SDN configuration isn't working for one host in datacenter

[culor]

Hello, apologies if I miss anything obvious, haven't had to dig this far into things yet and am still finding my way around Proxmox.
I have a datacenter with three hosts. SDN is configured with a really basic setup. No firewalls are active anywhere. Two hosts work fine, all VLANs are accessible for guests. The third is not. The host is otherwise entirely functional; I can migrate VMs on and off it, access works (out of band from the rest of the NICs as well as in-band), I can update it, etc. VMs are unable to communicate to anything, though. Not even other VMs on the same host in the same VLAN. I have Windows and Linux guests, tried all flavors of NICs. If I assign the VM a NIC on the out-of-band management network (not handled by SDN), I am able to communicate as expected. I've confirmed spanning-tree isn't blocking. It's only the 116/120 VLANs, everything else seems to be working (I haven't tried building additional VLANs, as I don't think that's going to really prove anything we can't already see or interpret from looking at configurations).
All of that makes me think it's a switching issue, but I have checked the switches and see nothing wrong or different from the other interfaces. I've also stared at this for way too long, so my hope is that I'm missing something stupid and just need another set of eyes on it. I've attached the config from our switches; they are Dell S5248F, running VLT. Showing config for the ports in question (e1/1/5, po105) as well as a working host (e1/1/3, po103). Host has two NICs, connected to e1/1/5 on each. Port-channel 105/103 aggregates them.

Let me know if I missed anything or if there are any questions I can answer. Appreciate the help.

Contents of /etc/pve/sdn on the host in question are below (this is identical on working hosts):

# cat pve-ipam-state.json
{
    "zones":{
        "zone1":{
            "subnets":{
                "10.128.20.0/23":{
                    "ips":{
                        "10.128.20.10":{
                            "gateway":1
                        }
                    }
                },
                "10.128.16.0/23":{
                    "ips":{
                        "10.128.16.10":{
                            "gateway":1
                        }
                    }
                }
            }
        }
    }
}

# cat subnets.cfg
subnet: zone1-10.128.16.0-23
        vnet vnet116
        gateway 10.128.16.10
subnet: zone1-10.128.20.0-23
        vnet vnet120
        gateway 10.128.20.10

# cat vnets.cfg
vnet: vnet116
        zone zone1
        alias Applications/Guests
        tag 116

vnet: vnet120
        zone zone1
        alias Network Service
        tag 120

vnet: vnet180
        zone zone1
        alias vMotion/vSAN
        tag 180

# cat zones.cfg
vlan: zone1
        bridge sdnbr0
        ipam pve

Interfaces on the host in question:

# ip link show up
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eno8303: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master vmbr0 state UP mode DEFAULT group default qlen 1000
    link/ether c4:cb:e1:a0:bd:24 brd ff:ff:ff:ff:ff:ff
    altname enp99s0f0
6: ens3f0np0: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc mq master bond0 state UP mode DEFAULT group default qlen 1000
    link/ether 00:62:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
    altname enp100s0f0np0
7: ens3f1np1: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc mq master bond0 state UP mode DEFAULT group default qlen 1000
    link/ether 00:62:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff permaddr 00:62:0b:ca:59:41
    altname enp100s0f1np1
9: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue master sdnbr0 state UP mode DEFAULT group default qlen 1000
    link/ether 00:62:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
10: bond0.116@bond0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether 00:62:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
11: bond0.120@bond0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether 00:62:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
12: bond0.180@bond0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether 00:62:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
13: bond0.182@bond0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether 00:62:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
14: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether c4:cb:e1:a0:bd:24 brd ff:ff:ff:ff:ff:ff
15: sdnbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether 00:62:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
16: sdnbr0.116@sdnbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vnet116 state UP mode DEFAULT group default qlen 1000
    link/ether 00:62:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
17: vnet116: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether 00:62:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
    alias Applications/Guests
18: sdnbr0.120@sdnbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vnet120 state UP mode DEFAULT group default qlen 1000
    link/ether 00:62:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
19: vnet120: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether 00:62:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
    alias Network Service
20: sdnbr0.180@sdnbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vnet180 state UP mode DEFAULT group default qlen 1000
    link/ether 00:62:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
21: vnet180: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether 00:62:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
    alias vMotion/vSAN
27: tap102i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vnet120 state UNKNOWN mode DEFAULT group default qlen 1000
    link/ether 12:94:30:f7:9e:b6 brd ff:ff:ff:ff:ff:ff
30: tap106i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vnet116 state UNKNOWN mode DEFAULT group default qlen 1000
    link/ether 6e:64:ea:7b:aa:1b brd ff:ff:ff:ff:ff:ff
31: tap102i1: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vnet116 state UNKNOWN mode DEFAULT group default qlen 1000
    link/ether 12:aa:c2:fc:28:f8 brd ff:ff:ff:ff:ff:ff
39: tap101i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vnet116 state UNKNOWN mode DEFAULT group default qlen 1000
    link/ether f2:6e:ef:cb:ca:3c brd ff:ff:ff:ff:ff:ff

