Traffic does not pass through a specific VLAN tag on a virtual machine

[Liding]

There is a problem when adding a virtual machine to a VLAN.

The situation is as follows:

VLAN 10 is configured on Mikrotik. A DHCP server is also configured for this network.

When adding a VLAN tag to the virtual machine interface, the virtual machine does not receive an address via DHCP. If you make the settings static and enter the address yourself, there is no connection to the default gateway.

At the same time, if I assign another tag to the virtual machine (for example, 555), identical in settings to tag 10, then the virtual machine will receive an address via DHCP and will have a connection.

On Proxmox itself, the eno1np0 interface is configured, to which the vmbr0 bridge is attached. VLAN aware is enabled on vmbr0 and bridge-vids 2-4094 are permitted.

The firewall is disabled on the datacenter and virtual machine.

Based on the tcpdump output, DHCP address requests are sent to MikroTik, and the response comes back to the eno1np0 interface, but does not go to the vmbr0 and tap118i0 interfaces (118 is the ID of my virtual machine).

Below is the output of the tcpdump command for different interfaces.
tcpdump -eni eno1np0 'vlan 10 and (port 67 or port 68)'
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on eno1np0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
15:01:30.801625 bc:24:11:83:7d:3f > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 343: vlan 10, p 0, ethertype IPv4 (0x0800), 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from bc:24:11:83:7d:3f, length 297
15:01:30.806312 48:8f:5a:e4:da:e8 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 346: vlan 10, p 0, ethertype IPv4 (0x0800), 192.168.10.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 300
15:01:32.801657 bc:24:11:83:7d:3f > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 343: vlan 10, p 0, ethertype IPv4 (0x0800), 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from bc:24:11:83:7d:3f, length 297
15:01:33.385065 48:8f:5a:e4:da:e8 > bc:24:11:83:7d:3f, ethertype 802.1Q (0x8100), length 346: vlan 10, p 0, ethertype IPv4 (0x0800), 192.168.10.1.67 > 192.168.10.17.68: BOOTP/DHCP, Reply, length 300
15:01:35.039445 bc:24:11:83:7d:3f > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 343: vlan 10, p 0, ethertype IPv4 (0x0800), 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from bc:24:11:83:7d:3f, length 297
15:01:35.042574 48:8f:5a:e4:da:e8 > bc:24:11:83:7d:3f, ethertype 802.1Q (0x8100), length 346: vlan 10, p 0, ethertype IPv4 (0x0800), 192.168.10.1.67 > 192.168.10.17.68: BOOTP/DHCP, Reply, length 300
15:01:39.965960 bc:24:11:83:7d:3f > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 343: vlan 10, p 0, ethertype IPv4 (0x0800), 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from bc:24:11:83:7d:3f, length 297
15:01:39.969384 48:8f:5a:e4:da:e8 > bc:24:11:83:7d:3f, ethertype 802.1Q (0x8100), length 346: vlan 10, p 0, ethertype IPv4 (0x0800), 192.168.10.1.67 > 192.168.10.17.68: BOOTP/DHCP, Reply, length 300


tcpdump -eni vmbr0 port 67 or port 68
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on vmbr0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
15:01:30.801636 bc:24:11:83:7d:3f > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 343: vlan 10, p 0, ethertype IPv4 (0x0800), 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from bc:24:11:83:7d:3f, length 297
15:01:32.801664 bc:24:11:83:7d:3f > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 343: vlan 10, p 0, ethertype IPv4 (0x0800), 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from bc:24:11:83:7d:3f, length 297
15:01:35.039453 bc:24:11:83:7d:3f > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 343: vlan 10, p 0, ethertype IPv4 (0x0800), 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from bc:24:11:83:7d:3f, length 297
15:01:39.965967 bc:24:11:83:7d:3f > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 343: vlan 10, p 0, ethertype IPv4 (0x0800), 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from bc:24:11:83:7d:3f, length 297
15:01:48.732715 bc:24:11:83:7d:3f > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 343: vlan 10, p 0, ethertype IPv4 (0x0800), 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from bc:24:11:83:7d:3f, length 297
15:02:05.558621 bc:24:11:83:7d:3f > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 343: vlan 10, p 0, ethertype IPv4 (0x0800), 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from bc:24:11:83:7d:3f, length 297
15:02:16.828551 bc:24:11:83:7d:3f > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 343: vlan 10, p 0, ethertype IPv4 (0x0800), 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from bc:24:11:83:7d:3f, length 297
15:02:18.828535 bc:24:11:83:7d:3f > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 343: vlan 10, p 0, ethertype IPv4 (0x0800), 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from bc:24:11:83:7d:3f, length 297
15:02:21.370864 bc:24:11:83:7d:3f > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 343: vlan 10, p 0, ethertype IPv4 (0x0800), 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from bc:24:11:83:7d:3f, length 297


tcpdump -eni tap118i0 'port 67 or port 68'
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on tap118i0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
11:15:15.854742 bc:24:11:83:7d:3f > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 339: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from bc:24:11:83:7d:3f, length 297
11:15:17.854720 bc:24:11:83:7d:3f > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 339: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from bc:24:11:83:7d:3f, length 297
11:15:20.468537 bc:24:11:83:7d:3f > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 339: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from bc:24:11:83:7d:3f, length 297
11:15:25.232607 bc:24:11:83:7d:3f > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 339: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from bc:24:11:83:7d:3f, length 297

This is setup of my network device on virtual machine:

 

[shanreich]

Can you post your current network configuration?

cat /etc/network/interfaces

ip a
ip r

 

[Liding]

Of course!

cat /etc/network/interfaces:

auto lo
iface lo inet loopback

auto eno1np0
iface eno1np0 inet manual

iface ens1f0 inet manual

iface eno2 inet manual

iface eno3 inet manual

iface eno4 inet manual

iface ens1f1 inet manual

iface eno2np1 inet manual

iface eno3np2 inet manual

iface eno4np3 inet manual

auto vmbr0
iface vmbr0 inet static
address 192.168.28.10/24
gateway 192.168.28.4
bridge-ports eno1np0
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094

auto vmbr1
iface vmbr1 inet manual
bridge-ports eno2np1
bridge-stp off
bridge-fd 0

source /etc/network/interfaces.d/*


ip a:


1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever


2: eno1np0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master vmbr0 state UP group default qlen 1000
link/ether a4:be:2b:26:0c:0c brd ff:ff:ff:ff:ff:ff
altname enp26s0f0np0

8: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether a4:be:2b:26:0c:0c brd ff:ff:ff:ff:ff:ff
inet 192.168.28.10/24 scope global vmbr0
valid_lft forever preferred_lft forever
inet6 fe80::a6be:2bff:fe26:c0c/64 scope link
valid_lft forever preferred_lft forever

3029: tap118i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0 state UNKNOWN group default qlen 1000
link/ether 32:59:b7:44:fc:dc brd ff:ff:ff:ff:ff:ff

ip r:

default via 192.168.28.4 dev vmbr0 proto kernel onlink
192.168.28.0/24 dev vmbr0 proto kernel scope link src 192.168.28.10

 

[shanreich]

You said in your initial post that DHCP works for any other VLAN tag? Would you mind posting a tcpdump of that?

can you post the output of the following command as well?

bridge fdb show

If you could post the command output in CODE tags, that would make parsing the output of the commands easier!