d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
dc8abb06e2bbd33e30803ca59d284ead8ea970c6
proxmox/reports/status/VMID_IP_CONFLICTS_ANALYSIS.md
defiQUG cb47cce074 Complete markdown files cleanup and organization 
- Organized 252 files across project
- Root directory: 187 → 2 files (98.9% reduction)
- Moved configuration guides to docs/04-configuration/
- Moved troubleshooting guides to docs/09-troubleshooting/
- Moved quick start guides to docs/01-getting-started/
- Moved reports to reports/ directory
- Archived temporary files
- Generated comprehensive reports and documentation
- Created maintenance scripts and guides

All files organized according to established standards.
2026-01-06 01:46:25 -08:00

200 lines
6.1 KiB
Markdown
Raw Blame History

# VMID IP Configuration Issues - Analysis
**Date**: 2026-01-02
**Status**: ⚠️ **CRITICAL ISSUES FOUND**
---
## Summary
Analysis of Proxmox container IP configurations has identified **real IP conflicts** and **invalid IP assignments**:
- **4 duplicate IP conflicts** (same IP on same bridge)
- **1 invalid IP** (network address `.0`)
- All conflicts are on `vmbr0` bridge (same L2 network)
---
## Critical Issues
### 1. Duplicate IP Addresses (Same Bridge)
These containers share the same IP address on the same network bridge (`vmbr0`), creating real conflicts:
| IP Address | VMID 1 | Service 1 | VMID 2 | Service 2 | Bridge | Status |
|------------|--------|-----------|--------|-----------|--------|--------|
| **192.168.11.100** | 1000 | besu-validator-1 | 10100 | dbis-postgres-primary | vmbr0 | ⚠️ **CONFLICT** |
| **192.168.11.101** | 1001 | besu-validator-2 | 10101 | dbis-postgres-replica-1 | vmbr0 | ⚠️ **CONFLICT** |
| **192.168.11.150** | 1500 | besu-sentry-1 | 10150 | dbis-api-primary | vmbr0 | ⚠️ **CONFLICT** |
| **192.168.11.151** | 1501 | besu-sentry-2 | 10151 | dbis-api-secondary | vmbr0 | ⚠️ **CONFLICT** |
**Impact**: These containers cannot both be running at the same time without network issues. Only one container can use each IP on the same bridge.
### 2. Invalid IP Address (Network Address)
| VMID | IP Address | Service | Issue | Status |
|------|------------|---------|-------|--------|
| **6400** | 192.168.11.0/24 | indy-1 | Uses network address (`.0`) | ⚠️ **INVALID** |
**Impact**: `.0` is reserved as the network address for a `/24` subnet and should never be assigned to a host. This will cause network routing issues.
---
## Root Cause Analysis
### DBIS Containers (10100-10151)
According to the codebase:
- **DBIS** = Database Infrastructure Services (Core Banking System)
- VMIDs 10100-10151 are planned DBIS containers
- These were configured with IPs that conflict with existing Besu blockchain nodes
- The deployment plan shows these were intended to be deployed, but IP conflicts were not resolved
### Configuration Evidence
From `dbis_core/DEPLOYMENT_PLAN.md`:
```
| Service | VMID | IP Address |
|---------|------|------------|
| PostgreSQL Primary | 10100 | 192.168.11.100 |
| PostgreSQL Replica | 10101 | 192.168.11.101 |
| Backend API Primary | 10150 | 192.168.11.150 |
| Backend API Secondary | 10151 | 192.168.11.151 |
```
**Note**: The deployment plan shows these IPs, but they conflict with existing blockchain infrastructure.
### Current Status
All conflicting containers are currently **running**, which means:
- Only one container per IP is actually reachable
- Network traffic may be misrouted
- Services may be inaccessible
