP netopyr.hanacke.net.ntp > 192.168.63.11.34150: NTPv4, Server, length 48
17:04:40.342018 IP 192.168.63.1 > 192.168.63.11: ICMP echo request, id 2870, seq 46, length 64
17:04:40.342176 IP 192.168.63.11 > 192.168.63.1: ICMP echo reply, id 2870, seq 46, length 64
17:04:40.507997 IP 192.168.63.16.41954 > 192.168.63.1.domain: 26199+ A? ftp.sh.cvut.cz.mon.private. (44)
17:04:40.508004 IP 192.168.63.16.41954 > 192.168.63.1.domain: 37194+ AAAA? ftp.sh.cvut.cz.mon.private. (44)
17:04:41.329304 STP 802.1w, Rapid STP, Flags [Learn, Forward], bridge-id 803f.00:23:04:ee:be:01.908f, length 42
17:04:41.365968 IP 192.168.63.1 > 192.168.63.11: ICMP echo request, id 2870, seq 47, length 64
17:04:41.366091 IP 192.168.63.11 > 192.168.63.1: ICMP echo reply, id 2870, seq 47, length 64
17:04:41.397922 ARP, Request who-has 192.168.63.11 tell 192.168.63.1, length 42
17:04:41.397969 ARP, Reply 192.168.63.11 is-at ca:fe:42:82:b7:2d (oui Unknown), length 28
17:04:41.951389 IP 192.168.63.4.38107 > 192.168.63.1.domain: 41495+ A? ftp.sh.cvut.cz.mon.private. (44)
17:04:41.951397 IP 192.168.63.4.38107 > 192.168.63.1.domain: 27418+ AAAA? ftp.sh.cvut.cz.mon.private. (44)
17:04:42.390047 IP 192.168.63.1 > 192.168.63.11: ICMP echo request, id 2870, seq 48, length 64
17:04:42.390210 IP 192.168.63.11 > 192.168.63.1: ICMP echo reply, id 2870, seq 48, length 64
17:04:42.952586 IP 192.168.63.4.40717 > 192.168.63.1.domain: 40539+ A? security.debian.org.mon.private. (49)
17:04:42.952595 IP 192.168.63.4.40717 > 192.168.63.1.domain: 5470+ AAAA? security.debian.org.mon.private. (49)
17:04:43.328937 STP 802.1w, Rapid STP, Flags [Learn, Forward], bridge-id 803f.00:23:04:ee:be:01.908f, length 42
17:04:43.413973 IP 192.168.63.1 > 192.168.63.11: ICMP echo request, id 2870, seq 49, length 64
17:04:43.414096 IP 192.168.63.11 > 192.168.63.1: ICMP echo reply, id 2870, seq 49, length 64
17:04:44.336406 ARP, Request who-has 192.168.63.11 tell 192.168.63.1, length 42
17:04:44.336528 ARP, Reply 192.168.63.11 is-at ca:fe:42:82:b7:2d (oui Unknown), length 28
17:04:44.437997 IP 192.168.63.1 > 192.168.63.11: ICMP echo request, id 2870, seq 50, length 64
17:04:44.438092 IP 192.168.63.11 > 192.168.63.1: ICMP echo reply, id 2870, seq 50, length 64
17:04:45.328914 STP 802.1w, Rapid STP, Flags [Learn, Forward], bridge-id 803f.00:23:04:ee:be:01.908f, length 42

TcpDump at bridge VLAN IF from host with source of ping at time:

Code:

