d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
master
proxmox/docs/04-configuration/NPMPLUS_CONNECTIVITY_TEST_RESULTS.md
defiQUG fbda1b4beb
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Details
docs: Ledger Live integration, contract deploy learnings, NEXT_STEPS updates 
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands
- CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround
- CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check
- NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere
- MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates
- LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-12 15:46:57 -08:00

5.2 KiB
Raw Permalink Blame History

NPMplus Connectivity Test Results

Last Updated: 2026-01-31
Document Version: 1.0
Status: Active Documentation

Date: 2025-01-20
Container: 10233 (NPMplus)
IP: 192.168.11.166

Test Results Summary

What's Working

  • Container has correct IP: 192.168.11.166/24
  • Gateway (192.168.11.1) is reachable from container
  • Container routing table is correct
  • Veth interface is on VLAN 11 (vmbr0v11)
  • Proxmox hosts can reach backend services
  • ARP responses from container to gateway work

What's Not Working

  • Container cannot reach ANY backend services (0/7)
  • Container ARP table is empty (no neighbor entries)
  • ARP requests from container to other hosts appear to be blocked
  • Ping shows "Destination Host Unreachable" immediately

Detailed Test Results

Test 1: Proxmox Host Connectivity

  • Host: 192.168.11.11
  • Results: 4/7 services reachable
  • Failed: VMIDs 10130, 10150, 10151 (on same host)
  • Working: VMIDs 5000, 7811 (on 192.168.11.12), 2501, 2502 (on 192.168.11.10)

Finding: Proxmox host can reach services on OTHER hosts, but not on itself. This suggests host-local routing issue.

Test 2: NPMplus Container Connectivity

  • Container: 10233
  • IP: 192.168.11.166
  • Results: 0/7 services reachable
  • Error: "Destination Host Unreachable" (not "No route to host")

Finding: Container can't reach ANY backend services, even though routing table is correct.

Test 3: Gateway Connectivity

  • Gateway: 192.168.11.1 (UDM Pro)
  • Status: Reachable from container
  • ARP: Gateway can ARP container, container responds

Finding: Gateway connectivity works, ARP resolution works for gateway.

Test 4: ARP Analysis

  • Container ARP Table: Empty (no entries)
  • Gateway ARP: Works (gateway can resolve container MAC)
  • Backend ARP: Container never sends ARP requests for backend services

Finding: Container ARP requests to backend services are not leaving the container or are being blocked.

Test 5: Veth Interface Configuration

  • Interface: veth10233i0
  • Master: vmbr0v11 (VLAN 11 sub-interface)
  • VLAN: Configured for VLAN 11 (PVID)
  • Status: UP, LOWER_UP

Finding: Veth interface is correctly configured for VLAN 11.

Root Cause Analysis

Primary Issue: ARP Resolution Failure

The container cannot resolve MAC addresses for backend services. Evidence:

  1. Container ARP table is empty (no neighbor entries)
  2. Ping shows "Destination Host Unreachable" immediately (suggests ARP failure, not routing failure)
  3. tcpdump shows no ARP requests from container to backend services
  4. Gateway ARP works (proves ARP mechanism works for gateway)

Possible Causes

  1. UDM Pro Firewall Blocking ARP

    • UDM Pro may be blocking ARP requests from containers
    • Check firewall rules for ARP (protocol type)
    • Check if "Network Isolation" is enabled for VLAN 11

  2. Proxmox Bridge ARP Filtering

    • Bridge may not be forwarding ARP requests properly
    • Check bridge ARP filtering settings
    • Check if VLAN sub-interface (vmbr0v11) has correct ARP forwarding

  3. VLAN Sub-interface Issue

    • Traffic may not be properly routed through VLAN sub-interface
    • vmbr0v11 may not be forwarding traffic correctly
    • May need to use bridge VLAN filtering instead of sub-interface

  4. Host-local Routing Issue

    • Proxmox host can't reach containers on itself
    • Suggests host-local routing configuration issue
    • May need to configure host routing for container networks

Recommended Next Steps

Priority 1: Check UDM Pro Firewall Rules

  1. Access UDM Pro web UI: https://192.168.11.1
  2. Check firewall rules blocking:
    • Source: 192.168.11.166 or 192.168.11.0/24
    • Destination: 192.168.11.0/24
    • Protocol: ARP or all protocols
  3. Check "Network Isolation" setting for VLAN 11
  4. Verify inter-VLAN routing is enabled

Priority 2: Check Proxmox Bridge Configuration

  1. Verify bridge ARP forwarding is enabled
  2. Check if VLAN sub-interface is configured correctly
  3. Consider using bridge VLAN filtering instead of sub-interface

Priority 3: Test Alternative Network Configuration

  1. Try removing VLAN tagging temporarily to test if VLAN is the issue
  2. Test with container on untagged bridge
  3. Compare behavior with working containers

Test Commands

Check ARP Resolution

# From container
ssh root@192.168.11.11 "pct exec 10233 -- ip neigh show"

# Clear ARP cache and retry
ssh root@192.168.11.11 "pct exec 10233 -- ip neigh flush all && pct exec 10233 -- ping -c 1 192.168.11.1 && pct exec 10233 -- ip neigh show"

Monitor ARP Traffic

# On Proxmox host
ssh root@192.168.11.11 "tcpdump -i veth10233i0 -n arp"

# On VLAN sub-interface
ssh root@192.168.11.11 "tcpdump -i vmbr0v11 -n arp"

Check Bridge Configuration

# Check veth interface
ssh root@192.168.11.11 "bridge link show veth10233i0"

# Check VLAN configuration
ssh root@192.168.11.11 "bridge vlan show veth10233i0"

Status

🔴 BLOCKED - ARP resolution failure preventing container from reaching backend services

Next Action: Check UDM Pro firewall rules and network isolation settings for VLAN 11

Reference in New Issue View Git Blame Copy Permalink