Traffic does not pass between VMs on same node, passes when across nodes

D

deprox

New Member
Jun 11, 2025
1
0
1
I am not getting traffic between 2 VMs on the same vxlan when the VMs are on the same node. When I migrate either VM to another node in my cluster, these work as configured.

I have SDN enabled, and in there SDN > VNets have a VNet science at the cluster level, tag 801. It has isolate ports set, and vlan aware NOT set.

First VM has interface net0: virtio=MAC1,bridge=science,firewall=1
Second VM has interface net1: virtio=MAC2,bridge=science,firewall=1

I manually set an ARP rule for debugging on first VM, otherwise it would just ARP and get no replies. This is also an issue - just was trying to rule out broadcast issues by working around it first.

On the node, I tcpdump on the fwbr/fwln/tap for the first VM, and see the traffic leaving, with the right MAC (the VM's MAC) for the source and destination set. When I tcpdump on the fwbr/fwln/tap for the second VM, I see no traffic.

For debugging, I put a firewall rule on first VM to log all non-explicitly-allowed connections (and accept).
On second VM, I put accepts with logging at the start of the rule chain also on the VM firewall.
I don't see anything in firewall logs (which makes sense: first VM explicitly allows these connections, second VM is not getting the traffic)

The vnet has no firewall configured at the datacenter level under VNet Firewall.
The datacenter firewall has DROP configured for in, out, forward as the default.

I read the following but none appear to be quite it:
U

Thread 'What are fwbrXYZi0 and fwlnXYZi0 and why are their MAC addresses being seen by Hetzner?'

i All,

I have a proxmox 6.4-13 server running in a Hetzner datacenter with Bridged networking (redacted config below).

I currently have 5 VM's running and each VM has a MAC address (in the running OS) starting with 00:50:56. When I do an ifconfig on the host machine, each VM has an fwbrXYZi0 and fwnlXYZi0 entry (where XYZ is the VM ID) with a different and entirely random MAC address. They also have fwprXYZp0 and tapXYZi0 entries each of which has a different random MAC address.

When I reboot this machine, it appears the MAC addresses from at least the fwbr and fwnl entries leak...
A

Thread 'PVE Hosts and VMs on VLANS issue [Solved]'

Hey all,

This might be something dumb i missed while configuring VLANs on the host but here it goes...
I have 5 VLANs on my network (10=PCs, 20=Laptops, 30=Printers, 40=Servers & 50=Management). I have 3 swiches and 3 PVEs on VLAN 40 and all the VMs on the same VLAN 40 inside the hosts since they are servers as well (Domain controller, File Server, etc.). I had the ports on the switch to access but with VLAN 40 and I had not configured the VLAN Aware at the bridge since everything work. Forward to this past week and now I have to create VMs that are not servers with VLAN 10 within the...
V

Thread 'VLAN Issues'

Hello!

I'm having a hard time getting VLANs to work properly on my new Proxmox cluster. Hopefully someone has some suggestions to get this working. In short, it seems that Proxmox isn't properly passing tagged packets to my VMs.

Example VLAN 542 (10.0.42.0/24):

I have a secondary 10GB NIC that's attached to a trunk port on my switch. I have a vlan aware bridge (vmbr1) created for this NIC (enp65s0). Next, I have a Windows 10 VM that is set to use vmbr1 with a vlan tag of 542. The guest OS NIC is configured on IP 10.0.42.8.

There is an IP configured on another router of 10.0.42.1...
 
You must log in or register to reply here.
Top Bottom