17:04:21.911308 IP 192.168.63.1 > 192.168.63.11: ICMP echo request, id 2870, seq 28, length 64
17:04:21.911496 IP 192.168.63.11 > 192.168.63.1: ICMP echo reply, id 2870, seq 28, length 64
17:04:22.935310 IP 192.168.63.1 > 192.168.63.11: ICMP echo request, id 2870, seq 29, length 64
17:04:22.935494 IP 192.168.63.11 > 192.168.63.1: ICMP echo reply, id 2870, seq 29, length 64
17:04:22.938327 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from ca:fe:42:e9:44:be (oui Unknown), length 300
17:04:22.938476 ARP, Request who-has 192.168.63.130 tell 192.168.63.1, length 42
17:04:22.938650 IP 192.168.63.1.bootps > 192.168.63.7.bootpc: BOOTP/DHCP, Reply, length 346
17:04:22.938786 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from ca:fe:42:e9:44:be (oui Unknown), length 303
17:04:22.938974 IP 192.168.63.1.bootps > 192.168.63.7.bootpc: BOOTP/DHCP, Reply, length 346
17:04:23.329952 STP 802.1w, Rapid STP, Flags [Learn, Forward], bridge-id 803f.00:23:04:ee:be:01.908c, length 42
17:04:23.937630 ARP, Request who-has 192.168.63.130 tell 192.168.63.1, length 42
17:04:23.959301 IP 192.168.63.1 > 192.168.63.11: ICMP echo request, id 2870, seq 30, length 64
17:04:24.937641 ARP, Request who-has 192.168.63.130 tell 192.168.63.1, length 42
17:04:24.983291 IP 192.168.63.1 > 192.168.63.11: ICMP echo request, id 2870, seq 31, length 64
17:04:25.330210 STP 802.1w, Rapid STP, Flags [Learn, Forward], bridge-id 803f.00:23:04:ee:be:01.908c, length 42
17:04:26.007293 IP 192.168.63.1 > 192.168.63.11: ICMP echo request, id 2870, seq 32, length 64
17:04:27.031358 IP 192.168.63.1 > 192.168.63.11: ICMP echo request, id 2870, seq 33, length 64
17:04:27.330626 STP 802.1w, Rapid STP, Flags [Learn, Forward], bridge-id 803f.00:23:04:ee:be:01.908c, length 42
17:04:28.055320 IP 192.168.63.1 > 192.168.63.11: ICMP echo request, id 2870, seq 34, length 64
17:04:29.079271 IP 192.168.63.1 > 192.168.63.11: ICMP echo request, id 2870, seq 35, length 64
17:04:29.330304 STP 802.1w, Rapid STP, Flags [Learn, Forward], bridge-id 803f.00:23:04:ee:be:01.908c, length 42
17:04:29.829513 ARP, Request who-has 192.168.63.5 tell 192.168.63.1, length 42
17:04:30.103366 IP 192.168.63.1 > 192.168.63.11: ICMP echo request, id 2870, seq 36, length 64
17:04:31.127344 IP 192.168.63.1 > 192.168.63.11: ICMP echo request, id 2870, seq 37, length 64
17:04:31.330223 STP 802.1w, Rapid STP, Flags [Learn, Forward], bridge-id 803f.00:23:04:ee:be:01.908c, length 42
17:04:32.151339 IP 192.168.63.1 > 192.168.63.11: ICMP echo request, id 2870, seq 38, length 64
17:04:33.175303 IP 192.168.63.1 > 192.168.63.11: ICMP echo request, id 2870, seq 39, length 64
17:04:33.330481 STP 802.1w, Rapid STP, Flags [Learn, Forward], bridge-id 803f.00:23:04:ee:be:01.908c, length 42
17:04:34.199312 IP 192.168.63.1 > 192.168.63.11: ICMP echo request, id 2870, seq 40, length 64
17:04:35.223325 IP 192.168.63.1 > 192.168.63.11: ICMP echo request, id 2870, seq 41, length 64
17:04:35.330118 STP 802.1w, Rapid STP, Flags [Learn, Forward], bridge-id 803f.00:23:04:ee:be:01.908c, length 42
17:04:36.247321 IP 192.168.63.1 > 192.168.63.11: ICMP echo request, id 2870, seq 42, length 64
17:04:37.271302 IP 192.168.63.1 > 192.168.63.11: ICMP echo request, id 2870, seq 43, length 64
17:04:37.330703 STP 802.1w, Rapid STP, Flags [Learn, Forward], bridge-id 803f.00:23:04:ee:be:01.908c, length 42
17:04:38.295302 IP 192.168.63.1 > 192.168.63.11: ICMP echo request, id 2870, seq 44, length 64
17:04:39.319317 IP 192.168.63.1 > 192.168.63.11: ICMP echo request, id 2870, seq 45, length 64
17:04:39.330264 STP 802.1w, Rapid STP, Flags [Learn, Forward], bridge-id 803f.00:23:04:ee:be:01.908c, length 42
17:04:40.343325 IP 192.168.63.1 > 192.168.63.11: ICMP echo request, id 2870, seq 46, length 64
17:04:41.330531 STP 802.1w, Rapid STP, Flags [Learn, Forward], bridge-id 803f.00:23:04:ee:be:01.908c, length 42
17:04:41.367266 IP 192.168.63.1 > 192.168.63.11: ICMP echo request, id 2870, seq 47, length 64
17:04:41.399241 ARP, Request who-has 192.168.63.11 tell 192.168.63.1, length 28
17:04:41.399320 ARP, Reply 192.168.63.11 is-at ca:fe:42:82:b7:2d (oui Unknown), length 42
17:04:42.391344 IP 192.168.63.1 > 192.168.63.11: ICMP echo request, id 2870, seq 48, length 64
17:04:42.391561 IP 192.168.63.11 > 192.168.63.1: ICMP echo reply, id 2870, seq 48, length 64
17:04:43.330171 STP 802.1w, Rapid STP, Flags [Learn, Forward], bridge-id 803f.00:23:04:ee:be:01.908c, length 42
17:04:43.415284 IP 192.168.63.1 > 192.168.63.11: ICMP echo request, id 2870, seq 49, length 64
17:04:43.415445 IP 192.168.63.11 > 192.168.63.1: ICMP echo reply, id 2870, seq 49, length 64
17:04:44.439310 IP 192.168.63.1 > 192.168.63.11: ICMP echo request, id 2870, seq 50, length 64
17:04:45.330144 STP 802.1w, Rapid STP, Flags [Learn, Forward], bridge-id 803f.00:23:04:ee:be:01.908c, length 42
17:04:45.463280 IP 192.168.63.1 > 192.168.63.11: ICMP echo request, id 2870, seq 51, length 64

