[pve-devel] Quorum problems with NICs Intel of 10 Gb/s and VMsturns off

Alexandre DERUMIER aderumier at odiso.com
Sat Jan 3 16:40:40 CET 2015 

>>After a minute of apply on only a node (pve6), these commands, i lost the 
>>quorum in two nodes (pve5 and pve6): 
>>The commands executed on only a node (pve6): 
>>echo 1 > /sys/devices/virtual/net/vmbr0/bridge/multicast_snooping 
>>echo 0 > /sys/class/net/vmbr0/bridge/multicast_querier

If you enable multicast snooping (on linux bridge, or physical switch),
you need an igmp querier (or more) on your network.

Personnaly, I really don't like use querier from linux bridge,
So I enable it on my physical switches.

You can have multiple querier, but only one is working at one time.
(They are some kind of election when a querier is going down)

on linux bridge, disable multicast_snooping also disable multicast querier by default.


>>1) Why the pve5 node lost the quorum if i don't applied any change in this
>>node?
>>(this node always had the multicast snooping filter disabled)

Is igmp snooping enabled on your physical switch ?
Maybe pve6 was the master igmp querier.


>>2) Why the VM that is running on pve5 node and also is configured in HA
>>turns off brutally?
>>3) If it is a bug, can someone apply a patch to code?

Can't comment about this, I don't use HA in production. Maybe because it's loose quorum.
You really need a stable multicast (really really stable) to use HA.



>>Moreover, talking about of firewall enabled for the VMs:
>>I remember that +/- 1 month ago, i tried apply to the firewall a rule
>>restrictive of access of the IP address of cluster communication to the VMs
>>without successful, ie, with a policy of firewall by default of "allow",
>>each time that i enable this unique and restrictive rule to the VM, the VM
>>lose all network communication. Maybe i am wrong in something.
>>
>>So i would like to ask you somethings:
>>
>>4) Can you do a test, and then tell me the results?
>>5) If the results are positives, can you tell me how do it?
>>6) And if the results are negatives, can you apply a patch to code?

I'll do test, but I don't see why It'll not work.
(I known they was a bug with openswitch , but with linux bridge it's should work without any problem)



>>7) As each PVE node has his "firewall" tag in the PVE GUI, i guess that such
>>option is for apply firewall rules of in/out that affect only to this node,
>>right?, or for what exist such option?

Yes, exactly, firewall tab on the node, is the firewall for INPUT|OUTPUT rules to|from the node.
At datacenter level, it's apply on all nodes IN|OUT


----- Mail original -----
De: "aderumier" <aderumier at odiso.com>
À: "Cesar Peschiera" <brain at click.com.py>
Cc: "pve-devel" <pve-devel at pve.proxmox.com>
Envoyé: Samedi 3 Janvier 2015 16:31:11
Objet: Re: [pve-devel] Quorum problems with NICs Intel of 10 Gb/s and VMsturns off





	

Alexandre Derumier 
Ingénieur système et stockage 


Fixe : 03 20 68 90 88 
Fax : 03 20 68 90 81 


45 Bvd du Général Leclerc 59100 Roubaix 
12 rue Marivaux 75002 Paris 


MonSiteEstLent.com - Blog dédié à la webperformance et la gestion de pics de trafic

More information about the pve-devel mailing list