/etc/network/interfaces from the host in question:

# cat /etc/network/interfaces
# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!
auto lo
iface lo inet loopback
iface eno8303 inet manual
iface eno8403 inet manual
iface eno12399np0 inet manual
iface eno12409np1 inet manual
iface idrac inet manual
auto ens3f0np0
iface ens3f0np0 inet manual
auto ens3f1np1
iface ens3f1np1 inet manual
auto bond0
iface bond0 inet manual
        bond-slaves ens3f0np0 ens3f1np1
        bond-miimon 100
        bond-mode 802.3ad
        bond-xmit-hash-policy layer2
auto bond0.116
iface bond0.116 inet manual
auto bond0.120
iface bond0.120 inet manual
auto bond0.180
iface bond0.180 inet manual
auto bond0.182
iface bond0.182 inet static
        address 10.128.80.35/27
auto sdnbr0
iface sdnbr0 inet manual
        bridge-ports bond0
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 2-4094
auto vmbr0
iface vmbr0 inet static
        address 10.128.4.34/25
        gateway 10.128.4.10
        bridge-ports eno8303
        bridge-stp off
        bridge-fd 0
source /etc/network/interfaces.d/*

And the same from a working host:

# cat /etc/network/interfaces
# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!
auto lo
iface lo inet loopback
iface eno8303 inet manual
iface eno8403 inet manual
#Gigabit ethernet 02
iface eno12399np0 inet manual
#Lower 10/25G NIC 01
iface eno12409np1 inet manual
#Lower 10/25G NIC 01
iface idrac inet manual
auto ens3f0np0
iface ens3f0np0 inet manual
        mtu 1532
auto ens3f1np1
iface ens3f1np1 inet manual
        mtu 1532
auto bond0
iface bond0 inet manual
        bond-slaves ens3f0np0 ens3f1np1
        bond-miimon 100
        bond-mode 802.3ad
        bond-xmit-hash-policy layer2
        mtu 1532
auto bond0.116
iface bond0.116 inet manual
auto bond0.120
iface bond0.120 inet manual
auto bond0.180
iface bond0.180 inet manual
auto bond0.182
iface bond0.182 inet static
        address 10.128.80.33/27
auto vmbr0
iface vmbr0 inet static
        address 10.128.4.32/25
        gateway 10.128.4.10
        bridge-ports eno8303
        bridge-stp off
        bridge-fd 0
        mtu 1500
auto sdnbr0
iface sdnbr0 inet manual
        bridge-ports bond0
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 2-4094
source /etc/network/interfaces.d/*

 

[freakingObelix]

I'm having exactly the same issue since a few months ago. It happens every so often.
I'm sure that host switching is not the cause. Some VMs work, some not. It is not OS dependant as it happens to windows and linux machines without distinction. Sometimes happens after a guest reboot.
In that host, guests just stop receiving packets after some time. migrating the guest to another host solves the issue as long as the guest remains in any of the other two hosts.

I did everything I could. Even restored the whole SDN and rebuilt everything. I don't know.

