# VMID IP Configuration Issues - Analysis **Date**: 2026-01-02 **Status**: ⚠️ **CRITICAL ISSUES FOUND** --- ## Summary Analysis of Proxmox container IP configurations has identified **real IP conflicts** and **invalid IP assignments**: - **4 duplicate IP conflicts** (same IP on same bridge) - **1 invalid IP** (network address `.0`) - All conflicts are on `vmbr0` bridge (same L2 network) --- ## Critical Issues ### 1. Duplicate IP Addresses (Same Bridge) These containers share the same IP address on the same network bridge (`vmbr0`), creating real conflicts: | IP Address | VMID 1 | Service 1 | VMID 2 | Service 2 | Bridge | Status | |------------|--------|-----------|--------|-----------|--------|--------| | **192.168.11.100** | 1000 | besu-validator-1 | 10100 | dbis-postgres-primary | vmbr0 | ⚠️ **CONFLICT** | | **192.168.11.101** | 1001 | besu-validator-2 | 10101 | dbis-postgres-replica-1 | vmbr0 | ⚠️ **CONFLICT** | | **192.168.11.150** | 1500 | besu-sentry-1 | 10150 | dbis-api-primary | vmbr0 | ⚠️ **CONFLICT** | | **192.168.11.151** | 1501 | besu-sentry-2 | 10151 | dbis-api-secondary | vmbr0 | ⚠️ **CONFLICT** | **Impact**: These containers cannot both be running at the same time without network issues. Only one container can use each IP on the same bridge. ### 2. Invalid IP Address (Network Address) | VMID | IP Address | Service | Issue | Status | |------|------------|---------|-------|--------| | **6400** | 192.168.11.0/24 | indy-1 | Uses network address (`.0`) | ⚠️ **INVALID** | **Impact**: `.0` is reserved as the network address for a `/24` subnet and should never be assigned to a host. This will cause network routing issues. --- ## Root Cause Analysis ### DBIS Containers (10100-10151) According to the codebase: - **DBIS** = Database Infrastructure Services (Core Banking System) - VMIDs 10100-10151 are planned DBIS containers - These were configured with IPs that conflict with existing Besu blockchain nodes - The deployment plan shows these were intended to be deployed, but IP conflicts were not resolved ### Configuration Evidence From `dbis_core/DEPLOYMENT_PLAN.md`: ``` | Service | VMID | IP Address | |---------|------|------------| | PostgreSQL Primary | 10100 | 192.168.11.100 | | PostgreSQL Replica | 10101 | 192.168.11.101 | | Backend API Primary | 10150 | 192.168.11.150 | | Backend API Secondary | 10151 | 192.168.11.151 | ``` **Note**: The deployment plan shows these IPs, but they conflict with existing blockchain infrastructure. ### Current Status All conflicting containers are currently **running**, which means: - Only one container per IP is actually reachable - Network traffic may be misrouted - Services may be inaccessible - This is a **production issue** requiring immediate resolution --- ## Recommended Solutions ### Option 1: Reassign DBIS Container IPs (Recommended) Since the blockchain nodes (1000-1501) are production infrastructure, reassign DBIS containers to unused IPs. **Suggested IPs for DBIS containers:** - VMID 10100 → `192.168.11.105` (next available after validators) - VMID 10101 → `192.168.11.106` - VMID 10150 → `192.168.11.155` (next available after sentries) - VMID 10151 → `192.168.11.156` **Implementation:** ```bash # Stop the container pct stop 10100 # Change IP address pct set 10100 -net0 "name=eth0,bridge=vmbr0,gw=192.168.11.1,ip=192.168.11.105/24,hwaddr=BC:24:11:78:CB:5B,type=veth" # Update internal configuration if needed pct start 10100 ``` ### Option 2: Move DBIS Containers to Separate Bridge/VLAN If DBIS services need isolation: - Create a new bridge (e.g., `vmbr1`) - Configure separate VLAN/subnet for DBIS containers - Assign DBIS containers to new bridge ### Option 3: Stop Conflicting Containers If DBIS containers are not in active use: - Stop VMIDs 10100, 10101, 10150, 10151 - Keep blockchain nodes (1000, 1001, 1500, 1501) active - Plan IP reassignment when DBIS is needed ### Fix for VMID 6400 Change IP from `.0` to a valid host IP: ```bash # Stop container pct stop 6400 # Change to valid IP (e.g., .64 to match pattern) pct set 6400 -net0 "name=eth0,bridge=vmbr0,gw=192.168.11.1,ip=192.168.11.64/24,hwaddr=BC:24:11:F7:E8:B8,type=veth" # Start container pct start 6400 ``` --- ## Action Items ### Immediate (Critical) 1. ✅ **Document conflicts** (this document) 2. ⏳ **Verify which containers are actually accessible** (test connectivity) 3. ⏳ **Decide resolution strategy** (reassign IPs, move to separate bridge, or stop containers) 4. ⏳ **Fix VMID 6400** (change from `.0` to valid IP) ### Short-term 1. ⏳ **Implement IP reassignment** for DBIS containers 2. ⏳ **Update deployment documentation** to reflect correct IPs 3. ⏳ **Update DNS/configuration** if IPs change 4. ⏳ **Verify network connectivity** after changes ### Long-term 1. ⏳ **Create IP allocation tracking system** 2. ⏳ **Implement pre-deployment conflict checks** 3. ⏳ **Document IP allocation ranges per service** --- ## Verification Commands ### Check for duplicate IPs: ```bash ssh root@192.168.11.10 ' pct list | awk "NR>1{print \$1}" | while read -r vmid; do pct config "$vmid" 2>/dev/null | sed -n "s/.*ip=\([^,]*\).*/\$vmid \1/p" done | sed "s#/.*##" | awk "\$2 != \"dhcp\" && \$2 != \"N/A\"" | \ sort -k2,2 | awk "{ ips[\$2]=ips[\$2] ? ips[\$2] \",\" \$1 : \$1; count[\$2]++ } \ END { for (ip in count) if (count[ip] > 1) print ip \" -> \" ips[ip] }" | sort -V' ``` ### Check for invalid IPs (.0, .255): ```bash ssh root@192.168.11.10 ' pct list | awk "NR>1{print \$1}" | while read -r vmid; do ip=$(pct config "$vmid" 2>/dev/null | sed -n "s/.*ip=\([^,]*\).*/\1/p") if [ -n "$ip" ] && [ "$ip" != "dhcp" ]; then ipbase=${ip%/*} last=${ipbase##*.} if [ "$last" = "0" ] || [ "$last" = "255" ]; then echo "$vmid $ip" fi fi done' ``` ### Check container network config: ```bash pct config | grep -E "^net[0-9]+:" ``` --- ## References - `dbis_core/DEPLOYMENT_PLAN.md` - DBIS deployment configuration - `dbis_core/config/dbis-core-proxmox.conf` - DBIS VMID allocation - `VMID_IP_ADDRESS_LIST.md` - Complete VMID/IP listing --- **Last Updated**: 2026-01-02 **Status**: ⚠️ **Action Required**