[PVE-User] ARP issue

Stefan Radman stefan.radman at me.com
Tue Nov 30 09:47:47 CET 2021 

Hi 

The only situation where I can imagine this happening is a PVE host that has Proxy ARP enabled.

This is not enabled by default AFAIK.

root at pve5:~# sysctl net.ipv4.conf.all.proxy_arp
net.ipv4.conf.all.proxy_arp = 0

On my PVE7 hosts, all the kernel’s ARP features are in fact off (by default).

root at pve5:~# sysctl -a | fgrep arp | grep -vc ' = 0$'
0

> Somehow, the other physical servers connected to ens19 get an ARP reply with the mac address of ens19 for the IP on vmbr1 (which, again, has no physical interface).


Even if Proxy ARP were configured on your PVE7 hosts, your servers would normally only get an ARP reply when they send a specific ARP request e.g. “who has 10.A.B.C, tell 10.A.B.D”.

Here are questions you should ask yourself:

Why would your servers configured with IP 10.X.Y.Z and connected to vmbr2 via ens19 send ARP requests for 10.A.B.C/24 on that link?
Why do they? How do the requests look like (who is asking)?

Hope that helps in tracking it down.

Stefan 

> On Nov 23, 2021, at 20:58, ic <lists at benappy.com> wrote:
> 
> Hi,
> 
> I’m running PVE 7.0 on a bunch of servers. I noticed something strange.
> There is a vmbr2 containing one physical interface (ens19) with an IP (10.X.Y.Z/24).
> There is a vmbr1 containing NO physical interface with another IP (10.A.B.C/24) (outside of the range of vmbr2, even if this is irrelevant for this problem).
> 
> Somehow, the other physical servers connected to ens19 get an ARP reply with the mac address of ens19 for the IP on vmbr1 (which, again, has no physical interface).
> 
> In an “ip a” output, this mac address appears only in ens19 and vmbr2. vmbr1 has its own mac (different from the physical mac of ens19/vmbr2).
> 
> What am I missing?
> 
> In my setup I need vmbr2 to have the same IP on each physical host and not leak on the outside network so this is pretty annoying :(
> 
> BR, ic
> 
> 
> _______________________________________________
> pve-user mailing list
> pve-user at lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user

More information about the pve-user mailing list