[PVE-User] ARP issue between lxc containers on PX 4.2

Guillaume proxmox at shadowprojects.org
Fri Jul 8 17:17:10 CEST 2016 

I may have found lead, only on the host side.


 From proxmox, i can't ping the lxc container private address

root at srv3:~# ping 192.168.30.101
PING 192.168.30.101 (192.168.30.101) 56(84) bytes of data.
^C
--- 192.168.30.101 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 999ms


But i can ping another server private address (same vrack) :
root at srv3:~# ping 192.168.30.250
PING 192.168.30.250 (192.168.30.250) 56(84) bytes of data.
64 bytes from 192.168.30.250: icmp_seq=1 ttl=64 time=0.630 ms
^C
--- 192.168.30.250 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.630/0.630/0.630/0.000 ms


But, if i force the ping network interface on vmbr2 (host private 
network interface) :

root at srv3:~# ping -I vmbr2 192.168.30.101
PING 192.168.30.101 (192.168.30.101) from 192.168.30.3 vmbr2: 56(84) 
bytes of data.
64 bytes from 192.168.30.101: icmp_seq=1 ttl=64 time=0.084 ms
64 bytes from 192.168.30.101: icmp_seq=2 ttl=64 time=0.024 ms
64 bytes from 192.168.30.101: icmp_seq=3 ttl=64 time=0.035 ms
^C
--- 192.168.30.101 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1998ms
rtt min/avg/max/mdev = 0.024/0.047/0.084/0.027 ms


It is strange since i have a route on vmbr2 for 192.168.30.0 :

root at srv3:~# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use 
Iface
default         164.132.168.254 0.0.0.0         UG    0 0        0 vmbr0
51.254.233.80   *               255.255.255.240 U     0 0        0 vmbr0
164.132.168.0   *               255.255.255.0   U     0 0        0 vmbr0
192.168.30.0    *               255.255.255.0   U     0 0        0 vmbr2
224.0.0.0       *               240.0.0.0       U     0 0        0 vmbr0

This solution doesn't change anything for the container. If i try to 
ping a container (public or private interface) from another while 
forcing the interface, it doesn't help.


Le 08/07/2016 à 11:11, Guillaume a écrit :
> Hello,
>
> I'm running Proxmox 4.2-15, with a fresh install :
>
> # pveversion -v
> proxmox-ve: 4.2-56 (running kernel: 4.4.13-1-pve)
> pve-manager: 4.2-15 (running version: 4.2-15/6669ad2c)
> pve-kernel-4.4.13-1-pve: 4.4.13-56
> pve-kernel-4.2.8-1-pve: 4.2.8-41
> lvm2: 2.02.116-pve2
> corosync-pve: 2.3.5-2
> libqb0: 1.0-1
> pve-cluster: 4.0-42
> qemu-server: 4.0-83
> pve-firmware: 1.1-8
> libpve-common-perl: 4.0-70
> libpve-access-control: 4.0-16
> libpve-storage-perl: 4.0-55
> pve-libspice-server1: 0.12.5-2
> vncterm: 1.2-1
> pve-qemu-kvm: 2.5-19
> pve-container: 1.0-70
> pve-firewall: 2.0-29
> pve-ha-manager: 1.0-32
> ksm-control-daemon: 1.2-1
> glusterfs-client: 3.5.2-2+deb8u2
> lxc-pve: 1.1.5-7
> lxcfs: 2.0.0-pve2
> cgmanager: 0.39-pve1
> criu: 1.6.0-1
> zfsutils: 0.6.5.7-pve10~bpo80
>
> # sysctl -p
> net.ipv6.conf.all.autoconf = 0
> net.ipv6.conf.default.autoconf = 0
> net.ipv6.conf.vmbr0.autoconf = 0
> net.ipv6.conf.all.accept_ra = 0
> net.ipv6.conf.default.accept_ra = 0
> net.ipv6.conf.vmbr0.accept_ra = 0
> net.ipv6.conf.vmbr0.accept_ra = 0
> net.ipv6.conf.vmbr0.autoconf = 0
>
>
> I'm only using lxc containers.
>
> Host have 2 networks interfaces, vmbr0 with public ip 
> 164.132.161.131/32 (gtw 164.132.161.254) and vmbr2 with private ip 
> (ovh vrack 2) 192.168.30.3/24.
> Containers have public interface eth0 with public ip address (based on 
> vmbr0) and eth1 with private ip address (based on vmbr2) :
>
> * LXC1
>     eth0 : 51.254.231.80/28
>     eth1 : 192.168.30.101/24
>
> * LXC2
>     eth0 : 51.254.231.81/28
>     eth1 : 192.168.30.102/24
>
> They both have access to the net, but can't talk to each other, 
> whatever network interface (public or private) i'm using.
> Same issue with firewall down on the node (on the 3 levels).
>
> # Ping from LXC1 51.254.231.80 to LXC2 51.254.231.81 : tcpdump from LXC1
> 15:54:00.810638 ARP, Request who-has 164.132.161.250 tell 
> 164.132.161.252, length 46
>
> # Ping from LXC1 192.168.30.101 to LXC2 192.168.30.102 (vrack) : 
> tcpdump from LXC1
> 15:54:52.260934 ARP, Request who-has 192.168.30.102 tell 192.168.30.3, 
> length 28
> 15:54:52.260988 ARP, Reply 192.168.30.102 is-at 62:31:32:34:65:61 (oui 
> Unknown), length 28
> 15:54:52.575082 IP 192.168.30.102 > 192.168.30.101: ICMP echo request, 
> id 1043, seq 3, length 64
> 15:54:53.583057 IP 192.168.30.102 > 192.168.30.101: ICMP echo request, 
> id 1043, seq 4, length 64
>
> # Ping from LXC1 192.168.30.101 to LXC2 192.168.30.102 (vrack) : 
> tcpdump from Proxmox
> 17:56:05.861665 ARP, Request who-has 192.168.30.101 tell 
> 192.168.30.102, length 28
> 17:56:05.861688 ARP, Reply 192.168.30.101 is-at 62:31:32:34:65:61 (oui 
> Unknown), length 28
> 17:56:06.860925 ARP, Request who-has 192.168.30.101 tell 
> 192.168.30.102, length 28
> 17:56:06.860998 ARP, Reply 192.168.30.101 is-at 62:31:32:34:65:61 (oui 
> Unknown), length 28
>
> Any idea ?
>
> Thanks,
>
> Guillaume
> _______________________________________________
> pve-user mailing list
> pve-user at pve.proxmox.com
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>

More information about the pve-user mailing list