VM/LXC no network traffic and DHCP issue on Proxmox 9

[youseenothing]

Having an issue with VMs and LXCs not being able to get onto the network (outside cluster) or get DHCP over a bridge, either directly on the bridge or through SDN VNet. Initially, the firewall was disabled. I enabled it (proxmox-firewall) and added rules for DHCP, but this has not changed the behavior at all. Either way, disabled or enabled with rules, it still fails to get DHCP. I also set the default input policy to ACCEPT. Another thing, assigning a static IP doesn't fix it either. This was all working until two days ago. No changes have been made to the Proxmox hosts other than what was stated, and the network has been unchanged for months. Here is some information I gathered during troubleshooting:

tcpdump on bridge (vmbr0), DHCP request seen:

tcpdump -i vmbr0 port 67 or port 68 -vv
tcpdump: listening on vmbr0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
21:56:12.447408 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 312)
    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from bc:24:11:76:1f:97 (oui Unknown), length 284, xid 0x63c95641, secs 1, Flags [none] (0x0000)
      Client-Ethernet-Address bc:24:11:76:1f:97 (oui Unknown)
      Vendor-rfc1048 Extensions
        Magic Cookie 0x63825363
        DHCP-Message (53), length 1: Discover
        Client-ID (61), length 7: ether bc:24:11:76:1f:97
        Parameter-Request (55), length 17:
          Subnet-Mask (1), Time-Zone (2), Domain-Name-Server (6), Hostname (12)
          Domain-Name (15), MTU (26), BR (28), Classless-Static-Route (121)
          Default-Gateway (3), Static-Route (33), YD (40), YS (41)
          NTP (42), Unknown (119), Classless-Static-Route-Microsoft (249), Unknown (252)
          RP (17)
        MSZ (57), length 2: 576
        Hostname (12), length 6: "rhel-1"
21:56:15.095691 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 312)
    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from bc:24:11:76:1f:97 (oui Unknown), length 284, xid 0x1738b82, secs 2, Flags [none] (0x0000)
      Client-Ethernet-Address bc:24:11:76:1f:97 (oui Unknown)
      Vendor-rfc1048 Extensions
        Magic Cookie 0x63825363
        DHCP-Message (53), length 1: Discover
        Client-ID (61), length 7: ether bc:24:11:76:1f:97
        Parameter-Request (55), length 17:
          Subnet-Mask (1), Time-Zone (2), Domain-Name-Server (6), Hostname (12)
          Domain-Name (15), MTU (26), BR (28), Classless-Static-Route (121)
          Default-Gateway (3), Static-Route (33), YD (40), YS (41)
          NTP (42), Unknown (119), Classless-Static-Route-Microsoft (249), Unknown (252)
          RP (17)
        MSZ (57), length 2: 576
        Hostname (12), length 6: "rhel-1"
21:56:19.479876 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 312)
    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from bc:24:11:76:1f:97 (oui Unknown), length 284, xid 0x8b2562ea, secs 7, Flags [none] (0x0000)
      Client-Ethernet-Address bc:24:11:76:1f:97 (oui Unknown)
      Vendor-rfc1048 Extensions
        Magic Cookie 0x63825363
        DHCP-Message (53), length 1: Discover
        Client-ID (61), length 7: ether bc:24:11:76:1f:97
        Parameter-Request (55), length 17:
          Subnet-Mask (1), Time-Zone (2), Domain-Name-Server (6), Hostname (12)
          Domain-Name (15), MTU (26), BR (28), Classless-Static-Route (121)
          Default-Gateway (3), Static-Route (33), YD (40), YS (41)
          NTP (42), Unknown (119), Classless-Static-Route-Microsoft (249), Unknown (252)
          RP (17)
        MSZ (57), length 2: 576
        Hostname (12), length 6: "rhel-1"
21:56:27.624224 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 312)
    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from bc:24:11:76:1f:97 (oui Unknown), length 284, xid 0xadeead38, secs 15, Flags [none] (0x0000)
      Client-Ethernet-Address bc:24:11:76:1f:97 (oui Unknown)
      Vendor-rfc1048 Extensions
        Magic Cookie 0x63825363
        DHCP-Message (53), length 1: Discover
        Client-ID (61), length 7: ether bc:24:11:76:1f:97
        Parameter-Request (55), length 17:
          Subnet-Mask (1), Time-Zone (2), Domain-Name-Server (6), Hostname (12)
          Domain-Name (15), MTU (26), BR (28), Classless-Static-Route (121)
          Default-Gateway (3), Static-Route (33), YD (40), YS (41)
          NTP (42), Unknown (119), Classless-Static-Route-Microsoft (249), Unknown (252)
          RP (17)
        MSZ (57), length 2: 576
        Hostname (12), length 6: "rhel-1"
21:56:44.604723 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 312)
    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from bc:24:11:76:1f:97 (oui Unknown), length 284, xid 0x77d2d682, secs 32, Flags [none] (0x0000)
      Client-Ethernet-Address bc:24:11:76:1f:97 (oui Unknown)
      Vendor-rfc1048 Extensions
        Magic Cookie 0x63825363
        DHCP-Message (53), length 1: Discover
        Client-ID (61), length 7: ether bc:24:11:76:1f:97
        Parameter-Request (55), length 17:
          Subnet-Mask (1), Time-Zone (2), Domain-Name-Server (6), Hostname (12)
          Domain-Name (15), MTU (26), BR (28), Classless-Static-Route (121)
          Default-Gateway (3), Static-Route (33), YD (40), YS (41)
          NTP (42), Unknown (119), Classless-Static-Route-Microsoft (249), Unknown (252)
          RP (17)
        MSZ (57), length 2: 576
        Hostname (12), length 6: "rhel-1"
21:56:46.565679 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from bc:24:11:4d:53:e6 (oui Unknown), length 300, xid 0x28ca236f, Flags [none] (0x0000)
      Client-Ethernet-Address bc:24:11:4d:53:e6 (oui Unknown)
      Vendor-rfc1048 Extensions
        Magic Cookie 0x63825363
        DHCP-Message (53), length 1: Discover
        Hostname (12), length 11: "cloudflared"
        Parameter-Request (55), length 13:
          Subnet-Mask (1), BR (28), Time-Zone (2), Default-Gateway (3)
          Domain-Name (15), Domain-Name-Server (6), Unknown (119), Hostname (12)
          Netbios-Name-Server (44), Netbios-Scope (47), MTU (26), Classless-Static-Route (121)
          NTP (42)
        Client-ID (61), length 19: hardware-type 255, 11:4d:53:e6:00:01:00:01:2f:67:31:d0:bc:24:11:4d:53:e6
21:56:54.849391 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from bc:24:11:4d:53:e6 (oui Unknown), length 300, xid 0x28ca236f, secs 8, Flags [none] (0x0000)
      Client-Ethernet-Address bc:24:11:4d:53:e6 (oui Unknown)
      Vendor-rfc1048 Extensions
        Magic Cookie 0x63825363
        DHCP-Message (53), length 1: Discover
        Hostname (12), length 11: "cloudflared"
        Parameter-Request (55), length 13:
          Subnet-Mask (1), BR (28), Time-Zone (2), Default-Gateway (3)
          Domain-Name (15), Domain-Name-Server (6), Unknown (119), Hostname (12)
          Netbios-Name-Server (44), Netbios-Scope (47), MTU (26), Classless-Static-Route (121)
          NTP (42)
        Client-ID (61), length 19: hardware-type 255, 11:4d:53:e6:00:01:00:01:2f:67:31:d0:bc:24:11:4d:53:e6
^C
7 packets captured
7 packets received by filter
0 packets dropped by kernel

