Hello,
I've reached a weird situation where we have multiple servers that run different versions of Proxmox - Proxmox 2.3 and 3.0 for testing. They have the same kind of configuration but networking doesn't behave quite the same way unfortunately. For background information, the machines are hosted with OVH (if that's any help).
For this example, the setup includes two Host Machines (HM #1 and HM #2) connected to the VLAN + Public IP range routed through VLAN + Private IP range routed through VLAN.
When I reboot the HM #1 and start OpenVZ containers then the OpenVZ container can ping Internet, but can't ping HM #1, HM #2 or any other container inside VLAN Public IP (Private IP works). The OpenVZ container can be reached from the Internet and HM #1, but can't be pinged from HM #2 or any other container inside the same VLAN.
After few hours, the same OpenVZ container no longer replies to ping from Internet or anywhere else.
Based on what I know this far, it seems like a the router forgets the OpenVZ container and for some reason the HM #1 doesn't properly deliver the ARP requests to the network any more. Why it happens is quite unknown to me at this point.
Hopefully I'm not the only one facing this problem. Anything that helps me to get to the right way is much appreciated.
This is /etc/network/interface
This is /etc/sysctl.conf
This is /etc/sysctl.d/vzctl.conf
If there's anything else that I could provide and that could help with this riddle then please let me know.
Thank you very much in advance!
I've reached a weird situation where we have multiple servers that run different versions of Proxmox - Proxmox 2.3 and 3.0 for testing. They have the same kind of configuration but networking doesn't behave quite the same way unfortunately. For background information, the machines are hosted with OVH (if that's any help).
For this example, the setup includes two Host Machines (HM #1 and HM #2) connected to the VLAN + Public IP range routed through VLAN + Private IP range routed through VLAN.
When I reboot the HM #1 and start OpenVZ containers then the OpenVZ container can ping Internet, but can't ping HM #1, HM #2 or any other container inside VLAN Public IP (Private IP works). The OpenVZ container can be reached from the Internet and HM #1, but can't be pinged from HM #2 or any other container inside the same VLAN.
After few hours, the same OpenVZ container no longer replies to ping from Internet or anywhere else.
Based on what I know this far, it seems like a the router forgets the OpenVZ container and for some reason the HM #1 doesn't properly deliver the ARP requests to the network any more. Why it happens is quite unknown to me at this point.
Hopefully I'm not the only one facing this problem. Anything that helps me to get to the right way is much appreciated.
This is /etc/network/interface
Code:
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# for Routing
auto vmbr1
iface vmbr1 inet manual
bridge_ports dummy0
bridge_stp off
bridge_fd 0
# vmbr0: Bridging. Make sure to use only MAC adresses that were assigned to you.
auto vmbr0
iface vmbr0 inet static
address 5.135.XXX.XXX
netmask 255.255.255.0
network 5.135.XXX.0
broadcast 5.135.XXX.XXX
gateway 5.135.XXX.XXX
bridge_ports eth0
bridge_stp off
bridge_fd 0
auto eth0.ZZZZ:0
iface eth0.ZZZZ:0 inet static
address 192.168.0.10
netmask 255.255.0.0
up /sbin/ip route add 192.168.0.0/16 via 192.168.255.254 dev eth0.ZZZZ:0
post-down /sbin/ip route del 192.168.0.0/16 via 192.168.255.254 dev eth0.ZZZZ:0
pre-up iptables -t nat -A POSTROUTING -s 192.168.0.0/16 ! -d 192.168.0.0/16 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s 192.168.0.0/16 ! -d 192.168.0.0/16 -j MASQUERADE
auto eth0.ZZZZ:1
iface eth0.ZZZZ:1 inet static
address 5.39.YYY.YYY
network 5.39.YYY.YYY
broadcast 5.39.YYY.YYY
netmask 255.255.255.192
up /sbin/ip route add default via 5.39.YYY.YYY dev eth0.ZZZZ:1 table 125
up /sbin/ip rule add from 5.39.YYY.YYY/26 table 125
post-down /sbin/ip route del default via 5.39.YYY.YYY dev eth0.ZZZZ:1 table 125
post-down /sbin/ip rule del from 5.39.YYY.YYY/26 table 125Code:
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.forwarding = 1
net.ipv4.conf.all.forwarding = 1
net.ipv4.ip_forward=1
net.ipv4.conf.default.proxy_arp = 1
net.ipv4.conf.all.proxy_arp = 1
net.ipv4.conf.vmbr0.proxy_arp = 1
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.vmbr0.rp_filter = 0
kernel.ve_allow_kthreads = 1Code:
# On Hardware Node we generally need
# packet forwarding enabled and proxy arp disabled
net.ipv4.ip_forward = 1
net.ipv4.conf.default.forwarding=1
net.ipv4.conf.default.proxy_arp = 1
# Enables source route verification
net.ipv4.conf.all.rp_filter = 0
# Enables the magic-sysrq key
kernel.sysrq = 1
# TCP Explict Congestion Notification
#net.ipv4.tcp_ecn = 0
# we do not want all our interfaces to send redirects
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.rp_filter =0
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.eth0.rp_filter = 0Thank you very much in advance!