Possible networking bug in proxmox 7 (VLAN aware bridge on active-backup bond)

se_marc · July 13, 2021, 2:31pm

Hey everyone,

I know most folks on this forum probably use XCP-NG but I wanted to give a heads up for those using proxmox. I recently did an install of proxmox 7 on a Dell r640.

I set up bond0 to include 4 NICs with eno1 as the primary. Next, i set vmbr0 to be VLAN aware and restarted networking. This caused me to lose internet, unable to ping 8.8.8.8. Since I somewhat modified this particular install (added / removed from cluster), I decided to re-flash a clean install and try again. I got the same result.

From here, I decided to do a clean install of 6.4 to see if the issue persisted. The issue did not occur. I was able to create an active-backup bond on 4 NICs and then create a VLAN aware bridge.

On the working 6.4 machine, I followed the proxmox 6.x to 7 instructions to see if for some reason an upgraded server with a working config would still work.

After the install, i rebooted and LOST NETWORKING.

This smells like a bug to me. I’ve posted in reddit as well as the proxmox forums hoping to get some feedback. If anyone has time to confirm these findings, OR if you have a workaround, please let me know.

here is the config which worked on 6.4 but DID NOT work on 7.0:

root@proxmox-6:/# cat /etc/network/interfaces
# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!

auto lo
iface lo inet loopback

auto eno2
iface eno2 inet manual

auto eno1
iface eno1 inet manual

auto eno3
iface eno3 inet manual

auto eno4
iface eno4 inet manual

auto bond0
iface bond0 inet manual
        bond-slaves eno1 eno2 eno3 eno4
        bond-miimon 100
        bond-mode active-backup
        bond-primary eno1

auto vmbr0
iface vmbr0 inet static
        address 10.10.3.18/24
        gateway 10.10.3.1
        bridge-ports bond0
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 2-4094

root@proxmox-6:/#

for reference

reddit post: https://www.reddit.com/r/Proxmox/comments/oj0s76/proxmox_70_activebackup_bond_with_vlan_aware/

proxmox forum post: https://forum.proxmox.com/threads/possible-bug-proxmox-7-active-backup-bond-with-vlan-aware-bridge-causes-no-internet.92529/

neogrid · July 13, 2021, 3:31pm

Thanks for the heads up.

Just curious do you have a single NIC card with 4 ports in a bond or do you have 4 ports with an onboard NIC also ?

I’m asking as I have the latter setup, though I have held back updating as I saw Proxmox is using a beta version of Debian as far as I could tell.

g-aitc · July 13, 2021, 6:08pm

That 's a problem. I never upgrade on the initial major version release, wait for 1st or second 2nd update. Let Tom do the fiddle, he has the time and the staff. Thanks Tom for saving all of us time and trouble.

se_marc · July 13, 2021, 6:34pm

It’s a single card with 4 NICs.

se_marc · July 14, 2021, 1:41pm

following up on this. According to the upgrade documentation, there is a known issue (see below after page split)

for a fix, it was recommended to me to by a proxmox staff member:

"Set the MAC address of the bridge to the same as the bond with the hwaddress option (see man ifupdown-addons-interfaces).

See also the following thread on the pve-user list: https://lists.proxmox.com/pipermail/pve-user/2021-July/172651.html"

Network

Linux Bridge MAC-Address Change

With Proxmox VE 7 / Debian Bullseye, a new systemd version is used, that changes how the MAC addresses of Linux network bridge devices are calculated:

MACAddressPolicy=persistent was extended to set MAC addresses based on the device name. Previously addresses were only based on the ID_NET_NAME_* attributes, which meant that interface names would never be generated for virtual devices. Now a persistent address will be generated for most devices, including in particular bridges.

– systemd.net-naming-scheme

A unique and persistent MAC address is now calculated using the bridge name and the unique machine-id (/etc/machine-id), which is generated at install time.

Please either ensure that any ebtable or similar rules that use the previous bridge MAC-Address are updated or configure the desired bridge MAC-Address explicitly, by switching to ifupdown2 and adding hwaddress to the respective entry in /etc/network/interfaces.

se_marc · July 14, 2021, 3:02pm

RESOUTION: https://forum.proxmox.com/threads/possible-bug-proxmox-7-active-backup-bond-with-vlan-aware-bridge-causes-no-internet.92529/post-403414