Firewall logs:

0 7 host-in 18/Nov/2025:22:27:45 -0600 ACCEPT: IN=vnet220 MAC=ff:ff:ff:ff:ff:ff:bc:24:11:76:1f:97:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=312 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=68 DPT=67 LEN=292
0 7 host-in 18/Nov/2025:22:27:47 -0600 ACCEPT: IN=vnet220 MAC=ff:ff:ff:ff:ff:ff:bc:24:11:76:1f:97:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=312 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=68 DPT=67 LEN=292
0 7 host-in 18/Nov/2025:22:27:52 -0600 ACCEPT: IN=vnet220 MAC=ff:ff:ff:ff:ff:ff:bc:24:11:76:1f:97:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=312 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=68 DPT=67 LEN=292
0 7 host-in 18/Nov/2025:22:28:00 -0600 ACCEPT: IN=vnet220 MAC=ff:ff:ff:ff:ff:ff:bc:24:11:76:1f:97:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=312 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=68 DPT=67 LEN=292
0 7 host-in 18/Nov/2025:22:28:16 -0600 ACCEPT: IN=vnet220 MAC=ff:ff:ff:ff:ff:ff:bc:24:11:76:1f:97:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=312 TOS=0x00 PREC=0x00 TTL=64
 ID=0 DF PROTO=UDP SPT=68 DPT=67 LEN=292

Any help or direction would be greatly appreciated!

