Proxmox Linux Bridge on Debian Failing to Get IP Address

[lgjunior]

Good afternoon,


I would like to know what else I can check to help my VM connect to the network. I installed Proxmox under Debian following the wiki (https://pve.proxmox.com/wiki/Install_Proxmox_VE_on_Debian_12_Bookworm) and created the Linux Bridge vmbr0. However, when I create a VM using vmbr0 as the network device, the VM is unable to obtain an IP address from my network's DHCP. In contrast, when I perform the same steps using Proxmox as the "operational system", I do not encounter this issue.

 

[UdoB]

Please start by giving us some more information, like the copy-n-pasted output of some commands, run on the PVE host:

PVE System information:

• pveversion -v

Basic network information:

• ip address show # currently active IP addresses on one NODE
• ip route show # currently active routing table on one NODE
• cat /etc/network/interfaces #

Problematic VM:

• export VMID=<the_ID_of_the_VM>; qm config ${VMID} # the configuration of that VM

And from inside that VM, Basic network information:

• ip address show # currently active IP addresses
• ip route show # currently active routing table
• cat /etc/network/interfaces

Oh, and please put each command in a separate [CODE]...[/CODE]-block for better readability.

 

[lgjunior]

PVE System information:

root@thinkcentre:~# pveversion -v
proxmox-ve: 8.3.0 (running kernel: 6.8.12-5-pve)
pve-manager: 8.3.2 (running version: 8.3.2/3e76eec21c4a14a7)
proxmox-kernel-helper: 8.1.0
proxmox-kernel-6.8: 6.8.12-5
proxmox-kernel-6.8.12-5-pve-signed: 6.8.12-5
ceph-fuse: 16.2.15+ds-0+deb12u1
corosync: 3.1.7-pve3
criu: 3.17.1-2
glusterfs-client: 10.3-5
ifupdown: residual config
ifupdown2: 3.2.0-1+pmx11
intel-microcode: 3.20240910.1~deb12u1
libjs-extjs: 7.0.0-5
libknet1: 1.28-pve1
libproxmox-acme-perl: 1.5.1
libproxmox-backup-qemu0: 1.4.1
libproxmox-rs-perl: 0.3.4
libpve-access-control: 8.2.0
libpve-apiclient-perl: 3.3.2
libpve-cluster-api-perl: 8.0.10
libpve-cluster-perl: 8.0.10
libpve-common-perl: 8.2.9
libpve-guest-common-perl: 5.1.6
libpve-http-server-perl: 5.1.2
libpve-network-perl: 0.10.0
libpve-rs-perl: 0.9.1
libpve-storage-perl: 8.3.2
libspice-server1: 0.15.1-1
lvm2: 2.03.16-2
lxc-pve: 6.0.0-1
lxcfs: 6.0.0-pve2
novnc-pve: 1.5.0-1
proxmox-backup-client: 3.3.2-1
proxmox-backup-file-restore: 3.3.2-2
proxmox-firewall: 0.6.0
proxmox-kernel-helper: 8.1.0
proxmox-mail-forward: 0.3.1
proxmox-mini-journalreader: 1.4.0
proxmox-offline-mirror-helper: 0.6.7
proxmox-widget-toolkit: 4.3.3
pve-cluster: 8.0.10
pve-container: 5.2.2
pve-docs: 8.3.1
pve-edk2-firmware: not correctly installed
pve-esxi-import-tools: 0.7.2
pve-firewall: 5.1.0
pve-firmware: 3.14-2
pve-ha-manager: 4.0.6
pve-i18n: 3.3.2
pve-qemu-kvm: 9.0.2-4
pve-xtermjs: 5.3.0-3
qemu-server: 8.3.3
smartmontools: 7.3-pve1
spiceterm: 3.3.0
swtpm: 0.8.0+pve1
vncterm: 1.8.0
zfsutils-linux: 2.2.6-pve1

