Linux – Instabilities with Bridged and bonded interfaces

bondingbridgedebiankvm-virtualizationlinux

I did post yesterday to get a working setup with several bridged interfaces used for virtual machines (KVM/libvirt).

One of the bridged interface is just using eth3 as its ports while the second one (public traffic) is using an ethernet bonded interface.

That setup is working but not all the time ! I can start a download from a vm, then it will stop and freeze!

So I don't know if my bridge parameters are correct, could you check the below config ?

iface eth3 inet manual

auto bond0
iface bond0 inet manual
    slaves eth1 eth2
    pre-up ip link set bond0 up
    down ip link set bond0 down

auto br0
iface br0 inet static
    address 10.160.0.7
    netmask 255.255.255.128
    bridge_ports eth3
    bridge_fd 9
    bridge_hello 2
    bridge_maxage 12
    bridge_stp on

auto br0:1
iface br0:1 inet static
    address 10.160.0.9
    netmask 255.255.255.255

auto br0:2
iface br0:2 inet static
    address 10.160.0.10
    netmask 255.255.255.255

auto br1
iface br1 inet static
    address 217.4.40.242
    netmask 255.255.255.240
    gateway 217.4.40.241
    pre-up /etc/network/firewall start
    bridge_ports bond0
    bridge_fd 9
    bridge_hello 2
    bridge_maxage 12
    bridge_stp on

auto br1:1
iface br1:1 inet static
    address 217.4.40.252
    netmask 255.255.255.255

auto br1:2
iface br1:2 inet static
    address 217.4.40.253
    netmask 255.255.255.255

And yes, it also sometimes speaks about martian on the host:

kernel: [249146.055172] martian source 10.160.0.17 from 10.160.0.10, on dev vnet2
kernel: [249146.073122] ll header: ff:ff:ff:ff:ff:ff:54:52:00:76:c3:5c:08:06

Best Answer

Sounds like a problem that I'm facing.
This is the example WORKING config of bridged-bonding configuration for KVM, but it utilizes only one interface same time. Maybe it depends on switch (used Planet GSD-802S and HP V1910). I'm using this at two locations (with different hardware and switches).

cat /etc/modprobe.d/bonding.conf
alias bond0 bonding options bonding mode=802.3ad miimon=100 downdelay=200 updelay=200 ad_select=0 lacp_rate=fast

cat /etc/network/interfaces
auto lo iface lo inet loopback


The bonded network interface
auto bond0

iface bond0 inet manual

bond-slaves none

bond-mode   802.3ad

bond-miimon 100

bond_lacp_rate fast

bond_ad_select 0

up /sbin/ifenslave bond0 eth1 eth2

down /sbin/ifenslave bond0 -d eth1 eth2

Enslave all the physical interfaces
Card #1 Nvidia Gigabit onboard
auto eth1

iface eth1 inet manual

bond-master bond0

Card #2 Intel PRO/1000 F Server Adapter - FIBER
auto eth2

iface eth2 inet manual

bond-master bond0

Bridge to LAN for virtual network KVM
auto br0

iface br0 inet static

address 10.0.0.254

netmask 255.255.255.0

network 10.0.0.0

broadcast 10.0.0.255

gateway 10.0.0.1

dns-nameservers 10.0.0.1 8.8.8.8

bridge-ports  bond0

bridge-fd     9

bridge-hello  2

bridge-maxage 12

bridge-stp    off

Card #3 - Internet modem
auto eth0

iface eth0 inet manual

Bridge for virtual network KVM - modem

iface br1 inet manual bridge_ports eth0 bridge_stp off bridge_fd 0 bridge_maxwait 0 metric 1 auto br1

Related Solutions

Linux – Issue with multiple bridging for KVM hosts

You have multiple interfaces with addresses on the same subnet with similar netmasks. The odds are a different route is being used for different packets, causing confusion. If you look at the output of

ip route show

You've probably got multiple default gateways as a result. For each set of IPs on the same subnet, give one of them the netmask you have, and the rest a netmask of 255.255.255.255. Those other interfaces will then only be used for packets originating or destined for that address and not others on the subnet.

Linux – KVM/Libvirt bridged/routed networking not working on newer guest kernels

Ok, I have found the solution myself. Apparently, the article on the Hetzner wiki wasn't complete. Redirects were still being sent, resulting in Hetzner (where we have our server) blocking the traffic. I am not sure how it had to do with what kernel version the guests were running, if someone can explain that I would very much like to hear it.

You can find out if you suffer from the same problem by executing the following command:

for file in `find /proc/ -iname send_redirects`; do echo $file; cat $file; done

which outputs something like:

/proc/sys/net/ipv4/conf/all/send_redirects
0
/proc/sys/net/ipv4/conf/default/send_redirects
1
/proc/sys/net/ipv4/conf/lo/send_redirects
1
/proc/sys/net/ipv4/conf/eth0/send_redirects
0
/proc/sys/net/ipv4/conf/br0/send_redirects
1
/proc/sys/net/ipv4/conf/vnet1/send_redirects
1
/proc/sys/net/ipv4/conf/vnet0/send_redirects
1
/proc/sys/net/ipv4/conf/virbr0/send_redirects
1
/proc/sys/net/ipv4/conf/virbr0-nic/send_redirects
1
/proc/sys/net/ipv4/conf/vnet2/send_redirects
1
/proc/sys/net/ipv4/conf/vnet3/send_redirects
1

I have to admit I do not know which ones should or should not be 0, but I have set them all to 0, and now it works fine, so I'll leave it at that.

for file in `find /proc/ -iname send_redirects`; do echo 0 > $file; done

Best Answer

The bonded network interface

Enslave all the physical interfaces

Card #1 Nvidia Gigabit onboard

Card #2 Intel PRO/1000 F Server Adapter - FIBER

Bridge to LAN for virtual network KVM

Card #3 - Internet modem

Bridge for virtual network KVM - modem

Related Solutions

Linux – Issue with multiple bridging for KVM hosts

Linux – KVM/Libvirt bridged/routed networking not working on newer guest kernels

Related Topic