 

[youseenothing]

Here are my interfaces:

# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!

auto lo
iface lo inet loopback

auto eno1
iface eno1 inet static
    address 10.253.101.12/24
    gateway 10.253.101.1
#Management

auto ens6f0
iface ens6f0 inet manual

auto ens6f1
iface ens6f1 inet manual

auto eno1d1
iface eno1d1 inet manual

auto vmbr0
iface vmbr0 inet manual
    bridge-ports eno1d1
    bridge-stp off
    bridge-fd 0
    bridge-vlan-aware yes
    bridge-vids 10 220

auto vmbr1
iface vmbr1 inet manual
    bridge-ports ens6f0
    bridge-stp off
    bridge-fd 0
    bridge-vlan-aware yes
    bridge-vids 10 220 240

auto vlan240
iface vlan240 inet static
    address 172.16.240.12/24
    vlan-raw-device vmbr1
#Storage

source /etc/network/interfaces.d/*

Output of 'ip a':

root@pve-2:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host noprefixroute 
       valid_lft forever preferred_lft forever
2: ens6f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master vmbr1 state UP group default qlen 1000
    link/ether 48:df:37:4e:4c:08 brd ff:ff:ff:ff:ff:ff
    altname enp11s0f0
    altname enx48df374e4c08
3: ens6f1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
    link/ether 48:df:37:4e:4c:09 brd ff:ff:ff:ff:ff:ff
    altname enp11s0f1
    altname enx48df374e4c09
4: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether ec:eb:b8:a4:24:12 brd ff:ff:ff:ff:ff:ff
    altname enp9s0
    altname enxecebb8a42412
    inet 10.253.101.12/24 scope global eno1
       valid_lft forever preferred_lft forever
    inet6 fe80::eeeb:b8ff:fea4:2412/64 scope link proto kernel_ll 
       valid_lft forever preferred_lft forever
5: eno1d1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master vmbr0 state UP group default qlen 1000
    link/ether ec:eb:b8:a4:24:13 brd ff:ff:ff:ff:ff:ff
    altname enp9s0d1
    altname enxecebb8a42413
6: vmbr1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 48:df:37:4e:4c:08 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::4adf:37ff:fe4e:4c08/64 scope link proto kernel_ll 
       valid_lft forever preferred_lft forever
7: vlan240@vmbr1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 48:df:37:4e:4c:08 brd ff:ff:ff:ff:ff:ff
    inet 172.16.240.12/24 scope global vlan240
       valid_lft forever preferred_lft forever
    inet6 fe80::4adf:37ff:fe4e:4c08/64 scope link proto kernel_ll 
       valid_lft forever preferred_lft forever
8: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether ec:eb:b8:a4:24:13 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::eeeb:b8ff:fea4:2413/64 scope link proto kernel_ll 
       valid_lft forever preferred_lft forever
10: vnet10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 48:df:37:4e:4c:08 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::4adf:37ff:fe4e:4c08/64 scope link proto kernel_ll 
       valid_lft forever preferred_lft forever
12: vnet220: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 48:df:37:4e:4c:08 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::4adf:37ff:fe4e:4c08/64 scope link proto kernel_ll 
       valid_lft forever preferred_lft forever
14: vnet4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 48:df:37:4e:4c:08 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::4adf:37ff:fe4e:4c08/64 scope link proto kernel_ll 
       valid_lft forever preferred_lft forever
15: tap2501i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc fq_codel master vmbr0 state UNKNOWN group default qlen 1000
    link/ether be:d0:35:d2:a8:3b brd ff:ff:ff:ff:ff:ff
16: vmbr1.10@vmbr1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vnet10 state UP group default qlen 1000
    link/ether 48:df:37:4e:4c:08 brd ff:ff:ff:ff:ff:ff
17: vmbr1.220@vmbr1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vnet220 state UP group default qlen 1000
    link/ether 48:df:37:4e:4c:08 brd ff:ff:ff:ff:ff:ff
18: vmbr1.4@vmbr1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vnet4 state UP group default qlen 1000
    link/ether 48:df:37:4e:4c:08 brd ff:ff:ff:ff:ff:ff

 

[youseenothing]

