[SOLVED] PBS Linux Bond

[Solarstorm]

Hi there,

I have built a server which is only for Proxmox backup. I have installed a network card with 4 ports and now want to create a bond. I am currently accessing the website via the onboard network card. If I now create a Linux bond with the 4 network cards, it is there. If I then create a vmbr1 with the bond that has just been created, the website is no longer accessible. Of course, I gave the onboard network card a different IP than the bond. I've added 3 pictures here. Once how I created the bond, once how I created the vmbr1 and once the etc / network / interfaces file without the added vmbr1 which doesn't work. Can someone please tell me where I made a mistake?

Best regards
Marcel

 

[Stoiko Ivanov]

Hope I understood that right:
* both enp12s0 and vmbr1 have IP's in the same network? (10.0.0.0/8)?

If that's the case then my guess is that - either the bond interface does have problems coming up (check by locally connecting to the console and running `ip link` and `ip address` and `ip route`) - or the routing table sends the response packets out the wrong interface

are all interfaces in the same network segment (same layer 2 network/ same switch)?

Having the same network configured twice (even with different IPs) on different interfaces usually causes troubles
(also, unless you have a particular reason for it I would suggest keeping the IP-networks smaller (/24 instead of /8))

Apart from that - why do you add a bridge on top of the bond? (for PVE it is needed since you plug in all guests' interfaces into the bridge - for PBS it is not necessary)

I hope this helps!

 

[Solarstorm]

Thank you for your answer.

All enp are in the same network. I now want the PBS to be accessible via the Linux Bond and no longer via the onboard enp12s0 network card.

For IP networks I also had 24 instead of 8. I only entered 8 there for the image.

I made a bridge because I thought it had to be done that way. With PVE this is necessary.

How can I change the PBS communicates via the bond and no longer via the onboard enp12s0?

I created the bond as a failover.

 

[Stoiko Ivanov]

If you want to change the IP and the interface:
* edit /etc/network/interfaces (via GUI or via CLI)
* make sure you have a correct entry in /etc/hosts
* run `ifreload`
* check the logs if everything works
* restart proxmox-backup-proxy and proxmox-backup-api

How can I change the PBS communicates via the bond and no longer via the onboard enp12s0?

remove the configuration from enp12s0
(or as said - use 2 different networks for both)

For IP networks I also had 24 instead of 8. I only entered 8 there for the image.

Not sure I understand that? - how is the actual configuration?
if you have /24 in your network then you need to configure /24 on PBS as well (else PBS will try to directly respond to any address in 10.0.0.0/8 and not send it to its default gateway)...

I created the bond as a failover.

Also not sure I understand that - in the screenshot of /etc/network/interfaces you have 802.1ad as bond-mode (LACP) - for this to work you need to have a LACP capable switch on the other side (and configure the LACP there as well)?

I hope this helps

 

[Solarstorm]

I have everything in my network / 24

I have now given the bond the IP address which it should have later. 10.1.1.250/24

I have now given the enp12s0 192.168.1.1/24. So i have now separated the networks. in etc / hosts is 10.1.1.250. I think that's so right. I can still only access the website via 192.168.1.1. the 10.1.1.250 does not work.

I have a D-Link DGS1210-24 which supports LACP and I configured it that way. My PVE has been running with LACP bonding for a long time.

 

[Stoiko Ivanov]

please post the output of:

ip link
ip address
ip route

also check if the network comes up in the journal after rebooting (journalctl -b gives you the journal since the last boot)

 

[Solarstorm]

I hope I did everything right.

 

[Stoiko Ivanov]

that looks right and ok ...

can you ping your default gateway on 10.1.1.1.1

ping -c 4 10.1.1.1

is proxmox-backup-proxy listening on all interfaces (it most likely does):

netstat -tlnp |grep 8007

finally - try checking if your connections attempts to 10.1.1.250 really reach the server:

tcpdump -envi bond0 port 8007

 

[Solarstorm]

The ping showed that 10.1.1.1 cannot be reached. I entered the same command at PVE. This is connected to the same switch. The ping was successful there

the netstat -tlnp | grep 8007 command does not work.

 

[Stoiko Ivanov]

The ping showed that 10.1.1.1 cannot be reached. I entered the same command at PVE. This is connected to the same switch. The ping was successful there

my guess here would be that the switch config is the problem (maybe the LACP bond on the switch is not in the right VLAN/has the wrong VLAN as default?)
but in any case - this seems to be the core problem here - if you cannot reach the gateway on the bond - then the connection from the outside won't reach PBS...

the netstat -tlnp | grep 8007 command does not work.

sorry - old muscle memory kicking in - netstat is not installed by default since quite a long time (you can still install the 'net-tools' package)
Nowadays `ss -tlnp` should work on any somewhat reasonable linux

 

[Solarstorm]

the LACP bond is in the same vlan. I put PVE on the same LAN ports as a test. PVE is running. The problem has to be in PBS. In PVE I configured the bond in less than 5 minutes and it works without any problems. I don't understand why PBS is now causing problems

 

[Solarstorm]

I have now removed the bond from the PBS and also deactivated the LACP in the switch. I have now assigned a different IP to each network card. Then I tried to ping these IPs on another PC. No IP works. I find that very strange.

 

[Stoiko Ivanov]

I have now removed the bond from the PBS and also deactivated the LACP in the switch. I have now assigned a different IP to each network card. Then I tried to ping these IPs on another PC. No IP works. I find that very strange.

Seems like a good step to getting this bug resolved!

anything relevant from the switch logs?
can you ping the IP on the NIC if you directly plug a laptop to one of the NICs?

 

[Solarstorm]

I thank you for all your help.
I've tested that. I cannot ping the network card. I think the network card is broken. I expect a new network card tomorrow. It is the same as what is built into PVE. If it doesn't work then I give up.

 

[Stoiko Ivanov]

I've tested that. I cannot ping the network card. I think the network card is broken. I expect a new network card tomorrow. It is the same as what is built into PVE. If it doesn't work then I give up.

I have my fingers crossed that the issue gets fixed with the new NIC!

 

[Solarstorm]

I have now installed and configured the new network card. that LACP Bond works perfectly.

best regards,
Marcel