Problem with only 1 vlan

[wcskoljka]

Hi,

I have a 2 node cluster Proxmox VE 3.2-4 with 3 vlans, one untagged and 2 tagged. On another proxmox machine, that is used only for testing purpose, all vlans works fine, but on both 2 node that are in cluster with the same configuration, one doesn't work..

This is the configuration of one of 2 node:
auto lo
iface lo inet loopback


auto bond0.9
iface bond0.9 inet manual
vlan-raw-device bond0


auto bond0.10
iface bond0.10 inet manual
vlan-raw-device bond0


auto bond0
iface bond0 inet manual
slaves eth0 eth1 eth2 eth3
bond_miimon 100
bond_mode 802.3ad


auto vmbr0
iface vmbr0 inet static
address xxx.xxx.xxx.xxx
netmask xxx.xxx.xxx.xxx
gateway xxx.xxx.xxx.xxx
bridge_ports bond0
bridge_stp off
bridge_fd 0


auto vmbr9
iface vmbr9 inet manual
bridge_ports bond0.9
bridge_stp off
bridge_fd 0


auto vmbr10
iface vmbr10 inet manual
bridge_ports bond0.10
bridge_stp off
bridge_fd 0

The vmbr0 and vmbr9 works fine, and the vmbr10 not. I tried to connect to the same ports on the switch the testing proxmox machine and all vlans works fine.

Any suggestion, where can I search for my problem?

Thank you in advice.

 

[udo]

Hi,

I have a 2 node cluster Proxmox VE 3.2-4 with 3 vlans, one untagged and 2 tagged.

Hi,
I had trouble with tagged and untagged vlans years ago (since that I use only with or without tagging).
Can you try if vmr10 work, if you use an dedicate nic for vmbr0?

Udo

 

[wcskoljka]

Hi,
I had trouble with tagged and untagged vlans years ago (since that I use only with or without tagging).
Can you try if vmr10 work, if you use an dedicate nic for vmbr0?

Udo

Hi,

now it would be a little difficult, because I have a TRUNK LACP active, for all the 4 ports of my server, so is there maybe another way to check what is going wrong?

If this maybe helps something, when I try a ping:
ping -I vmbr9 172.16.9.1
PING 172.16.9.1 (172.16.9.1) from xxx.xxx.xxx.xxx vmbr9: 56(84) bytes of data.
64 bytes from 172.16.9.1: icmp_req=1 ttl=64 time=0.510 ms

ping -I vmbr10 172.16.10.1
PING 172.16.10.1 (172.16.10.1) from xxx.xxx.xxx.xxx vmbr10: 56(84) bytes of data.
From xxx.xxx.xxx.xxx icmp_seq=2 Destination Host Unreachable


This is very strange for me, because when I try to ping trom the vmbr9 I receive the reply from 172.16.9.1 which is the router IP in vlan9, but when I try to do that from vmbr10 I receive the Destination Host Unreachable from my vmbr0 IP.

Thanks

 

[spirit]

Hi, where is defined the vmbr10 ip address ?

are you sure that vmbr10 is up ? (#brctl show ? #ip addr ?)


on the physical switch, is vlan10 allowed on all ports on the bonding ?

 

[wcskoljka]

Hi,

the vmbr10 and vmbr9 ip addresses are not defined in the nodes, is set to manual, but even if I try a ping from a VM a or a CT I got the same, this is what I tried now for an example:
from a CT in vmbr10: (IP is 172.16.10.55)
ping 172.16.10.1
From 172.16.10.55 icmp_seq=2 Destination Host Unreachable

from a CT in vmbr9: (IP is 172.16.9.3)
ping 172.16.9.1
64 bytes from 172.16.9.1: icmp_req=1 ttl=64 time=0.219 ms

#brctl show
bridge name bridge id STP enabled interfaces
vmbr0 8000.40f2e924537a no bond0
tap100i0
veth106.0
veth108.0
vmbr10 8000.40f2e924537a no bond0.10
vmbr9 8000.40f2e924537a no bond0.9

#ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc mq master bond0 state UP qlen 1000
link/ether 40:f2:e9:24:53:7a brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc mq master bond0 state UP qlen 1000
link/ether 40:f2:e9:24:53:7a brd ff:ff:ff:ff:ff:ff
4: eth2: <NO-CARRIER,BROADCAST,MULTICAST,SLAVE,UP> mtu 1500 qdisc mq master bond 0 state DOWN qlen 1000
link/ether 40:f2:e9:24:53:7a brd ff:ff:ff:ff:ff:ff
5: eth3: <NO-CARRIER,BROADCAST,MULTICAST,SLAVE,UP> mtu 1500 qdisc mq master bond 0 state DOWN qlen 1000
link/ether 40:f2:e9:24:53:7a brd ff:ff:ff:ff:ff:ff
7: usb0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 42:f2:e9:24:53:79 brd ff:ff:ff:ff:ff:ff
8: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether 40:f2:e9:24:53:7a brd ff:ff:ff:ff:ff:ff
9: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 40:f2:e9:24:53:7a brd ff:ff:ff:ff:ff:ff
inet xxx.xxx.xxx.xxx/26 brd xxx.xxx.xxx.xxx scope global vmbr0
inet6 fe80::42f2:e9ff:fe24:537a/64 scope link
valid_lft forever preferred_lft forever
10: vmbr9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOW N
link/ether 40:f2:e9:24:53:7a brd ff:ff:ff:ff:ff:ff
inet6 fe80::42f2:e9ff:fe24:537a/64 scope link
valid_lft forever preferred_lft forever
11: bond0.9@bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noque ue state UP
link/ether 40:f2:e9:24:53:7a brd ff:ff:ff:ff:ff:ff
12: vmbr10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNO WN
link/ether 40:f2:e9:24:53:7a brd ff:ff:ff:ff:ff:ff
inet6 fe80::42f2:e9ff:fe24:537a/64 scope link
valid_lft forever preferred_lft forever
13: bond0.10@bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqu eue state UP
14: venet0: <BROADCAST,POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue sta te UNKNOWN
link/void
inet6 fe80::1/128 scope link
valid_lft forever preferred_lft forever
15: veth106.0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UN KNOWN
link/ether 9e:90:f8:2e:24:c0 brd ff:ff:ff:ff:ff:ff
inet6 fe80::9c90:f8ff:fe2e:24c0/64 scope link
valid_lft forever preferred_lft forever
16: veth108.0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UN KNOWN
link/ether 06:47:b6:6b:f4:74 brd ff:ff:ff:ff:ff:ff
inet6 fe80::447:b6ff:fe6b:f474/64 scope link
valid_lft forever preferred_lft forever
29: tap100i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fas t state UNKNOWN qlen 500
link/ether da:47:ef:a1:e6:ee brd ff:ff:ff:ff:ff:ff
inet6 fe80::d847:efff:fea1:e6ee/64 scope link
valid_lft forever preferred_lft forever



On the physical switch the configuration is:
VLAN1:
Excluded
VLAN2:
Untagged
VLAN9:
Tagged
VLAN10:
Tagged

 

[spirit]

your #brctl show

show that nothing is plugged to vmbr9 and vmbr10

all veth and tap are on vmbr0.


can you post your contenairs config ? (/etc/pve/openvz/CTID.conf)

 

[wcskoljka]