Basic network information:

root@thinkcentre:~# ip address show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host noprefixroute
       valid_lft forever preferred_lft forever
2: enp2s0: <BROADCAST,MULTICAST,DYNAMIC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 98:ee:cb:7a:21:d8 brd ff:ff:ff:ff:ff:ff
    inet 10.10.2.36/24 brd 10.10.2.255 scope global dynamic enp2s0
       valid_lft 4867sec preferred_lft 4867sec
    inet6 fe80::2a2a:4b5a:8ab5:f44f/64 scope link noprefixroute
       valid_lft forever preferred_lft forever
3: wlp1s0: <BROADCAST,MULTICAST,DYNAMIC,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 34:e1:2d:d8:c2:0f brd ff:ff:ff:ff:ff:ff
    inet 10.10.2.229/24 brd 10.10.2.255 scope global dynamic wlp1s0
       valid_lft 5864sec preferred_lft 5864sec
    inet 10.10.2.234/24 brd 10.10.2.255 scope global secondary dynamic noprefixroute wlp1s0
       valid_lft 5911sec preferred_lft 5911sec
    inet6 fe80::45e4:d279:3877:4b48/64 scope link noprefixroute
       valid_lft forever preferred_lft forever
4: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 6a:a7:ae:aa:c0:bb brd ff:ff:ff:ff:ff:ff
    inet6 fe80::949a:96ff:fecc:9a22/64 scope link
       valid_lft forever preferred_lft forever
9: tap102i0: <BROADCAST,MULTICAST,PROMISC,DYNAMIC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master fwbr102i0 state UNKNOWN group default qlen 1000
    link/ether c2:33:95:5d:34:c3 brd ff:ff:ff:ff:ff:ff
    inet 169.254.54.46/16 brd 169.254.255.255 scope global tap102i0
       valid_lft forever preferred_lft forever
10: fwbr102i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 8e:44:24:93:c4:21 brd ff:ff:ff:ff:ff:ff
11: fwpr102p0@fwln102i0: <BROADCAST,MULTICAST,DYNAMIC,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP group default qlen 1000
    link/ether 6a:a7:ae:aa:c0:bb brd ff:ff:ff:ff:ff:ff
    inet 169.254.212.53/16 brd 169.254.255.255 scope global fwpr102p0
       valid_lft forever preferred_lft forever
12: fwln102i0@fwpr102p0: <BROADCAST,MULTICAST,DYNAMIC,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr102i0 state UP group default qlen 1000
    link/ether 8e:44:24:93:c4:21 brd ff:ff:ff:ff:ff:ff
    inet 169.254.78.111/16 brd 169.254.255.255 scope global fwln102i0
       valid_lft forever preferred_lft forever



root@thinkcentre:~# ip route show
0.0.0.0 dev fwln102i0 scope link
0.0.0.0 dev fwpr102p0 scope link
0.0.0.0 dev tap102i0 scope link
default dev fwln102i0 scope link
default dev fwpr102p0 scope link
10.10.2.0/24 dev enp2s0 proto kernel scope link src 10.10.2.36
10.10.2.0/24 dev wlp1s0 proto kernel scope link src 10.10.2.229
10.10.2.0/24 dev enp2s0 proto kernel scope link src 10.10.2.36 metric 100
10.10.2.0/24 dev wlp1s0 proto kernel scope link src 10.10.2.234 metric 600
10.10.2.1 dev wlp1s0 scope link
10.10.2.1 dev enp2s0 scope link
169.254.0.0/16 dev tap102i0 proto kernel scope link src 169.254.54.46
169.254.0.0/16 dev fwpr102p0 proto kernel scope link src 169.254.212.53
169.254.0.0/16 dev fwln102i0 proto kernel scope link src 169.254.78.111



root@thinkcentre:~# cat /etc/network/interfaces
# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!

source /etc/network/interfaces.d/*

auto lo
iface lo inet loopback

auto wlp1s0
iface wlp1s0 inet dhcp

auto enp2s0
iface enp2s0 inet dhcp

auto vmbr0
iface vmbr0 inet manual
        bridge-ports none
        bridge-stp off
        bridge-fd 0

