<div dir="ltr">Update - <br><br>It appears to be fairly straightforward to enable forwarding with firewalld in RHEL 9, so hopefully a plain vanilla openvz 9 will be able to do everything we need to do.<br><br>Looking forward to OVZ 9, will be happy to beta test<br><br>Jake<br><br><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sat, Dec 31, 2022 at 2:31 PM jjs - mainphrame <<a href="mailto:jjs@mainphrame.com">jjs@mainphrame.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Curious side note - <br><br>Replacing firewalld with ufw allows traffic to be forwarded by the container. I gather that firewalld was designed for a workstation or a laptop, not a multi-homed server. That, and the version of firewalld on RHEL 7 is rather old.<br><br>In any case, all of the "direct" firewalld rules that should have done the trick haven't done so.<br><br>I'm curious to see if the newer version of firewalld that comes with RHEL 9 will be any more cooperative on this front.<br><br>Jake</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Dec 26, 2022 at 12:36 PM jjs - mainphrame <<a href="mailto:jjs@mainphrame.com" target="_blank">jjs@mainphrame.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Greetings - <br><br>It's 2022, I have a new set of openvz servers, and once again, disabling NetworkManager was the key to solving a nagging, intermittent network problem.<br><br>I recently added interfaces to the openvz servers to connect them to other networks, and while everything seemed to work initially, the bridges kept going down mysteriously. <br><br>I tried removing and rebuilding the bridges, the networks, the virtual interfaces, seeing the bridge come up, and then syslog showing NetworkManager was taking the bridge down for vague and inscrutable reasons, I disabled NetworkManager, and voila. No more bridge problems. <br><br>It seems to me that NetworkManager doesn't add any value for a server, only additional failure modes. Perhaps it's a solution in search of a problem, as they say?<br><br>Jake</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Dec 31, 2015 at 1:15 PM jjs - mainphrame <<a href="mailto:jjs@mainphrame.com" target="_blank">jjs@mainphrame.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Greetings -<div><br></div><div>It's been 2 weeks of flawless network connectivity to all containers after completely removing network manager, even after attempts to induce the sort of failure that were seen when network manager was running,.</div><div><br></div><div>At this point, it's clear that network manager was the problem, and the old saw is confirmed: "simple is safe".</div><div><br></div><div>Happy new year to all who were following this question.</div><div><br></div><div>Joe</div><div><br></div><div><br></div><div><br></div><div><br></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Dec 14, 2015 at 9:51 AM, Konstantin Bukharov <span dir="ltr"><<a href="mailto:bkb@virtuozzo.com" target="_blank">bkb@virtuozzo.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div lang="EN-US"><div><p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">Hello,<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">From symptoms, it looks like ARP cache expiration issue.<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">Please check ARP cache settings on your network equipment.<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">We haven’t seen such massive reports.<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">Best regards, <u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"><u></u> <u></u></span></p><p class="MsoNormal"><b><span style="font-size:11pt;font-family:Calibri,sans-serif">From:</span></b><span style="font-size:11pt;font-family:Calibri,sans-serif"> <a href="mailto:users-bounces@openvz.org" target="_blank">users-bounces@openvz.org</a> [mailto:<a href="mailto:users-bounces@openvz.org" target="_blank">users-bounces@openvz.org</a>] <b>On Behalf Of </b>jjs - mainphrame<br><b>Sent:</b> Saturday, December </span><span lang="RU" style="font-size:11pt;font-family:Calibri,sans-serif">12, 2015 6:18<br><b>To:</b> <a href="mailto:users@openvz.org" target="_blank">users@openvz.org</a><br><b>Subject:</b> [Users] OVZ 7 network issues (vz host stops answering arp requests)<u></u><u></u></span></p><div><div><p class="MsoNormal"><u></u> <u></u></p><div><p class="MsoNormal">Greetings, <u></u><u></u></p><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">I've been running some servers in OVZ 7 containers for some months now, and I'm happy with reliability and performance, with the exception of an occasional loss of ct network connectivity.<br><br>From time to time, I'll get a xymon alert that all containers are unreachable. The cts are all using host routing. What I see, when I examine any affected ct, is this:<u></u><u></u></p></div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">The container no longer responds to ping, even from the local lan.<u></u><u></u></p></div><div><p class="MsoNormal">The vz host and container can connect to each other <u></u><u></u></p></div><div><p class="MsoNormal">The container can not reach anything beyond the host.<u></u><u></u></p></div><div><p class="MsoNormal"><u></u> <u></u></p><div><p class="MsoNormal">When I enter the container and ping another box, the pings are received, but the box can not return the pings as the arp request goes unanswered. For some reason the vz host forgets about the cts, and it's always all of them. This is 2 Centos 7 boxes, running OVZ 7 beta and OVZ 7 factory<u></u><u></u></p></div></div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">Doing a vzctl restart on each affected ct restores connectivity. Has anyone else seen this issue?<u></u><u></u></p></div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">Regards,<u></u><u></u></p></div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal"><u></u> <u></u></p></div></div></div></div></div></div><br>_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@openvz.org" target="_blank">Users@openvz.org</a><br>
<a href="https://lists.openvz.org/mailman/listinfo/users" rel="noreferrer" target="_blank">https://lists.openvz.org/mailman/listinfo/users</a><br>
<br></blockquote></div><br></div></div>
</blockquote></div>
</blockquote></div>
</blockquote></div>