Ping from the GW VM (has 2 NICs) to some alpine VM in other VLAN work's like a charm

---

Many thank's for every help.

dusatvoj · Nov 2, 2023

Code:

# pveversion -v
proxmox-ve: 8.0.2 (running kernel: 6.2.16-18-pve)
pve-manager: 8.0.4 (running version: 8.0.4/d258a813cfa6b390)
pve-kernel-6.2: 8.0.5
proxmox-kernel-helper: 8.0.3
pve-kernel-5.15: 7.4-4
proxmox-kernel-6.2.16-18-pve: 6.2.16-18
proxmox-kernel-6.2: 6.2.16-18
pve-kernel-6.2.16-5-pve: 6.2.16-6
pve-kernel-6.2.16-3-pve: 6.2.16-3
pve-kernel-5.15.108-1-pve: 5.15.108-1
pve-kernel-5.15.102-1-pve: 5.15.102-1
ceph: 17.2.6-pve1+3
ceph-fuse: 17.2.6-pve1+3
corosync: 3.1.7-pve3
criu: 3.17.1-2
glusterfs-client: 10.3-5
ifupdown2: 3.2.0-1+pmx5
ksm-control-daemon: 1.4-1
libjs-extjs: 7.0.0-4
libknet1: 1.28-pve1
libproxmox-acme-perl: 1.4.6
libproxmox-backup-qemu0: 1.4.0
libproxmox-rs-perl: 0.3.1
libpve-access-control: 8.0.5
libpve-apiclient-perl: 3.3.1
libpve-common-perl: 8.0.9
libpve-guest-common-perl: 5.0.5
libpve-http-server-perl: 5.0.4
libpve-network-perl: 0.8.1
libpve-rs-perl: 0.8.5
libpve-storage-perl: 8.0.2
libspice-server1: 0.15.1-1
lvm2: 2.03.16-2
lxc-pve: 5.0.2-4
lxcfs: 5.0.3-pve3
novnc-pve: 1.4.0-2
proxmox-backup-client: 3.0.3-1
proxmox-backup-file-restore: 3.0.3-1
proxmox-kernel-helper: 8.0.3
proxmox-mail-forward: 0.2.0
proxmox-mini-journalreader: 1.4.0
proxmox-widget-toolkit: 4.0.9
pve-cluster: 8.0.4
pve-container: 5.0.4
pve-docs: 8.0.5
pve-edk2-firmware: 3.20230228-4
pve-firewall: 5.0.3
pve-firmware: 3.8-3
pve-ha-manager: 4.0.2
pve-i18n: 3.0.7
pve-qemu-kvm: 8.0.2-7
pve-xtermjs: 4.16.0-3
qemu-server: 8.0.7
smartmontools: 7.3-pve1
spiceterm: 3.3.0
swtpm: 0.8.0+pve1
vncterm: 1.8.0
zfsutils-linux: 2.1.13-pve1

Search

Search

Packet loss issue at VLAN SDN VNet.

dusatvoj

Member

dusatvoj

Member