Problematic VM:

root@thinkcentre:~# export VMID=102;  qm config 102
boot: order=virtio0;ide2;net0
cores: 1
cpu: x86-64-v2-AES
ide2: local:iso/fossapup64-9.5.iso,media=cdrom,size=409M
memory: 2048
meta: creation-qemu=9.0.2,ctime=1734711468
name: puppy-linux
net0: virtio=BC:24:11:F0:18:A3,bridge=vmbr0,firewall=1
numa: 0
ostype: l26
scsihw: virtio-scsi-single
smbios1: uuid=485ab796-90a8-4bfe-9841-3ec448e135ce
sockets: 1
virtio0: local:102/vm-102-disk-0.qcow2,iothread=1,size=32G
vmgenid: d7cef5cd-e309-4d5b-8f17-5b0baf7b25a5

And from inside that VM, Basic network information: (NOTE: I created a brand new VM)

 

[UdoB]

Thanks for the valuable information, it helps. Though I am not sure I understand what you are trying to achieve - there are too many details that look wrong to me, but may have an unknown reason. Did you follow a specific tutorial for a special case?

A "normal" configuration from my point of view needs some adjustments:

From your config:

auto wlp1s0
iface wlp1s0 inet dhcp

auto enp2s0
iface enp2s0 inet dhcp

auto vmbr0
iface vmbr0 inet manual
        bridge-ports none

1) what is wlp1s0? WLAN? This has its own pitfalls and is not well (read: not officially / not at all / only with "tricks") supported as a bridge will not work as required --> https://pve.proxmox.com/wiki/WLAN

2) the NIC enp2s0 itself should not get an IP address, it should be "iface enp2s0 inet manual"

3) the bridge vmbr0 has no physical interface. None of the connected VMs can communicate to the outside. This network is 100% isolated. Which again, may be useful in some specific situations - but not in yours - "...a VM using vmbr0 as the network device, the VM is unable to obtain an IP address from my network's DHCP"

Please read https://pve.proxmox.com/wiki/Network_Configuration#_default_configuration_using_a_bridge

Citing the example on that page:

iface eno1 inet manual

auto vmbr0
iface vmbr0 inet static
        address 192.168.10.2/24
        gateway 192.168.10.1
        bridge-ports eno1
        bridge-stp off
        bridge-fd 0

Should lead you to

iface enp2s0 inet manual

auto vmbr0
iface vmbr0 inet static
        address 10.10.2.36/24
        gateway 10.10.2.1  # IF this is your router! Is it???
        bridge-ports enp2s0
        bridge-stp off
        bridge-fd 0

Back to both NICS:

2: enp2s0: <BROADCAST,MULTICAST,DYNAMIC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    inet 10.10.2.36/24 brd 10.10.2.255 scope global dynamic enp2s0
3: wlp1s0: <BROADCAST,MULTICAST,DYNAMIC,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    inet 10.10.2.229/24 brd 10.10.2.255 scope global dynamic wlp1s0
    inet 10.10.2.234/24 brd 10.10.2.255 scope global secondary dynamic noprefixroute wlp1s0

You can not have both NICs (or bridges) in the same IP-network! Having multiple IP addresses in the same network is only acceptable in specific situations, not for a generic beginners usecase.

And this...

169.254.0.0/16 dev tap102i0 proto kernel scope link src 169.254.54.46
169.254.0.0/16 dev fwpr102p0 proto kernel scope link src 169.254.212.53
169.254.0.0/16 dev fwln102i0 proto kernel scope link src 169.254.78.111

...is utilizing "APIPA" (https://en.wikipedia.org/wiki/Apipa) addresses, which pure presence confirms the absence of a working DHCP server. The screenshot confirms this.

Please use the wired connection to learn how this stuff works - just ignore WLAN for the beginning.

A lot to learn

 

[fba]

The created bridge vmbr0 is missing an assigned port. There is no need to assign an ip address to the bridge, but if you leave out the bridge-port, the bridge is connected to a purely virtual network with no connections to the outside. So at least add the line bridge-ports enp2s0 to the vmbr0 configuration.