 

[culor]

This is consistent, or at least I haven't seen it not happening since noticing it. This is a new cluster of brand-new Dell R7625 machines. Only thing I can think is that there's something mis-cabled at this point, but I can't find any evidence of that on either the switches or host(s). I did notice that the VMs are in the mac address-table of the switch. No ACLs are in use.

 

[culor]

Created a new bridge containing the VLAN I was trying to bridge to using SDN. Moved the VM to it, everything works fine. Definitely has something to do with SDN, just not sure how to troubleshoot it.

 

[culor]

Still unable to find a resolution to this. Anyone have any thoughts around where I'm going wrong?

 

[freakingObelix]

I will delete and re build the node to see if something human-made (by me, ofc) caused the issue. In my case the setup is identical in all nodes.

I'm pretty sure that @spirit might know something about this. Man, if you are in the mood and with some free time to shine a light on this, you're welcome.

 

[shanreich]

In that case, oftentimes a VLAN defined on the same physical interface that the bridge of the VLAN zone is using is the cause of the issue.

For example, from OP's config:

There is VLAN 116 defined on bond0:

auto bond0.116
iface bond0.116 inet manual

But there's also a vnet with tag 116 on the zone using sdnbr0:

# cat zones.cfg
vlan: zone1
        bridge sdnbr0
        ipam pve

vnet: vnet116
        zone zone1
        alias Applications/Guests
        tag 116

This causes two VLAN interfaces to be created:

10: bond0.116@bond0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
[...]
16: sdnbr0.116@sdnbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vnet116 state UP mode DEFAULT group default qlen 1000
    link/ether 00:62:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff

This can have weird side effects where the bond0.116 interface essentially "blackholes" the traffic for VLAN 116 on bridge sdnbr0. If one wants to configure an IP, then it should be configured on sdnbr0.116 instead of on bond0.116. If the directive is empty, as is the case in OP's example, then it doesn't really serve a purpose and can be omitted altogether.

 

[freakingObelix]

@stanreich I believe that is not my case, as my config is identical (except obviously for ip addresses) in all nodes, very simple 2 phisical interfaces + two bridges (one for each phisical) with no vlans defined on either. Vlans are defined within the SDN (i'm using VLAN SDN). I've been trying to ditch this issue for a while.

Some VMs do work, like just now that there are 4 VMs running with no problems but some other machines do have issues when I migrate them into that problematic node. As soon as they deploy into it, they lose connection.

 

[shanreich]

Please post your network configuration and SDN configuration from the offending node then + the configuration of a VM that isn't working:

grep -r '' /etc/pve/sdn/*.cfg
cat /etc/network/interfaces
cat /etc/network/interfaces.d/sdn

ip a

qm config <vmid>

edit: the same output for a working node would be interesting as well

 

[freakingObelix]

Of course! I will do that in a couple of hours. Thank you for taking this time to review!

 

[freakingObelix]

Working fine:

/etc/pve/sdn/subnets.cfg:subnet: vlanx0-10.40.0.0-16
/etc/pve/sdn/subnets.cfg:       vnet vmpr****
/etc/pve/sdn/subnets.cfg:
/etc/pve/sdn/vnets.cfg:vnet: acre****
/etc/pve/sdn/vnets.cfg: zone vlanx0
/etc/pve/sdn/vnets.cfg: tag 1506
/etc/pve/sdn/vnets.cfg:
/etc/pve/sdn/vnets.cfg:vnet: vmpr****
/etc/pve/sdn/vnets.cfg: zone vlanx0
/etc/pve/sdn/vnets.cfg: tag 1505
/etc/pve/sdn/vnets.cfg:
/etc/pve/sdn/vnets.cfg:vnet: ande****
/etc/pve/sdn/vnets.cfg: zone vlanx0
/etc/pve/sdn/vnets.cfg: tag 1501
/etc/pve/sdn/vnets.cfg:
/etc/pve/sdn/vnets.cfg:vnet: host****
/etc/pve/sdn/vnets.cfg: zone vlanx0
/etc/pve/sdn/vnets.cfg: tag 1503
/etc/pve/sdn/vnets.cfg:
/etc/pve/sdn/vnets.cfg:vnet: ranc****
/etc/pve/sdn/vnets.cfg: zone vlanx0
/etc/pve/sdn/vnets.cfg: tag 1504
/etc/pve/sdn/vnets.cfg:
/etc/pve/sdn/vnets.cfg:vnet: ccac****
/etc/pve/sdn/vnets.cfg: zone vlanx0
/etc/pve/sdn/vnets.cfg: tag 1502
/etc/pve/sdn/vnets.cfg:
/etc/pve/sdn/vnets.cfg:vnet: tesm****
/etc/pve/sdn/vnets.cfg: zone vlanx0
/etc/pve/sdn/vnets.cfg: tag 1507
/etc/pve/sdn/vnets.cfg:
/etc/pve/sdn/zones.cfg:vlan: vlanx0
/etc/pve/sdn/zones.cfg: bridge vmbr1
/etc/pve/sdn/zones.cfg: ipam pve
/etc/pve/sdn/zones.cfg: mtu 1500
/etc/pve/sdn/zones.cfg:
# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!

