Resolved - Challenging networking problem

K

kbrault

Renowned Member
May 14, 2012
40
0
71
Resolved ..... Hardware NIC is Intel 82546EB. Proxmox uses the e1000 driver. Changing the driver from virtio to e1000 in the guest configuration fixed the problem.


Hello everyone,

I set up a new Proxmox server and installed Router/Gateway/DHCP server (ClearOS) as a VM. My idea is to only allow internet traffic through the gateway server and keep everyting else on the other side (including Proxmox access).

My configuration is such:

Internet---eth0---vmbr0---ClearOs external (virtio 10.1.1.201 [dynamic IP])---ClearOS internal (virtio 192.168.11.1)---vmbr1 (192.168.11.2)---eth1---internal network


My problem is that the Promox server itself and the Windows VM (virtio to vmbr1) also on the same server cannot connect with the internet correctly.

DNS works correctly. Both can resolve names on the internet. Ping works correctly. Both can ping names on the internet. But on Proxmox traceroute returns *** after the hop to the external router (10.1.1.1). The windows VM does reslove tracert but times outs on web page requests.

Code: 
# ping sgi.com
PING sgi.com (192.48.178.134) 56(84) bytes of data.
64 bytes from [URL="http://www.sgi.com"]www.sgi.com[/URL] (192.48.178.134): icmp_req=1 ttl=50 time=80.5 ms
64 bytes from [URL="http://www.sgi.com"]www.sgi.com[/URL] (192.48.178.134): icmp_req=2 ttl=50 time=86.1 ms

# traceroute sgi.com
traceroute to sgi.com (192.48.178.134), 30 hops max, 60 byte packets
 1  system.clearos.lan (192.168.11.1)  0.118 ms  0.105 ms  0.102 ms
 2  10.1.1.1 (10.1.1.1)  3.006 ms  4.898 ms  5.493 ms
 3  * * *
 4  * * *

Here is my network setup:

Code: 
# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:25:22:ca:4a:3c
          inet6 addr: fe80::225:22ff:feca:4a3c/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:5350 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1295 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1737781 (1.6 MiB)  TX bytes:127993 (124.9 KiB)
          Interrupt:31 Base address:0x6000
eth1      Link encap:Ethernet  HWaddr 00:02:a5:4e:c9:9a
          inet6 addr: fe80::202:a5ff:fe4e:c99a/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:7437 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8784 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1471107 (1.4 MiB)  TX bytes:2930428 (2.7 MiB)
lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:11667 errors:0 dropped:0 overruns:0 frame:0
          TX packets:11667 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1929445 (1.8 MiB)  TX bytes:1929445 (1.8 MiB)
tap100i0  Link encap:Ethernet  HWaddr f6:f0:30:c1:cf:f3
          inet6 addr: fe80::f4f0:30ff:fec1:cff3/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:1209 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3565 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500
          RX bytes:122269 (119.4 KiB)  TX bytes:1109460 (1.0 MiB)
tap100i1  Link encap:Ethernet  HWaddr ea:6c:de:5a:c8:f2
          inet6 addr: fe80::e86c:deff:fe5a:c8f2/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:1202 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1313 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500
          RX bytes:895214 (874.2 KiB)  TX bytes:142473 (139.1 KiB)
venet0    Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet6 addr: fe80::1/128 Scope:Link
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:3 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
vmbr0     Link encap:Ethernet  HWaddr 00:25:22:ca:4a:3c
          inet6 addr: fe80::225:22ff:feca:4a3c/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2175 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:153668 (150.0 KiB)  TX bytes:468 (468.0 B)
vmbr1     Link encap:Ethernet  HWaddr 00:02:a5:4e:c9:9a
          inet addr:192.168.11.2  Bcast:192.168.11.255  Mask:255.255.255.0
          inet6 addr: fe80::202:a5ff:fe4e:c99a/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:7171 errors:0 dropped:0 overruns:0 frame:0
          TX packets:7733 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1329404 (1.2 MiB)  TX bytes:2070726 (1.9 MiB)

Here is my interfaces file:

Code: 
cat interfaces
# network interface settings
auto lo
iface lo inet loopback
iface eth2 inet manual
iface eth1 inet manual
iface eth0 inet manual
auto vmbr0
iface vmbr0 inet manual
        bridge_ports eth0
        bridge_stp off
        bridge_fd 0
auto vmbr1
iface vmbr1 inet static
        address  192.168.11.2
        netmask  255.255.255.0
        gateway  192.168.11.1
        bridge_ports eth1
        bridge_stp off
        bridge_fd 0

I did a virtualization install on a Centos server and got the same results.

Any help woudl be greatly appreciated.

Thank you in advance.

