SSL connections between VMs is broken after proxmox 8->9 upgrade

Antal Kovács

Active Member
Jul 10, 2018
3
1
43
Hungary
Hi there,

I'm over a weekend upgrade from Proxmox latest 8 to latest 9. Basically everything went smoothly.
However when the VMs started running on the updated proxmox 9 nodes, SSL connections between the VMs did not work in most cases. All other connections worked fine.
While debugging the network traffics it turned out that large packets (3000-4000 bytes) are being sent between the VMs which sometimes gets lost.
Since our network interface and bridge are both set to MTU 9000, the new VMs inherited this setting in the new environment instead of the old value of 1500. After I manually changed the MTU value to 1500 on all VMs the problem is gone.

Network settings:
Code:
auto enp2s0f0np0
iface enp2s0f0np0 inet manual
    mtu 9000
    post-up ip link set enp2s0f0np0 txqueuelen 10000

auto enp2s0f1np1
iface enp2s0f1np1 inet manual
    mtu 9000
    post-up ip link set enp2s0f1np1 txqueuelen 10000

auto bond0
iface bond0 inet manual
    mtu 9000
    bond-slaves enp2s0f0np0 enp2s0f1np1
    bond-miimon 100
    bond-mode 802.3ad
    bond-xmit-hash-policy layer2+3
    post-up ip link set bond0 txqueuelen 10000
#BOND0

auto vmbr0
iface vmbr0 inet manual
    mtu 9000
    bridge-ports bond0
    bridge-stp off
    bridge-fd 0
    bridge-vlan-aware yes
    bridge-vids 2-4094
    post-up ip link set vmbr0 txqueuelen 10000
#BRIDGE0


Unfortunately there is no mention of this change anywhere in the Proxmox 8->9 update documentation. This is worrying because a default setting has changed, the previous default value of which worked fine, but now a new default value has caused problems. I think it would be a good idea to include this change in the upgrade documentation because this can cause problems in all places where MTU is 9000 on the bridge interface and used the VM default network MTU value.

Best regards,
Antal
 
  • Like
Reactions: Onslow