- This is a **production issue** requiring immediate resolution
---
## Recommended Solutions
### Option 1: Reassign DBIS Container IPs (Recommended)
Since the blockchain nodes (1000-1501) are production infrastructure, reassign DBIS containers to unused IPs.
**Suggested IPs for DBIS containers:**
- VMID 10100 → `192.168.11.105` (next available after validators)
- VMID 10101 → `192.168.11.106`
- VMID 10150 → `192.168.11.155` (next available after sentries)
- VMID 10151 → `192.168.11.156`
**Implementation:**
```bash
# Stop the container
pct stop 10100
# Change IP address
pct set 10100 -net0 "name=eth0,bridge=vmbr0,gw=192.168.11.1,ip=192.168.11.105/24,hwaddr=BC:24:11:78:CB:5B,type=veth"
# Update internal configuration if needed
pct start 10100
```
### Option 2: Move DBIS Containers to Separate Bridge/VLAN
If DBIS services need isolation:
- Create a new bridge (e.g., `vmbr1`)
- Configure separate VLAN/subnet for DBIS containers
- Assign DBIS containers to new bridge
### Option 3: Stop Conflicting Containers
If DBIS containers are not in active use:
- Stop VMIDs 10100, 10101, 10150, 10151
- Keep blockchain nodes (1000, 1001, 1500, 1501) active
- Plan IP reassignment when DBIS is needed
### Fix for VMID 6400
Change IP from `.0` to a valid host IP:
```bash
# Stop container
pct stop 6400
# Change to valid IP (e.g., .64 to match pattern)
pct set 6400 -net0 "name=eth0,bridge=vmbr0,gw=192.168.11.1,ip=192.168.11.64/24,hwaddr=BC:24:11:F7:E8:B8,type=veth"
# Start container
pct start 6400
```
---
## Action Items
### Immediate (Critical)
1.**Document conflicts** (this document)
2.**Verify which containers are actually accessible** (test connectivity)
3.**Decide resolution strategy** (reassign IPs, move to separate bridge, or stop containers)
4.**Fix VMID 6400** (change from `.0` to valid IP)
### Short-term
1.**Implement IP reassignment** for DBIS containers
2.**Update deployment documentation** to reflect correct IPs
3.**Update DNS/configuration** if IPs change
4.**Verify network connectivity** after changes
### Long-term
1.**Create IP allocation tracking system**
2.**Implement pre-deployment conflict checks**
3.**Document IP allocation ranges per service**
---
## Verification Commands
### Check for duplicate IPs:
```bash
ssh root@192.168.11.10 '
pct list | awk "NR>1{print \$1}" | while read -r vmid; do
pct config "$vmid" 2>/dev/null | sed -n "s/.*ip=\([^,]*\).*/\$vmid \1/p"
done | sed "s#/.*##" | awk "\$2 != \"dhcp\" && \$2 != \"N/A\"" | \
sort -k2,2 | awk "{ ips[\$2]=ips[\$2] ? ips[\$2] \",\" \$1 : \$1; count[\$2]++ } \
END { for (ip in count) if (count[ip] > 1) print ip \" -> \" ips[ip] }" | sort -V'
```
### Check for invalid IPs (.0, .255):
```bash
ssh root@192.168.11.10 '
pct list | awk "NR>1{print \$1}" | while read -r vmid; do
ip=$(pct config "$vmid" 2>/dev/null | sed -n "s/.*ip=\([^,]*\).*/\1/p")
if [ -n "$ip" ] && [ "$ip" != "dhcp" ]; then
ipbase=${ip%/*}
last=${ipbase##*.}
if [ "$last" = "0" ] || [ "$last" = "255" ]; then
echo "$vmid $ip"
fi
fi
done'
```
### Check container network config:
```bash
pct config <VMID> | grep -E "^net[0-9]+:"
```
---
## References
- `dbis_core/DEPLOYMENT_PLAN.md` - DBIS deployment configuration
- `dbis_core/config/dbis-core-proxmox.conf` - DBIS VMID allocation
- `VMID_IP_ADDRESS_LIST.md` - Complete VMID/IP listing
---
**Last Updated**: 2026-01-02
**Status**: ⚠️ **Action Required**
Reference in New Issue View Git Blame Copy Permalink