From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <t.lamprecht@proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by lists.proxmox.com (Postfix) with ESMTPS id 8052D7180A
 for <pve-user@lists.proxmox.com>; Tue, 29 Jun 2021 11:47:44 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
 by firstgate.proxmox.com (Proxmox) with ESMTP id 67144C230
 for <pve-user@lists.proxmox.com>; Tue, 29 Jun 2021 11:47:14 +0200 (CEST)
Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com
 [94.136.29.106])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by firstgate.proxmox.com (Proxmox) with ESMTPS id A9D79C220
 for <pve-user@lists.proxmox.com>; Tue, 29 Jun 2021 11:47:12 +0200 (CEST)
Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1])
 by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 72A1242B6C;
 Tue, 29 Jun 2021 11:47:12 +0200 (CEST)
Message-ID: <a602b355-4209-6e75-a25c-f7a98418d29e@proxmox.com>
Date: Tue, 29 Jun 2021 11:46:58 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:90.0) Gecko/20100101
 Thunderbird/90.0
Content-Language: en-US
To: Proxmox VE user list <pve-user@lists.proxmox.com>,
 Mark Schouten <mark@tuxis.nl>
References: <5377d815-bde4-9ca8-8584-ff63a6eb27ba@proxmox.com>
 <0d129a03-9a70-e123-5e5a-e7862ef303ac@tuxis.nl>
From: Thomas Lamprecht <t.lamprecht@proxmox.com>
In-Reply-To: <0d129a03-9a70-e123-5e5a-e7862ef303ac@tuxis.nl>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-SPAM-LEVEL: Spam detection results:  0
 AWL 0.574 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 NICE_REPLY_A           -0.001 Looks like a legit reply (A)
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
 URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See
 http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more
 information. [proxmox.com]
Subject: Re: [PVE-User] Proxmox VE 7.0 (beta) released!
X-BeenThere: pve-user@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE user list <pve-user.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-user>, 
 <mailto:pve-user-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-user/>
List-Post: <mailto:pve-user@lists.proxmox.com>
List-Help: <mailto:pve-user-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user>, 
 <mailto:pve-user-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Tue, 29 Jun 2021 09:47:44 -0000

Hi,

On 29.06.21 10:05, Mark Schouten wrote:
> Op 24-06-2021 om 15:16 schreef Martin Maurer:
>> We are pleased to announce the first beta release of Proxmox Virtual Environment 7.0! The 7.x family is based on the great Debian 11 "Bullseye" and comes with a 5.11 kernel, QEMU 6.0, LXC 4.0, OpenZFS 2.0.4.
> 
> I just upgraded a node in our demo cluster and all seemed fine. Except for non-working cluster network. I was unable to ping the node through the cluster interface, pvecm saw no other nodes and ceph was broken.
> 
> However, if I ran tcpdump, ping started working, but not the rest.
> 
> Interesting situation, which I 'fixed' by disabling vlan-aware-bridge for that interface. After the reboot, everything works (AFAICS).
> 
> If Proxmox wants to debug this, feel free to reach out to me, I can grant you access to this node so you can check it out.
> 

Do you have some FW rules regarding MAC-Addresses or the like?
As the MAC-Address selection changed in Proxmox VE 7 due to new default 
n systemd's network link policy, as listed in our known issues[0].

It's now not the one of the first port anymore, but derived from interface
name and `/etc/machine-id`, which in combination should be unique but also
persistent.

But, for some ISO releases (4.0 to 5.3) the machine-id for the installed host
was not always re-generated, which could result in duplication of a MAC for
identical named interfaces on two hosts.
We try to actively catch and fix that on upgrade by checking if the ID is one
of the known static ones (it's just a handful of possible IDs) on upgrade.

But if one cloned an machine (e.g., a colleague run into this in a demo
virtualized PVE test clusters they cloned from a template) that ID will be
duplicated and thus make problems.
That could be easily checked by comparing the `/etc/machine-id` content and
be fixed by re-generation[1].

Just noting that for completness sake, to avoid more investigation if it's
just that.

- Thomas


[0]: https://pve.proxmox.com/wiki/Roadmap#7.0-beta-known-issues
[1]: https://wiki.debian.org/MachineId#machine_id_and_cloned_systems.2C_generating_a_new_machine_id