auto lo
iface lo inet loopback

auto enp2s0f0
iface enp2s0f0 inet manual
        mtu 9000
#Phy Dev 1

auto enp2s0f1
iface enp2s0f1 inet manual
        mtu 9000
#Phy Dev 2

auto vmbr0
iface vmbr0 inet static
        address 16.100.15.33/16
        gateway 16.100.1.2
        bridge-ports enp2s0f0
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 11-1498
        mtu 1504
#Uplinks / OOB - VLAN1

auto vmbr1
iface vmbr1 inet static
        address 10.0.1.1/24
        bridge-ports enp2s0f1
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 1499-3501
        mtu 2300
#802.1q bridge

source /etc/network/interfaces.d/*



#version:143

auto ande****
iface ande****
        bridge_ports vmbr1.1501
        bridge_stp off
        bridge_fd 0
        mtu 1500

auto acre****
iface acre****
        bridge_ports vmbr1.1506
        bridge_stp off
        bridge_fd 0
        mtu 1500

auto ccac****
iface ccac****
        bridge_ports vmbr1.1502
        bridge_stp off
        bridge_fd 0
        mtu 1500

auto host****
iface host****
        bridge_ports vmbr1.1503
        bridge_stp off
        bridge_fd 0
        mtu 1500

auto ranc****
iface ranc****
        bridge_ports vmbr1.1504
        bridge_stp off
        bridge_fd 0
        mtu 1500

auto tesm****
iface tesm****
        bridge_ports vmbr1.1507
        bridge_stp off
        bridge_fd 0
        mtu 1500

auto vmpr****
iface vmpr****
        bridge_ports vmbr1.1505
        bridge_stp off
        bridge_fd 0
        mtu 1500