Kevin
 
Last edited:
Re: Challenging networking problem

Hi,
two things.
1. It's looks, that your firewall/routing-VM block some kind of traffic??

2. for enhancements (more pve-nodes as a cluster) it's better you switch your bridges - vmbr0 for the internal net and vmbr1 for the external (cluster communication are running on vmbr0).

Udo
 
Re: Challenging networking problem

Thanks for the quick response Udo.

1. Firewall is not turned on ... yet. And one more piece of info I forgot. Other network clients physcally connected to eth1 work just fine. No issues. So the problem is only with Proxmox itself and the other VM on Proxmox (connected to vmbr1 along wth the ClearOS VM).

2. I think I did try this but will give it another shot.

3. I do not know where the "tap" interfaces came from. Could they be a problem?

4. What about creating another vmbr(2) for the Windows VM and bridge it to eth1 along with vmbr1?

5. What about configuring a virtual network connected to eth1, vmbr1 and vmbr2? How would I do this?

Any other ideas would be appreciated.

Thank you,

Kevin
 
Re: Challenging networking problem

Strange. Have similar setup with proxmox eth0 on WAN; bridged to vmbr0=>Vyatta VM=>vmbr1 on proxmox=>bridged to eth1.

Client VMs on vmbr1, works ok.

Extract /etc/network/interfaces:
# network interface settings
auto lo
iface lo inet loopback

iface eth0 inet manual

auto eth1
iface eth1 inet manual

auto vmbr0
iface vmbr0 inet manual
bridge_ports eth0
bridge_stp off
bridge_fd 0

auto vmbr1
iface vmbr1 inet static
address 192.168.x.2
netmask 255.255.255.0
gateway 192.168.x.1
bridge_ports eth1
bridge_stp off
bridge_fd 0
Click to expand...
 
Re: Challenging networking problem

Hi JimBeam (why am I suddenly thirsty?), your addresss and gateway have an "x" in them. Is that literally how they are or are you masking them for this post?

Tonight I will change my network scripts so the fast NIC comes up as eth0 and try this again.

Thanks,

Kevin
 
Re: Challenging networking problem

kbrault said:
Thanks for the quick response Udo.

1. Firewall is not turned on ... yet. And one more piece of info I forgot. Other network clients physcally connected to eth1 work just fine. No issues. So the problem is only with Proxmox itself and the other VM on Proxmox (connected to vmbr1 along wth the ClearOS VM).

2. I think I did try this but will give it another shot.

3. I do not know where the "tap" interfaces came from. Could they be a problem?
Click to expand...
Hi,
the tap - interfaces are the virtual interfaces of VMs to an bridge.
4. What about creating another vmbr(2) for the Windows VM and bridge it to eth1 along with vmbr1?

5. What about configuring a virtual network connected to eth1, vmbr1 and vmbr2? How would I do this?
Click to expand...
You can assign an device only to one bridge!

Have you configured any proxy for the pve-host?

Udo
 
Re: Challenging networking problem

Hi Udo,

udo said:
Have you configured any proxy for the pve-host?
Udo
Click to expand...

I have not configured any proxy on the host nore the guest. The gateway quest is not running in proxy mode yet but will have to be later. I was planning on having the proxmox host bypass the proxy in the gateway VM server settings.

Thanks,

Kevin
 
Re: Challenging networking problem

Hi Kevin,

kbrault said:
Hi JimBeam (why am I suddenly thirsty?), your addresss and gateway have an "x" in them. Is that literally how they are or are you masking them for this post?
Click to expand...
Cheers ;)

I masked them.
Good luck!
 
Re: Challenging networking problem

Resolved .... this was a tough one. I confirmed this on a Proxmox host and a Centos host.

The hardware NIC is an Intel 82546EB. Promox uses the e1000 driver for it. The Centos guest was configured with a virtio driver. When I switch to the e1000 guest driver all worked well.

I benchmarked the 82546EB NIC with e1000 guest driver verses a Realtech NIC with virtio guest driver and both performed about the same. The Realtech/virtio combination used about 25% less host CPU cycles though.

Kevin
 
Re: Challenging networking problem

kbrault said:
Resolved .... this was a tough one. I confirmed this on a Proxmox host and a Centos host.

The hardware NIC is an Intel 82546EB. Promox uses the e1000 driver for it. The Centos guest was configured with a virtio driver. When I switch to the e1000 guest driver all worked well.

I benchmarked the 82546EB NIC with e1000 guest driver verses a Realtech NIC with virtio guest driver and both performed about the same. The Realtech/virtio combination used about 25% less host CPU cycles though.

Kevin
Click to expand...
Hi Kevin,
strange - the VM nic (driver) has nothing to do with the real driver (should be)...

Udo
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back