Here is my SDN config, very simple/basic:

cat /etc/pve/sdn/zones.cfg
vlan: jtx
    bridge vmbr0
    dns powerdns
    dnszone jtx.example.com
    ipam phpipam
    reversedns powerdns
    
cat /etc/pve/sdn/vnets.cfg
vnet: vnet10
    zone jtx
    tag 10

vnet: vnet220
    zone jtx
    tag 220

vnet: vnet4
    zone jtx
    tag 4
    
cat /etc/pve/sdn/subnets.cfg
subnet: jtx-192.168.10.0-24
    vnet vnet10
    dhcp-range start-address=192.168.10.30,end-address=192.168.10.49
    dnszoneprefix jtx.example.com
    gateway 192.168.10.1

subnet: jtx-10.253.220.0-24
    vnet vnet220
    dhcp-range start-address=10.253.220.130,end-address=10.253.220.149
    dnszoneprefix jtx.example.com
    gateway 10.253.220.1

subnet: jtx-192.168.4.0-24
    vnet vnet4
    dnszoneprefix jtx.example.com
    gateway 192.168.4.1

 

[youseenothing]

From the host, all networks are accessible.

ping -c 4 10.253.220.1
PING 10.253.220.1 (10.253.220.1) 56(84) bytes of data.
64 bytes from 10.253.220.1: icmp_seq=1 ttl=64 time=3.45 ms
64 bytes from 10.253.220.1: icmp_seq=2 ttl=64 time=1.70 ms
64 bytes from 10.253.220.1: icmp_seq=3 ttl=64 time=9.71 ms
64 bytes from 10.253.220.1: icmp_seq=4 ttl=64 time=7.76 ms
4 packets transmitted, 4 received, 0% packet loss, time 3006ms
rtt min/avg/max/mdev = 1.704/5.655/9.709/3.213 ms

ping -c 4 192.168.10.1
PING 192.168.10.1 (192.168.10.1) 56(84) bytes of data.
64 bytes from 192.168.10.1: icmp_seq=1 ttl=63 time=0.266 ms
64 bytes from 192.168.10.1: icmp_seq=2 ttl=63 time=0.159 ms
64 bytes from 192.168.10.1: icmp_seq=3 ttl=63 time=0.202 ms
64 bytes from 192.168.10.1: icmp_seq=4 ttl=63 time=0.149 ms
4 packets transmitted, 4 received, 0% packet loss, time 3077ms
rtt min/avg/max/mdev = 0.149/0.194/0.266/0.046 ms

ping -c 4 192.168.4.1
PING 192.168.4.1 (192.168.4.1) 56(84) bytes of data.
64 bytes from 192.168.4.1: icmp_seq=1 ttl=63 time=0.304 ms
64 bytes from 192.168.4.1: icmp_seq=2 ttl=63 time=0.123 ms
64 bytes from 192.168.4.1: icmp_seq=3 ttl=63 time=0.125 ms
64 bytes from 192.168.4.1: icmp_seq=4 ttl=63 time=0.147 ms
4 packets transmitted, 4 received, 0% packet loss, time 3072ms
rtt min/avg/max/mdev = 0.123/0.174/0.304/0.075 ms

 

[youseenothing]

And just for kicks, here are the package versions running on the hosts:

