As the title says.
I currently have 2 working network devices going to a VM (ID 101):
net0 on vmbr0, vlan 20 -- the main link, works fine
net1 on vmbr1 -- private link between VMs, works fine
My problem comes when I create the next link:
net2 on vmbr0, vlan 30 -- I can set the ip address (10.30.1.252/29) within the guest, and it can ping itself fine
On the Proxmox host, I have the two link devices connecting the guest to the bridge:
# ip link show up |grep vmbr0
45: fwpr101p0@fwln101i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP mode DEFAULT group default qlen 1000
69: fwpr101p2@fwln101i2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP mode DEFAULT group default qlen 1000
When I run a ping from the gateway (10.30.1.254), I can see the following on the Proxmox host:
# tcpdump host 10.30.1.252
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on enp3s0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
11:29:34.761217 ARP, Request who-has 10.30.1.252 tell 10.30.1.254, length 42
I have several other VLANs (10,15,20,50) which are configured on the guests, these work fine. I'm certain that VLAN 30 is configured properly on the switch, as I can also see the following traffic on the Proxmox host's physical interface:
# tcpdump -n -e |grep "vlan 30"
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on enp3s0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
12:30:20.288654 10:62:e5:13:2c:6b > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 60: vlan 30, p 0, ethertype ARP (0x0806), Request who-has 10.30.1.252 tell 10.30.1.254, length 42
So I can see the traffic hitting the host, but nothing seems to reach the VM. I've tried with the firewall disabled, and tried setting INPUT to accept by default. I've always had a default ping rule to allow either way.
As a test, I've just cloned a single guest, set it up with vlan30, and I'm seeing the same behaviour. So my theory that it breaks when I connect a 2nd link to vmbr0 on a single guest is blown.
I have a separate physical host on the same /29 subnet, on the same physical switch, which can communicate with the gateway and another IP on the /29 just fine.
I'm kinda stumped here, and not sure how to diagnose the issue further.
Any help would be fantastic!
I currently have 2 working network devices going to a VM (ID 101):
net0 on vmbr0, vlan 20 -- the main link, works fine
net1 on vmbr1 -- private link between VMs, works fine
My problem comes when I create the next link:
net2 on vmbr0, vlan 30 -- I can set the ip address (10.30.1.252/29) within the guest, and it can ping itself fine
On the Proxmox host, I have the two link devices connecting the guest to the bridge:
# ip link show up |grep vmbr0
45: fwpr101p0@fwln101i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP mode DEFAULT group default qlen 1000
69: fwpr101p2@fwln101i2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP mode DEFAULT group default qlen 1000
When I run a ping from the gateway (10.30.1.254), I can see the following on the Proxmox host:
# tcpdump host 10.30.1.252
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on enp3s0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
11:29:34.761217 ARP, Request who-has 10.30.1.252 tell 10.30.1.254, length 42
I have several other VLANs (10,15,20,50) which are configured on the guests, these work fine. I'm certain that VLAN 30 is configured properly on the switch, as I can also see the following traffic on the Proxmox host's physical interface:
# tcpdump -n -e |grep "vlan 30"
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on enp3s0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
12:30:20.288654 10:62:e5:13:2c:6b > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 60: vlan 30, p 0, ethertype ARP (0x0806), Request who-has 10.30.1.252 tell 10.30.1.254, length 42
So I can see the traffic hitting the host, but nothing seems to reach the VM. I've tried with the firewall disabled, and tried setting INPUT to accept by default. I've always had a default ping rule to allow either way.
As a test, I've just cloned a single guest, set it up with vlan30, and I'm seeing the same behaviour. So my theory that it breaks when I connect a 2nd link to vmbr0 on a single guest is blown.
I have a separate physical host on the same /29 subnet, on the same physical switch, which can communicate with the gateway and another IP on the /29 just fine.
I'm kinda stumped here, and not sure how to diagnose the issue further.
Any help would be fantastic!