1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host noprefixroute
       valid_lft forever preferred_lft forever
2: enp2s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc mq master vmbr0 state UP group default qlen 1000
    link/ether 9c:8e:99:31:ca:b0 brd ff:ff:ff:ff:ff:ff
3: enp2s0f1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc mq master vmbr1 state UP group default qlen 1000
    link/ether 9c:8e:99:31:ca:b4 brd ff:ff:ff:ff:ff:ff
4: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1504 qdisc noqueue state UP group default qlen 1000
    link/ether 9c:8e:99:31:ca:b0 brd ff:ff:ff:ff:ff:ff
    inet 16.100.15.33/16 scope global vmbr0
       valid_lft forever preferred_lft forever
    inet6 fe80::9e8e:99ff:fe31:cab0/64 scope link
       valid_lft forever preferred_lft forever
5: vmbr1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 2300 qdisc noqueue state UP group default qlen 1000
    link/ether 9c:8e:99:31:ca:b4 brd ff:ff:ff:ff:ff:ff
    inet 10.0.1.1/24 scope global vmbr1
       valid_lft forever preferred_lft forever
    inet6 fe80::9e8e:99ff:fe31:cab4/64 scope link
       valid_lft forever preferred_lft forever
6: vmbr1.1501@vmbr1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 2300 qdisc noqueue master ande**** state UP group default qlen 1000
    link/ether 9c:8e:99:31:ca:b4 brd ff:ff:ff:ff:ff:ff
7: ande****: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 9c:8e:99:31:ca:b4 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::9e8e:99ff:fe31:cab4/64 scope link
       valid_lft forever preferred_lft forever
8: vmbr1.1506@vmbr1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 2300 qdisc noqueue master acre**** state UP group default qlen 1000
    link/ether 9c:8e:99:31:ca:b4 brd ff:ff:ff:ff:ff:ff
9: acre****: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 9c:8e:99:31:ca:b4 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::9e8e:99ff:fe31:cab4/64 scope link
       valid_lft forever preferred_lft forever
10: vmbr1.1502@vmbr1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 2300 qdisc noqueue master ccac**** state UP group default qlen 1000
    link/ether 9c:8e:99:31:ca:b4 brd ff:ff:ff:ff:ff:ff
11: ccac****: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 9c:8e:99:31:ca:b4 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::9e8e:99ff:fe31:cab4/64 scope link
       valid_lft forever preferred_lft forever
12: vmbr1.1503@vmbr1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 2300 qdisc noqueue master host**** state UP group default qlen 1000
    link/ether 9c:8e:99:31:ca:b4 brd ff:ff:ff:ff:ff:ff
13: host****: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 9c:8e:99:31:ca:b4 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::9e8e:99ff:fe31:cab4/64 scope link
       valid_lft forever preferred_lft forever
14: vmbr1.1504@vmbr1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 2300 qdisc noqueue master ranc**** state UP group default qlen 1000
    link/ether 9c:8e:99:31:ca:b4 brd ff:ff:ff:ff:ff:ff
15: ranc****: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 9c:8e:99:31:ca:b4 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::9e8e:99ff:fe31:cab4/64 scope link
       valid_lft forever preferred_lft forever
16: vmbr1.1507@vmbr1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 2300 qdisc noqueue master tesm**** state UP group default qlen 1000
    link/ether 9c:8e:99:31:ca:b4 brd ff:ff:ff:ff:ff:ff
17: tesm****: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 9c:8e:99:31:ca:b4 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::9e8e:99ff:fe31:cab4/64 scope link
       valid_lft forever preferred_lft forever
18: vmbr1.1505@vmbr1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 2300 qdisc noqueue master vmpr**** state UP group default qlen 1000
    link/ether 9c:8e:99:31:ca:b4 brd ff:ff:ff:ff:ff:ff
19: vmpr****: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 9c:8e:99:31:ca:b4 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::9e8e:99ff:fe31:cab4/64 scope link
       valid_lft forever preferred_lft forever
21: tap134i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1504 qdisc mq master vmbr0 state UNKNOWN group default qlen 1000
    link/ether f6:08:15:72:37:ae brd ff:ff:ff:ff:ff:ff
22: tap130i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1504 qdisc mq master vmbr0 state UNKNOWN group default qlen 1000
    link/ether 6e:f1:5a:1a:7e:68 brd ff:ff:ff:ff:ff:ff
23: tap116i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ande**** state UNKNOWN group default qlen 1000
    link/ether da:4c:f8:ae:21:37 brd ff:ff:ff:ff:ff:ff
24: tap120i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1504 qdisc mq master vmbr0 state UNKNOWN group default qlen 1000
    link/ether e6:91:68:1e:11:48 brd ff:ff:ff:ff:ff:ff
25: tap132i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ranc**** state UNKNOWN group default qlen 1000
    link/ether f2:b7:90:2f:9e:13 brd ff:ff:ff:ff:ff:ff
26: tap137i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc mq master tesm**** state UNKNOWN group default qlen 1000
    link/ether 22:de:15:ab:3b:d4 brd ff:ff:ff:ff:ff:ff
27: tap131i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc mq master ccac**** state UNKNOWN group default qlen 1000
    link/ether 96:19:d5:97:93:52 brd ff:ff:ff:ff:ff:ff
28: tap130i1: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc mq master ccac**** state UNKNOWN group default qlen 1000
    link/ether 6e:1f:9d:7e:15:f6 brd ff:ff:ff:ff:ff:ff
29: tap120i1: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc mq master host**** state UNKNOWN group default qlen 1000
    link/ether 5e:87:72:ca:54:09 brd ff:ff:ff:ff:ff:ff
30: tap137i1: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc mq master tesm**** state UNKNOWN group default qlen 1000
    link/ether 6e:c7:08:59:1e:38 brd ff:ff:ff:ff:ff:ff
31: tap130i2: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1504 qdisc mq master vmbr0 state UNKNOWN group default qlen 1000
    link/ether c2:8e:03:eb:1c:76 brd ff:ff:ff:ff:ff:ff
32: tap120i2: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1504 qdisc pfifo_fast master vmbr0 state UNKNOWN group default qlen 1000
    link/ether 66:e3:aa:f6:90:cf brd ff:ff:ff:ff:ff:ff
33: tap139i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master tesm**** state UNKNOWN group default qlen 1000
    link/ether 3a:db:cd:36:fd:e9 brd ff:ff:ff:ff:ff:ff
38: tap123i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc mq master host**** state UNKNOWN group default qlen 1000
    link/ether ee:ca:68:6a:f3:7c brd ff:ff:ff:ff:ff:ff
39: tap129i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc htb master vmpr**** state UNKNOWN group default qlen 1000
    link/ether 86:e6:5a:0f:cb:b7 brd ff:ff:ff:ff:ff:ff
51: tap141i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmpr**** state UNKNOWN group default qlen 1000
    link/ether ae:d7:af:13:cb:24 brd ff:ff:ff:ff:ff:ff



