vzdump causing interface to enter promiscuous mode, triggering duplicate IP address warnings from Ethernet switch

L

luckman212

Well-Known Member
Jun 22, 2017
37
2
48
My backups (to PBS) are scheduled to run every night at 1:30am. For the last few nights, I get a warning from my Unifi switch saying that "multiple devices are using IP address 192.168.20.51..." which is the IP assigned to my bare metal PVE node. Nothing special about the node, it's a Mini NUC PC with a few VMs on it, Debian, docker etc. PVE 8.4.1 with the 6.11 kernel, fully up-to-date.

One funny thing I noticed is that the MAC addresses recorded as "duplicate IPs" by the switch all correspond to Powered Off VMs, not active ones. Not sure what kind of a clue that is.

Looking in the kernel logs with journalctl -t kernel, I note that exactly at the time of the rogue IP detection, the interfaces (physical, as well as some virtual) of the node are entering promiscuous mode.

I'd like to solve this problem, but not sure it has any solution? Anyone else seeing this or have any ideas on how to troubleshoot it? Here are some sample logs e.g. from last night

Code: 
root@pve01:~# journalctl -t kernel -S 2025-05-02 | grep promisc
May 02 01:30:03 pve01 kernel: tap100i0: entered promiscuous mode
May 02 01:30:03 pve01 kernel: fwpr100p0: entered promiscuous mode
May 02 01:30:03 pve01 kernel: fwln100i0: entered promiscuous mode
May 02 01:30:46 pve01 kernel: fwln100i0 (unregistering): left promiscuous mode
May 02 01:30:46 pve01 kernel: fwpr100p0 (unregistering): left promiscuous mode
May 02 01:30:51 pve01 kernel: tap101i0: entered promiscuous mode
May 02 01:31:37 pve01 kernel: tap107i0: entered promiscuous mode
May 02 01:31:37 pve01 kernel: fwpr107p0: entered promiscuous mode
May 02 01:31:37 pve01 kernel: fwln107i0: entered promiscuous mode
May 02 01:31:56 pve01 kernel: fwln107i0 (unregistering): left promiscuous mode
May 02 01:31:56 pve01 kernel: fwpr107p0 (unregistering): left promiscuous mode
May 02 01:31:58 pve01 kernel: tap111i0: entered promiscuous mode
May 02 01:31:58 pve01 kernel: fwpr111p0: entered promiscuous mode
May 02 01:31:58 pve01 kernel: fwln111i0: entered promiscuous mode
May 02 01:32:31 pve01 kernel: fwln111i0 (unregistering): left promiscuous mode
May 02 01:32:31 pve01 kernel: fwpr111p0 (unregistering): left promiscuous mode

edit: related post here
 
Last edited:
luckman212 said:
My backups (to PBS) are scheduled to run every night at 1:30am. For the last few nights, I get a warning from my Unifi switch saying that "multiple devices are using IP address 192.168.20.51..." which is the IP assigned to my bare metal PVE node. Nothing special about the node, it's a Mini NUC PC with a few VMs on it, Debian, docker etc. PVE 8.4.1 with the 6.11 kernel, fully up-to-date.

One funny thing I noticed is that the MAC addresses recorded as "duplicate IPs" by the switch all correspond to Powered Off VMs, not active ones. Not sure what kind of a clue that is.

Looking in the kernel logs with journalctl -t kernel, I note that exactly at the time of the rogue IP detection, the interfaces (physical, as well as some virtual) of the node are entering promiscuous mode.

I'd like to solve this problem, but not sure it has any solution? Anyone else seeing this or have any ideas on how to troubleshoot it? Here are some sample logs e.g. from last night

Code: 
root@pve01:~# journalctl -t kernel -S 2025-05-02 | grep promisc
May 02 01:30:03 pve01 kernel: tap100i0: entered promiscuous mode
May 02 01:30:03 pve01 kernel: fwpr100p0: entered promiscuous mode
May 02 01:30:03 pve01 kernel: fwln100i0: entered promiscuous mode
May 02 01:30:46 pve01 kernel: fwln100i0 (unregistering): left promiscuous mode
May 02 01:30:46 pve01 kernel: fwpr100p0 (unregistering): left promiscuous mode
May 02 01:30:51 pve01 kernel: tap101i0: entered promiscuous mode
May 02 01:31:37 pve01 kernel: tap107i0: entered promiscuous mode
May 02 01:31:37 pve01 kernel: fwpr107p0: entered promiscuous mode
May 02 01:31:37 pve01 kernel: fwln107i0: entered promiscuous mode
May 02 01:31:56 pve01 kernel: fwln107i0 (unregistering): left promiscuous mode
May 02 01:31:56 pve01 kernel: fwpr107p0 (unregistering): left promiscuous mode
May 02 01:31:58 pve01 kernel: tap111i0: entered promiscuous mode
May 02 01:31:58 pve01 kernel: fwpr111p0: entered promiscuous mode
May 02 01:31:58 pve01 kernel: fwln111i0: entered promiscuous mode
May 02 01:32:31 pve01 kernel: fwln111i0 (unregistering): left promiscuous mode
May 02 01:32:31 pve01 kernel: fwpr111p0 (unregistering): left promiscuous mode

edit: related post here
Click to expand...
You were the one I was referring to. In my opinion, tweaking the kernel is the worst solution of all.
I'm assuming the thing has been running for a while and would rather try to figure out why it's not running anymore. Was there an update running before? Or did it suddenly appear?

My crystal ball suggests this thread:
T

[SOLVED] Post in thread 'Intel NIC e1000e hardware unit hang'

kathing said:
Trying this same now here, is this permanently stored after a reboot?
Click to expand...
Medium-term at most! In my opinion, this problem should actually be fixed by Intel. Until that happens, the error will keep popping up. It's been doing that for a long time now.
  • Like
It's just an idea, but easy to test without any consequences or time-consuming issues.
 
Last edited:
You must log in or register to reply here.
Top Bottom