Re: [PVE-User] ARP issue between lxc containers on PX 4.2

Fri, 08 Jul 2016 08:17:28 -0700 

I may have found lead, only on the host side.


From proxmox, i can't ping the lxc container private address

root@srv3:~# ping 192.168.30.101
PING 192.168.30.101 (192.168.30.101) 56(84) bytes of data.
^C
--- 192.168.30.101 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 999ms


But i can ping another server private address (same vrack) :
root@srv3:~# ping 192.168.30.250
PING 192.168.30.250 (192.168.30.250) 56(84) bytes of data.
64 bytes from 192.168.30.250: icmp_seq=1 ttl=64 time=0.630 ms
^C
--- 192.168.30.250 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.630/0.630/0.630/0.000 ms
But, if i force the ping network interface on vmbr2 (host private network interface) : 

root@srv3:~# ping -I vmbr2 192.168.30.101
PING 192.168.30.101 (192.168.30.101) from 192.168.30.3 vmbr2: 56(84) bytes of data. 
64 bytes from 192.168.30.101: icmp_seq=1 ttl=64 time=0.084 ms
64 bytes from 192.168.30.101: icmp_seq=2 ttl=64 time=0.024 ms
64 bytes from 192.168.30.101: icmp_seq=3 ttl=64 time=0.035 ms
^C
--- 192.168.30.101 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1998ms
rtt min/avg/max/mdev = 0.024/0.047/0.084/0.027 ms


It is strange since i have a route on vmbr2 for 192.168.30.0 :

root@srv3:~# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface 
default         164.132.168.254 0.0.0.0         UG    0 0        0 vmbr0
51.254.233.80   *               255.255.255.240 U     0 0        0 vmbr0
164.132.168.0   *               255.255.255.0   U     0 0        0 vmbr0
192.168.30.0    *               255.255.255.0   U     0 0        0 vmbr2
224.0.0.0       *               240.0.0.0       U     0 0        0 vmbr0
This solution doesn't change anything for the container. If i try to ping a container (public or private interface) from another while forcing the interface, it doesn't help. 


Le 08/07/2016 à 11:11, Guillaume a écrit :

Hello,

I'm running Proxmox 4.2-15, with a fresh install :

# pveversion -v
proxmox-ve: 4.2-56 (running kernel: 4.4.13-1-pve)
pve-manager: 4.2-15 (running version: 4.2-15/6669ad2c)
pve-kernel-4.4.13-1-pve: 4.4.13-56
pve-kernel-4.2.8-1-pve: 4.2.8-41
lvm2: 2.02.116-pve2
corosync-pve: 2.3.5-2
libqb0: 1.0-1
pve-cluster: 4.0-42
qemu-server: 4.0-83
pve-firmware: 1.1-8
libpve-common-perl: 4.0-70
libpve-access-control: 4.0-16
libpve-storage-perl: 4.0-55
pve-libspice-server1: 0.12.5-2
vncterm: 1.2-1
pve-qemu-kvm: 2.5-19
pve-container: 1.0-70
pve-firewall: 2.0-29
pve-ha-manager: 1.0-32
ksm-control-daemon: 1.2-1
glusterfs-client: 3.5.2-2+deb8u2
lxc-pve: 1.1.5-7
lxcfs: 2.0.0-pve2
cgmanager: 0.39-pve1
criu: 1.6.0-1
zfsutils: 0.6.5.7-pve10~bpo80

# sysctl -p
net.ipv6.conf.all.autoconf = 0
net.ipv6.conf.default.autoconf = 0
net.ipv6.conf.vmbr0.autoconf = 0
net.ipv6.conf.all.accept_ra = 0
net.ipv6.conf.default.accept_ra = 0
net.ipv6.conf.vmbr0.accept_ra = 0
net.ipv6.conf.vmbr0.accept_ra = 0
net.ipv6.conf.vmbr0.autoconf = 0


I'm only using lxc containers.
Host have 2 networks interfaces, vmbr0 with public ip 164.132.161.131/32 (gtw 164.132.161.254) and vmbr2 with private ip (ovh vrack 2) 192.168.30.3/24. Containers have public interface eth0 with public ip address (based on vmbr0) and eth1 with private ip address (based on vmbr2) : 

* LXC1
    eth0 : 51.254.231.80/28
    eth1 : 192.168.30.101/24

* LXC2
    eth0 : 51.254.231.81/28
    eth1 : 192.168.30.102/24
They both have access to the net, but can't talk to each other, whatever network interface (public or private) i'm using. 
Same issue with firewall down on the node (on the 3 levels).

# Ping from LXC1 51.254.231.80 to LXC2 51.254.231.81 : tcpdump from LXC1
15:54:00.810638 ARP, Request who-has 164.132.161.250 tell 164.132.161.252, length 46
# Ping from LXC1 192.168.30.101 to LXC2 192.168.30.102 (vrack) : tcpdump from LXC1 15:54:52.260934 ARP, Request who-has 192.168.30.102 tell 192.168.30.3, length 28 15:54:52.260988 ARP, Reply 192.168.30.102 is-at 62:31:32:34:65:61 (oui Unknown), length 28 15:54:52.575082 IP 192.168.30.102 > 192.168.30.101: ICMP echo request, id 1043, seq 3, length 64 15:54:53.583057 IP 192.168.30.102 > 192.168.30.101: ICMP echo request, id 1043, seq 4, length 64
# Ping from LXC1 192.168.30.101 to LXC2 192.168.30.102 (vrack) : tcpdump from Proxmox 17:56:05.861665 ARP, Request who-has 192.168.30.101 tell 192.168.30.102, length 28 17:56:05.861688 ARP, Reply 192.168.30.101 is-at 62:31:32:34:65:61 (oui Unknown), length 28 17:56:06.860925 ARP, Request who-has 192.168.30.101 tell 192.168.30.102, length 28 17:56:06.860998 ARP, Reply 192.168.30.101 is-at 62:31:32:34:65:61 (oui Unknown), length 28 

Any idea ?

Thanks,

Guillaume
_______________________________________________
pve-user mailing list
pve-user@pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user



_______________________________________________
pve-user mailing list
pve-user@pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user

Reply via email to