agent: 1
balloon: 0
boot: order=sata0;ide2;net0
cores: 4
cpu: Westmere
ide2: none,media=cdrom
machine: pc-i440fx-9.0
memory: 12300
meta: creation-qemu=9.0.2,ctime=1741724415
name: lq****-vm****t1
net0: virtio=BC:24:11:17:E6:2F,bridge=vmpr****,firewall=1
numa: 0
onboot: 1
ostype: win10
protection: 1
sata0: vmdisks-shared0-lvm:vm-141-disk-0,discard=on,size=150G,ssd=1
scsihw: virtio-scsi-single
smbios1: uuid=c8a72f37-e75b-4e1e-924a-05942ba38a78
sockets: 2
tags:
vmgenid: 6b30997f-d18f-4e05-9f58-297f8779959b

 

[freakingObelix]

Not working:

/etc/pve/sdn/subnets.cfg:subnet: vlanx0-10.40.0.0-16
/etc/pve/sdn/subnets.cfg:       vnet vmpr****
/etc/pve/sdn/subnets.cfg:
/etc/pve/sdn/vnets.cfg:vnet: acre****
/etc/pve/sdn/vnets.cfg: zone vlanx0
/etc/pve/sdn/vnets.cfg: tag 1506
/etc/pve/sdn/vnets.cfg:
/etc/pve/sdn/vnets.cfg:vnet: vmpr****
/etc/pve/sdn/vnets.cfg: zone vlanx0
/etc/pve/sdn/vnets.cfg: tag 1505
/etc/pve/sdn/vnets.cfg:
/etc/pve/sdn/vnets.cfg:vnet: ande****
/etc/pve/sdn/vnets.cfg: zone vlanx0
/etc/pve/sdn/vnets.cfg: tag 1501
/etc/pve/sdn/vnets.cfg:
/etc/pve/sdn/vnets.cfg:vnet: host****
/etc/pve/sdn/vnets.cfg: zone vlanx0
/etc/pve/sdn/vnets.cfg: tag 1503
/etc/pve/sdn/vnets.cfg:
/etc/pve/sdn/vnets.cfg:vnet: ranc****
/etc/pve/sdn/vnets.cfg: zone vlanx0
/etc/pve/sdn/vnets.cfg: tag 1504
/etc/pve/sdn/vnets.cfg:
/etc/pve/sdn/vnets.cfg:vnet: ccac****
/etc/pve/sdn/vnets.cfg: zone vlanx0
/etc/pve/sdn/vnets.cfg: tag 1502
/etc/pve/sdn/vnets.cfg:
/etc/pve/sdn/vnets.cfg:vnet: tesm****
/etc/pve/sdn/vnets.cfg: zone vlanx0
/etc/pve/sdn/vnets.cfg: tag 1507
/etc/pve/sdn/vnets.cfg:
/etc/pve/sdn/zones.cfg:vlan: vlanx0
/etc/pve/sdn/zones.cfg: bridge vmbr1
/etc/pve/sdn/zones.cfg: ipam pve
/etc/pve/sdn/zones.cfg: mtu 1500
/etc/pve/sdn/zones.cfg:



# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!

auto lo
iface lo inet loopback

auto enp2s0f0
iface enp2s0f0 inet manual
        mtu 9000
#Phy Dev 1

auto enp2s0f1
iface enp2s0f1 inet manual
        mtu 9000
#Phy Dev 2

auto vmbr0
iface vmbr0 inet static
        address 16.100.15.35/16
        gateway 16.100.1.2
        bridge-ports enp2s0f0
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 11-1498
        mtu 1504
#Uplinks / OOB - VLAN1

auto vmbr1
iface vmbr1 inet static
        address 10.0.1.3/24
        bridge-ports enp2s0f1
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 1499-3501
        mtu 2300
#802.1q bridge

source /etc/network/interfaces.d/*


#version:143

auto ande****
iface ande****
        bridge_ports vmbr1.1501
        bridge_stp off
        bridge_fd 0
        mtu 1500

auto acre****
iface acre****
        bridge_ports vmbr1.1506
        bridge_stp off
        bridge_fd 0
        mtu 1500

auto ccac****
iface ccac****
        bridge_ports vmbr1.1502
        bridge_stp off
        bridge_fd 0
        mtu 1500

auto host****
iface host****
        bridge_ports vmbr1.1503
        bridge_stp off
        bridge_fd 0
        mtu 1500

auto ranc****
iface ranc****
        bridge_ports vmbr1.1504
        bridge_stp off
        bridge_fd 0
        mtu 1500

auto tesm****
iface tesm****
        bridge_ports vmbr1.1507
        bridge_stp off
        bridge_fd 0
        mtu 1500

auto vmpr****
iface vmpr****
        bridge_ports vmbr1.1505
        bridge_stp off
        bridge_fd 0
        mtu 1500