Sure, here it is of a working CT on vmbr9:
ONBOOT="yes"
PHYSPAGES="0:262144"
SWAPPAGES="0:524288"
KMEMSIZE="487587840:536870912"
DCACHESIZE="243269632:268435456"
LOCKEDPAGES="131072"
PRIVVMPAGES="unlimited"
SHMPAGES="unlimited"
NUMPROC="unlimited"
VMGUARPAGES="0:unlimited"
OOMGUARPAGES="0:unlimited"
NUMTCPSOCK="unlimited"
NUMFLOCK="unlimited"
NUMPTY="unlimited"
NUMSIGINFO="unlimited"
TCPSNDBUF="unlimited"
TCPRCVBUF="unlimited"
OTHERSOCKBUF="unlimited"
DGRAMRCVBUF="unlimited"
NUMOTHERSOCK="unlimited"
NUMFILE="unlimited"
NUMIPTENT="unlimited"
# Disk quota parameters (in form of softlimit:hardlimit)
DISKSPACE="10G:11G"
DISKINODES="2000000:2200000"
QUOTATIME="0"
QUOTAUGIDLIMIT="0"
# CPU fair scheduler parameter
CPUUNITS="1000"
CPUS="1"
HOSTNAME="vasco.xxx.xxx"
SEARCHDOMAIN="xxx.xxx"
NAMESERVER="172.16.9.1 8.8.8.8"
NETIF="ifname=eth0,bridge=vmbr9,mac=26:56:EC:B5:3F:FF,host_ifname=veth105.0,host_mac=46:E5:20:AE:09:C6"
VE_ROOT="/var/lib/vz/root/105"
VE_PRIVATE="/var/lib/vz/private/105"
OSTEMPLATE="debian-7.0-standard_7.0-2_amd64.tar.gz"

and this is of one not working vmbr10:

ONBOOT="no"
PHYSPAGES="0:512M"
SWAPPAGES="0:512M"
KMEMSIZE="232M:256M"
DCACHESIZE="116M:128M"
LOCKEDPAGES="256M"
PRIVVMPAGES="unlimited"
SHMPAGES="unlimited"
NUMPROC="unlimited"
VMGUARPAGES="0:unlimited"
OOMGUARPAGES="0:unlimited"
NUMTCPSOCK="unlimited"
NUMFLOCK="unlimited"
NUMPTY="unlimited"
NUMSIGINFO="unlimited"
TCPSNDBUF="unlimited"
TCPRCVBUF="unlimited"
OTHERSOCKBUF="unlimited"
DGRAMRCVBUF="unlimited"
NUMOTHERSOCK="unlimited"
NUMFILE="unlimited"
NUMIPTENT="unlimited"
# Disk quota parameters (in form of softlimit:hardlimit)
DISKSPACE="4G:4613734"
DISKINODES="800000:880000"
QUOTATIME="0"
QUOTAUGIDLIMIT="0"
# CPU fair scheduler parameter
CPUUNITS="1000"
CPUS="1"
HOSTNAME="dtest.xxx.xxx"
SEARCHDOMAIN="xxx.xxx"
NAMESERVER="8.8.8.8 8.8.4.4"
NETIF="ifname=eth0,bridge=vmbr10,mac=DE:617:B8:94:48,host_ifname=veth111.0,host_mac=DE:23:06:099:ED"
VE_ROOT="/var/lib/vz/root/$VEID"
VE_PRIVATE="/var/lib/vz/private/111"
OSTEMPLATE="debian-7.0-standard_7.0-2_amd64.tar.gz"

The strange thing is that I don't understand, is why with the same configuration the vmbr9 works, and the vmbr10 not

 

[spirit]

I don't understand, because in your #brctl show

I see nowhere veth105.0 (vmbr9) or veth111.0(vmbr10).


Also note that currently, bridges cannot be changed when the container is running. (This is fixed in pvetest repository)

 

[wcskoljka]

Yes I know that cannot be changed when the container is running, for this testing purpose I created a new CT that was in vlan10 (vmbr10).

Any idea why the vmbr9 is working without problems and the vmbr10 not?

 

[spirit]

Any idea why the vmbr9 is working without problems and the vmbr10 not?

No, really no idea. all seem to be good.

Just to be sure, do you see you veth on vmbr10, with #brctl show when the container is running ?

 

[wcskoljka]

Hellow

I cannot believe but I found the solution...I tried to Exclude the vlan10 on the switch, applied the configuration and Tagget it again, applied the configuration and now it works...It seems, that the switch didn't apply correctly the first time.

Thank you all again for your time and help

Best regards

 

[spirit]

OK, great

Can you edit this post, mark it as SOLVED ?

thanks !