proxmox-ve: 9.1.0 (running kernel: 6.17.2-1-pve)
pve-manager: 9.1.1 (running version: 9.1.1/42db4a6cf33dac83)
proxmox-kernel-helper: 9.0.4
proxmox-kernel-6.17.2-1-pve-signed: 6.17.2-1
proxmox-kernel-6.17: 6.17.2-1
proxmox-kernel-6.14.11-4-pve-signed: 6.14.11-4
proxmox-kernel-6.14: 6.14.11-4
proxmox-kernel-6.14.11-2-pve-signed: 6.14.11-2
proxmox-kernel-6.14.8-2-pve-signed: 6.14.8-2
proxmox-kernel-6.8.12-13-pve-signed: 6.8.12-13
proxmox-kernel-6.8: 6.8.12-13
proxmox-kernel-6.8.12-4-pve-signed: 6.8.12-4
ceph-fuse: 19.2.3-pve1
corosync: 3.1.9-pve2
criu: 4.1.1-1
frr-pythontools: 10.3.1-1+pve4
ifupdown2: 3.3.0-1+pmx11
intel-microcode: 3.20250211.1~deb12u1
ksm-control-daemon: 1.5-1
libjs-extjs: 7.0.0-5
libproxmox-acme-perl: 1.7.0
libproxmox-backup-qemu0: 2.0.1
libproxmox-rs-perl: 0.4.1
libpve-access-control: 9.0.4
libpve-apiclient-perl: 3.4.2
libpve-cluster-api-perl: 9.0.7
libpve-cluster-perl: 9.0.7
libpve-common-perl: 9.0.15
libpve-guest-common-perl: 6.0.2
libpve-http-server-perl: 6.0.5
libpve-network-perl: 1.2.3
libpve-rs-perl: 0.11.3
libpve-storage-perl: 9.0.18
libspice-server1: 0.15.2-1+b1
lvm2: 2.03.31-2+pmx1
lxc-pve: 6.0.5-3
lxcfs: 6.0.4-pve1
novnc-pve: 1.6.0-3
proxmox-backup-client: 4.0.20-1
proxmox-backup-file-restore: 4.0.20-1
proxmox-backup-restore-image: 1.0.0
proxmox-firewall: 1.2.1
proxmox-kernel-helper: 9.0.4
proxmox-mail-forward: 1.0.2
proxmox-mini-journalreader: 1.6
proxmox-offline-mirror-helper: 0.7.3
proxmox-widget-toolkit: 5.1.2
pve-cluster: 9.0.7
pve-container: 6.0.18
pve-docs: 9.1.1
pve-edk2-firmware: 4.2025.05-2
pve-esxi-import-tools: 1.0.1
pve-firewall: 6.0.4
pve-firmware: 3.17-2
pve-ha-manager: 5.0.8
pve-i18n: 3.6.2
pve-qemu-kvm: 10.1.2-3
pve-xtermjs: 5.5.0-3
qemu-server: 9.0.30
smartmontools: 7.4-pve1
spiceterm: 3.4.1
swtpm: 0.8.0+pve3
vncterm: 1.9.1
zfsutils-linux: 2.3.4-pve1

 

[youseenothing]

To add some more information. It seems that VMs/LXCs can reach each other on the same VLAN/VNet within Proxmox on different hosts, but not the gateway or past that as seen here:

root@wavelog:~# ping -c 4 10.253.220.1
PING 10.253.220.1 (10.253.220.1) 56(84) bytes of data.
From 10.253.220.213 icmp_seq=1 Destination Host Unreachable
From 10.253.220.213 icmp_seq=2 Destination Host Unreachable
From 10.253.220.213 icmp_seq=3 Destination Host Unreachable
From 10.253.220.213 icmp_seq=4 Destination Host Unreachable

--- 10.253.220.1 ping statistics ---
4 packets transmitted, 0 received, +4 errors, 100% packet loss, time 3069ms
pipe 4
root@wavelog:~# ping -c 4 10.253.220.251
PING 10.253.220.251 (10.253.220.251) 56(84) bytes of data.
64 bytes from 10.253.220.251: icmp_seq=1 ttl=64 time=1.53 ms
64 bytes from 10.253.220.251: icmp_seq=2 ttl=64 time=0.492 ms
64 bytes from 10.253.220.251: icmp_seq=3 ttl=64 time=0.652 ms
64 bytes from 10.253.220.251: icmp_seq=4 ttl=64 time=0.629 ms

--- 10.253.220.251 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3083ms
rtt min/avg/max/mdev = 0.492/0.825/1.528/0.410 ms
root@wavelog:~# ping -c 4 10.253.220.14
PING 10.253.220.14 (10.253.220.14) 56(84) bytes of data.
From 10.253.220.213 icmp_seq=1 Destination Host Unreachable
From 10.253.220.213 icmp_seq=2 Destination Host Unreachable
From 10.253.220.213 icmp_seq=3 Destination Host Unreachable
From 10.253.220.213 icmp_seq=4 Destination Host Unreachable

--- 10.253.220.14 ping statistics ---
4 packets transmitted, 0 received, +4 errors, 100% packet loss, time 3102ms
pipe 4

The last VM (10.253.220.14) lives on another Proxmox host (running 8.x) on the network in a different physical location, hanging off a different physical switch.

This would explain the DHCP issue, as the DHCP service is provided by a device outside the Proxmox clusters. Seems to be contained to just this particular Proxmox cluster that is running 9.x.

 

[youseenothing]

Another good piece of information is the hardware this is running on: an HPE EdgeLine EL4000. All four nodes are running in a cluster.