proxmox/reports/status/VMID_IP_CONFLICTS_ANALYSIS.md

VMID IP Configuration Issues - Analysis

Date: 2026-01-02
Status: ⚠️ CRITICAL ISSUES FOUND

---

Summary

Analysis of Proxmox container IP configurations has identified real IP conflicts and invalid IP assignments:

• 4 duplicate IP conflicts (same IP on same bridge)
• 1 invalid IP (network address .0)
• All conflicts are on vmbr0 bridge (same L2 network)

---

Critical Issues

1. Duplicate IP Addresses (Same Bridge)

These containers share the same IP address on the same network bridge (vmbr0), creating real conflicts:

IP Address	VMID 1	Service 1	VMID 2	Service 2	Bridge	Status
192.168.11.100	1000	besu-validator-1	10100	dbis-postgres-primary	vmbr0	⚠️ CONFLICT
192.168.11.101	1001	besu-validator-2	10101	dbis-postgres-replica-1	vmbr0	⚠️ CONFLICT
192.168.11.150	1500	besu-sentry-1	10150	dbis-api-primary	vmbr0	⚠️ CONFLICT
192.168.11.151	1501	besu-sentry-2	10151	dbis-api-secondary	vmbr0	⚠️ CONFLICT

Impact: These containers cannot both be running at the same time without network issues. Only one container can use each IP on the same bridge.

2. Invalid IP Address (Network Address)

VMID	IP Address	Service	Issue	Status
6400	192.168.11.0/24	indy-1	Uses network address (.0)	⚠️ INVALID

Impact: .0 is reserved as the network address for a /24 subnet and should never be assigned to a host. This will cause network routing issues.

---

Root Cause Analysis

DBIS Containers (10100-10151)

According to the codebase:

• DBIS = Database Infrastructure Services (Core Banking System)
• VMIDs 10100-10151 are planned DBIS containers
• These were configured with IPs that conflict with existing Besu blockchain nodes
• The deployment plan shows these were intended to be deployed, but IP conflicts were not resolved

Configuration Evidence

From dbis_core/DEPLOYMENT_PLAN.md:

| Service | VMID | IP Address |
|---------|------|------------|
| PostgreSQL Primary | 10100 | 192.168.11.100 |
| PostgreSQL Replica | 10101 | 192.168.11.101 |
| Backend API Primary | 10150 | 192.168.11.150 |
| Backend API Secondary | 10151 | 192.168.11.151 |

Note: The deployment plan shows these IPs, but they conflict with existing blockchain infrastructure.

Current Status

All conflicting containers are currently running, which means:

• Only one container per IP is actually reachable
• Network traffic may be misrouted
• Services may be inaccessible
• This is a production issue requiring immediate resolution

---

Recommended Solutions

Option 1: Reassign DBIS Container IPs (Recommended)

Since the blockchain nodes (1000-1501) are production infrastructure, reassign DBIS containers to unused IPs.

Suggested IPs for DBIS containers:

• VMID 10100 → 192.168.11.105 (next available after validators)
• VMID 10101 → 192.168.11.106
• VMID 10150 → 192.168.11.155 (next available after sentries)
• VMID 10151 → 192.168.11.156

Implementation:

# Stop the container
pct stop 10100

# Change IP address
pct set 10100 -net0 "name=eth0,bridge=vmbr0,gw=192.168.11.1,ip=192.168.11.105/24,hwaddr=BC:24:11:78:CB:5B,type=veth"

# Update internal configuration if needed
pct start 10100

Option 2: Move DBIS Containers to Separate Bridge/VLAN

If DBIS services need isolation:

• Create a new bridge (e.g., vmbr1)
• Configure separate VLAN/subnet for DBIS containers
• Assign DBIS containers to new bridge

Option 3: Stop Conflicting Containers

If DBIS containers are not in active use:

• Stop VMIDs 10100, 10101, 10150, 10151
• Keep blockchain nodes (1000, 1001, 1500, 1501) active
• Plan IP reassignment when DBIS is needed

Fix for VMID 6400

Change IP from .0 to a valid host IP:

# Stop container
pct stop 6400

# Change to valid IP (e.g., .64 to match pattern)
pct set 6400 -net0 "name=eth0,bridge=vmbr0,gw=192.168.11.1,ip=192.168.11.64/24,hwaddr=BC:24:11:F7:E8:B8,type=veth"

# Start container
pct start 6400

---

Action Items

Immediate (Critical)

1. ✅ Document conflicts (this document)
2. ⏳ Verify which containers are actually accessible (test connectivity)
3. ⏳ Decide resolution strategy (reassign IPs, move to separate bridge, or stop containers)
4. ⏳ Fix VMID 6400 (change from .0 to valid IP)

Short-term

1. ⏳ Implement IP reassignment for DBIS containers
2. ⏳ Update deployment documentation to reflect correct IPs
3. ⏳ Update DNS/configuration if IPs change
4. ⏳ Verify network connectivity after changes

Long-term

1. ⏳ Create IP allocation tracking system
2. ⏳ Implement pre-deployment conflict checks
3. ⏳ Document IP allocation ranges per service

---

Verification Commands

Check for duplicate IPs:

ssh root@192.168.11.10 '
pct list | awk "NR>1{print \$1}" | while read -r vmid; do
  pct config "$vmid" 2>/dev/null | sed -n "s/.*ip=\([^,]*\).*/\$vmid \1/p"
done | sed "s#/.*##" | awk "\$2 != \"dhcp\" && \$2 != \"N/A\"" | \
sort -k2,2 | awk "{ ips[\$2]=ips[\$2] ? ips[\$2] \",\" \$1 : \$1; count[\$2]++ } \
END { for (ip in count) if (count[ip] > 1) print ip \" -> \" ips[ip] }" | sort -V'

Check for invalid IPs (.0, .255):

ssh root@192.168.11.10 '
pct list | awk "NR>1{print \$1}" | while read -r vmid; do
  ip=$(pct config "$vmid" 2>/dev/null | sed -n "s/.*ip=\([^,]*\).*/\1/p")
  if [ -n "$ip" ] && [ "$ip" != "dhcp" ]; then
    ipbase=${ip%/*}
    last=${ipbase##*.}
    if [ "$last" = "0" ] || [ "$last" = "255" ]; then
      echo "$vmid $ip"
    fi
  fi
done'

Check container network config:

pct config <VMID> | grep -E "^net[0-9]+:"

---

References

• dbis_core/DEPLOYMENT_PLAN.md - DBIS deployment configuration
• dbis_core/config/dbis-core-proxmox.conf - DBIS VMID allocation
• VMID_IP_ADDRESS_LIST.md - Complete VMID/IP listing

---

Last Updated: 2026-01-02
Status: ⚠️ Action Required