[Users] OVZ 7 network issues (vz host stops answering arp requests)

jjs - mainphrame jjs at mainphrame.com
Wed Dec 16 13:22:10 PST 2015 

Greetings -

I've just seen another loss of container network connectivity, with the
same symptoms observed previously: the CTs could send packets out to the
world, but the world was unable to respond because the vz host had stopped
answering arp requests for the host routed containers. But the difference
was that the CT configured with it's own physical ethernet device was not
affected, which is what I expected.

>From what I can tell looking at syslog entries it looks like network
manager may be mucking things up. I'm going to remove it entirely and see
how things run.

Regards,

Joe

On Mon, Dec 14, 2015 at 4:29 PM, jjs - mainphrame <jjs at mainphrame.com>
wrote:

> Greetings,
>
> I'm not sure if my openvz issues are baffling everyone, or merely boring
> them.
>
> I've made a configuration change which should provide additional data when
> the next network outage occurs. I removed the venet IP from one CT and
> added a physical ethernet device, which is now configured with the IP which
> was formerly host routed. I'm interested to see if this CT remains
> connected when the next failure occurs with the host routed IP in the other
> CT.
>
> I'll report what I find.
>
> Regards,
>
> Joe
>
>
>
>
> On Mon, Dec 14, 2015 at 10:27 AM, jjs - mainphrame <jjs at mainphrame.com>
> wrote:
>
>> Thank you for the sanity check. It does act like an arp cache expiration
>> issue.
>>
>> But what is puzzling to me is that in my humble setup here there is not
>> much in the way of network equipment. The only components here in my office
>> are a few x86_64 boxes and a low end, unmanaged 8 port Trendnet switch.
>>
>>  As a reference points, VZ servers were in production 24-7 at the company
>> I left in 2013, and there was never any such outage in any of the dozens of
>> VEs in the 3 years I was there.
>>
>> I have seen discussions about a loss of kvm connectivity through centos
>> hosts, so this is looking like it might be related.
>>
>> I'll have to wait some days or weeks for the next failure and then try to
>> gather more info.
>>
>> Regards,
>>
>> Joe
>>
>> On Mon, Dec 14, 2015 at 9:51 AM, Konstantin Bukharov <bkb at virtuozzo.com>
>> wrote:
>>
>>> Hello,
>>>
>>>
>>>
>>> From symptoms, it looks like ARP cache expiration issue.
>>>
>>> Please check ARP cache settings on your network equipment.
>>>
>>>
>>>
>>> We haven’t seen such massive reports.
>>>
>>>
>>>
>>> Best regards,
>>>
>>>
>>>
>>> *From:* users-bounces at openvz.org [mailto:users-bounces at openvz.org] *On
>>> Behalf Of *jjs - mainphrame
>>> *Sent:* Saturday, December 12, 2015 6:18
>>> *To:* users at openvz.org
>>> *Subject:* [Users] OVZ 7 network issues (vz host stops answering arp
>>> requests)
>>>
>>>
>>>
>>> Greetings,
>>>
>>>
>>>
>>> I've been running some servers in OVZ 7 containers for some months now,
>>> and I'm happy with reliability and performance, with the exception of an
>>> occasional loss of ct network connectivity.
>>>
>>> From time to time, I'll get a xymon alert that all containers are
>>> unreachable. The cts are all using host routing. What I see, when I examine
>>> any affected ct, is this:
>>>
>>>
>>>
>>>
>>>
>>> The container no longer responds to ping, even from the local lan.
>>>
>>> The vz host and container can connect to each other
>>>
>>> The container can not reach anything beyond the host.
>>>
>>>
>>>
>>> When I enter the container and ping another box, the pings are received,
>>> but the box can not return the pings as the arp request goes unanswered.
>>> For some reason the vz host forgets about the cts, and it's always all of
>>> them. This is 2 Centos 7 boxes, running OVZ 7 beta and OVZ 7 factory
>>>
>>>
>>>
>>> Doing a vzctl restart on each affected ct restores connectivity. Has
>>> anyone else seen this issue?
>>>
>>>
>>>
>>> Regards,
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at openvz.org
>>> https://lists.openvz.org/mailman/listinfo/users
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openvz.org/pipermail/users/attachments/20151216/3275d314/attachment.html>

More information about the Users mailing list