vzdump causing interface to enter promiscuous mode, triggering duplicate IP address warnings from Ethernet switch

luckman212

Well-Known Member
Jun 22, 2017
40
2
48
My backups (to PBS) are scheduled to run every night at 1:30am. For the last few nights, I get a warning from my Unifi switch saying that "multiple devices are using IP address 192.168.20.51..." which is the IP assigned to my bare metal PVE node. Nothing special about the node, it's a Mini NUC PC with a few VMs on it, Debian, docker etc. PVE 8.4.1 with the 6.11 kernel, fully up-to-date.

One funny thing I noticed is that the MAC addresses recorded as "duplicate IPs" by the switch all correspond to Powered Off VMs, not active ones. Not sure what kind of a clue that is.

Looking in the kernel logs with journalctl -t kernel, I note that exactly at the time of the rogue IP detection, the interfaces (physical, as well as some virtual) of the node are entering promiscuous mode.

I'd like to solve this problem, but not sure it has any solution? Anyone else seeing this or have any ideas on how to troubleshoot it? Here are some sample logs e.g. from last night

Code:
root@pve01:~# journalctl -t kernel -S 2025-05-02 | grep promisc
May 02 01:30:03 pve01 kernel: tap100i0: entered promiscuous mode
May 02 01:30:03 pve01 kernel: fwpr100p0: entered promiscuous mode
May 02 01:30:03 pve01 kernel: fwln100i0: entered promiscuous mode
May 02 01:30:46 pve01 kernel: fwln100i0 (unregistering): left promiscuous mode
May 02 01:30:46 pve01 kernel: fwpr100p0 (unregistering): left promiscuous mode
May 02 01:30:51 pve01 kernel: tap101i0: entered promiscuous mode
May 02 01:31:37 pve01 kernel: tap107i0: entered promiscuous mode
May 02 01:31:37 pve01 kernel: fwpr107p0: entered promiscuous mode
May 02 01:31:37 pve01 kernel: fwln107i0: entered promiscuous mode
May 02 01:31:56 pve01 kernel: fwln107i0 (unregistering): left promiscuous mode
May 02 01:31:56 pve01 kernel: fwpr107p0 (unregistering): left promiscuous mode
May 02 01:31:58 pve01 kernel: tap111i0: entered promiscuous mode
May 02 01:31:58 pve01 kernel: fwpr111p0: entered promiscuous mode
May 02 01:31:58 pve01 kernel: fwln111i0: entered promiscuous mode
May 02 01:32:31 pve01 kernel: fwln111i0 (unregistering): left promiscuous mode
May 02 01:32:31 pve01 kernel: fwpr111p0 (unregistering): left promiscuous mode

edit: related post here
 
Last edited:
My backups (to PBS) are scheduled to run every night at 1:30am. For the last few nights, I get a warning from my Unifi switch saying that "multiple devices are using IP address 192.168.20.51..." which is the IP assigned to my bare metal PVE node. Nothing special about the node, it's a Mini NUC PC with a few VMs on it, Debian, docker etc. PVE 8.4.1 with the 6.11 kernel, fully up-to-date.

One funny thing I noticed is that the MAC addresses recorded as "duplicate IPs" by the switch all correspond to Powered Off VMs, not active ones. Not sure what kind of a clue that is.

Looking in the kernel logs with journalctl -t kernel, I note that exactly at the time of the rogue IP detection, the interfaces (physical, as well as some virtual) of the node are entering promiscuous mode.

I'd like to solve this problem, but not sure it has any solution? Anyone else seeing this or have any ideas on how to troubleshoot it? Here are some sample logs e.g. from last night

Code:
root@pve01:~# journalctl -t kernel -S 2025-05-02 | grep promisc
May 02 01:30:03 pve01 kernel: tap100i0: entered promiscuous mode
May 02 01:30:03 pve01 kernel: fwpr100p0: entered promiscuous mode
May 02 01:30:03 pve01 kernel: fwln100i0: entered promiscuous mode
May 02 01:30:46 pve01 kernel: fwln100i0 (unregistering): left promiscuous mode
May 02 01:30:46 pve01 kernel: fwpr100p0 (unregistering): left promiscuous mode
May 02 01:30:51 pve01 kernel: tap101i0: entered promiscuous mode
May 02 01:31:37 pve01 kernel: tap107i0: entered promiscuous mode
May 02 01:31:37 pve01 kernel: fwpr107p0: entered promiscuous mode
May 02 01:31:37 pve01 kernel: fwln107i0: entered promiscuous mode
May 02 01:31:56 pve01 kernel: fwln107i0 (unregistering): left promiscuous mode
May 02 01:31:56 pve01 kernel: fwpr107p0 (unregistering): left promiscuous mode
May 02 01:31:58 pve01 kernel: tap111i0: entered promiscuous mode
May 02 01:31:58 pve01 kernel: fwpr111p0: entered promiscuous mode
May 02 01:31:58 pve01 kernel: fwln111i0: entered promiscuous mode
May 02 01:32:31 pve01 kernel: fwln111i0 (unregistering): left promiscuous mode
May 02 01:32:31 pve01 kernel: fwpr111p0 (unregistering): left promiscuous mode

edit: related post here
You were the one I was referring to. In my opinion, tweaking the kernel is the worst solution of all.
I'm assuming the thing has been running for a while and would rather try to figure out why it's not running anymore. Was there an update running before? Or did it suddenly appear?

My crystal ball suggests this thread:
It's just an idea, but easy to test without any consequences or time-consuming issues.
 
Last edited:
You were the one I was referring to. My crystal ball suggests this thread:

Thanks for the idea, but the box doesn't have an Intel NIC. It's Realtek
Code:
# lspci | grep Eth
2d:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8125 2.5GbE Controller (rev 05)
2e:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 15)
 
Thanks for the idea, but the box doesn't have an Intel NIC. It's Realtek
Code:
# lspci | grep Eth
2d:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8125 2.5GbE Controller (rev 05)
2e:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 15)
Thanks for the idea, but the box doesn't have an Intel NIC. It's Realtek
Code:
# lspci | grep Eth
2d:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8125 2.5GbE Controller (rev 05)
2e:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 15)
Have you checked whether this also happens with only running VMs?
 
@TErxleben not sure I understand the question, but, what I noticed was that the entries in the kernel log for the interfaces that were entering/exiting promiscuous mode only corresponded to the VMs that were powered off at the time the backups started (see OP). For example,

Code:
tap100i0, fwpr100p0, fwln100i0
tap101i0
tap107i0, fwpr107p0, fwln107i0
tap111i0, fwpr111p0, fwln111i0

VMs 100, 101, 107, and 111 in this case are/were all powered off.

1746301843347.png
 
Take a look here
Thank you again. I'm not using openvswitch. And I have already set "stable" names for my NICs (en0, en1 etc) so they match across all nodes.

For now, I took the jump and installed the 6.14 kernel. Will keep posted if there is any effect either way.