1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host noprefixroute
       valid_lft forever preferred_lft forever
2: enp2s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc mq master vmbr0 state UP group default qlen 1000
    link/ether 10:1f:74:33:a7:70 brd ff:ff:ff:ff:ff:ff
3: enp2s0f1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc mq master vmbr1 state UP group default qlen 1000
    link/ether 10:1f:74:33:a7:74 brd ff:ff:ff:ff:ff:ff
4: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1504 qdisc noqueue state UP group default qlen 1000
    link/ether 10:1f:74:33:a7:70 brd ff:ff:ff:ff:ff:ff
    inet 16.100.15.35/16 scope global vmbr0
       valid_lft forever preferred_lft forever
    inet6 fe80::121f:74ff:fe33:a770/64 scope link
       valid_lft forever preferred_lft forever
5: vmbr1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 2300 qdisc noqueue state UP group default qlen 1000
    link/ether 10:1f:74:33:a7:74 brd ff:ff:ff:ff:ff:ff
    inet 10.0.1.3/24 scope global vmbr1
       valid_lft forever preferred_lft forever
    inet6 fe80::121f:74ff:fe33:a774/64 scope link
       valid_lft forever preferred_lft forever
6: vmbr1.1501@vmbr1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 2300 qdisc noqueue master ande**** state UP group default qlen 1000
    link/ether 10:1f:74:33:a7:74 brd ff:ff:ff:ff:ff:ff
7: ande****: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 10:1f:74:33:a7:74 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::121f:74ff:fe33:a774/64 scope link
       valid_lft forever preferred_lft forever
8: vmbr1.1506@vmbr1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 2300 qdisc noqueue master acre**** state UP group default qlen 1000
    link/ether 10:1f:74:33:a7:74 brd ff:ff:ff:ff:ff:ff
9: acre****: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 10:1f:74:33:a7:74 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::121f:74ff:fe33:a774/64 scope link
       valid_lft forever preferred_lft forever
10: vmbr1.1502@vmbr1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 2300 qdisc noqueue master ccac**** state UP group default qlen 1000
    link/ether 10:1f:74:33:a7:74 brd ff:ff:ff:ff:ff:ff
11: ccac****: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 10:1f:74:33:a7:74 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::121f:74ff:fe33:a774/64 scope link
       valid_lft forever preferred_lft forever
12: vmbr1.1503@vmbr1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 2300 qdisc noqueue master host**** state UP group default qlen 1000
    link/ether 10:1f:74:33:a7:74 brd ff:ff:ff:ff:ff:ff
13: host****: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 10:1f:74:33:a7:74 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::121f:74ff:fe33:a774/64 scope link
       valid_lft forever preferred_lft forever
14: vmbr1.1504@vmbr1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 2300 qdisc noqueue master ranc**** state UP group default qlen 1000
    link/ether 10:1f:74:33:a7:74 brd ff:ff:ff:ff:ff:ff
15: ranc****: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 10:1f:74:33:a7:74 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::121f:74ff:fe33:a774/64 scope link
       valid_lft forever preferred_lft forever
16: vmbr1.1507@vmbr1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 2300 qdisc noqueue master tesm**** state UP group default qlen 1000
    link/ether 10:1f:74:33:a7:74 brd ff:ff:ff:ff:ff:ff
17: tesm****: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 10:1f:74:33:a7:74 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::121f:74ff:fe33:a774/64 scope link
       valid_lft forever preferred_lft forever
18: vmbr1.1505@vmbr1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 2300 qdisc noqueue master vmpr**** state UP group default qlen 1000
    link/ether 10:1f:74:33:a7:74 brd ff:ff:ff:ff:ff:ff
19: vmpr****: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 10:1f:74:33:a7:74 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::121f:74ff:fe33:a774/64 scope link
       valid_lft forever preferred_lft forever
22: tap135i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1504 qdisc mq master vmbr0 state UNKNOWN group default qlen 1000
    link/ether 62:aa:e5:01:81:f9 brd ff:ff:ff:ff:ff:ff
23: tap138i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc mq master tesm**** state UNKNOWN group default qlen 1000
    link/ether 56:99:d2:7c:ee:98 brd ff:ff:ff:ff:ff:ff
24: tap141i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmpr**** state UNKNOWN group default qlen 1000
    link/ether 1e:8a:4d:d9:d9:81 brd ff:ff:ff:ff:ff:ff
25: tap111i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc mq master vmpr**** state UNKNOWN group default qlen 1000
    link/ether ba:15:0a:da:00:3e brd ff:ff:ff:ff:ff:ff



agent: 1
balloon: 0
boot: order=sata0;ide2;net0
cores: 4
cpu: Westmere
ide2: none,media=cdrom
machine: pc-i440fx-9.0
memory: 12300
meta: creation-qemu=9.0.2,ctime=1741724415
name: lq****-vm****t1
net0: virtio=BC:24:11:17:E6:2F,bridge=vmpr****,firewall=1
numa: 0
onboot: 1
ostype: win10
protection: 1
sata0: vmdisks-shared0-lvm:vm-141-disk-0,discard=on,size=150G,ssd=1
scsihw: virtio-scsi-single
smbios1: uuid=c8a72f37-e75b-4e1e-924a-05942ba38a78
sockets: 2
tags:
vmgenid: 6b30997f-d18f-4e05-9f58-297f8779959b

 

[shanreich]

Hm, the generated network configuration on both nodes seems identical - are you sure there's not something sketchy going on with MTU?
Are you using the nftables firewall? Have you checked the firewall rules?

 

[freakingObelix]

Hey, first of all thank you for answering back and taking the time to check this out with me.
I tried many things among checking the firewall. I do use nftables, tried a completely open firewall, some day a month ago passively captured traffic to check for MTU problems (known by my, ofc) and no. Nothing. I suspect there has to be something relative to the installation of that node. I will reinstall it this weekend.