currently, when veth or tap interfaces are plugged to bridge, an igmp v3 report is broadcasted to the network, with the bridge mac adddress.
Users have reported problems with hetzner for example, blocking the server because of the unknown mac flooding the network. https://forum.proxmox.com/threads/proxmox-claiming-mac-address.52601/page-6#post-421676 some traces: ip addr: 190: fwbr109i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether 22:5f:0b:cb:ac:42 brd ff:ff:ff:ff:ff:ff ebtable log: Oct 6 09:46:24 kvmformation3 kernel: [437256.753355] MAC-FLOOD-F IN=fwpr109p0 OUT=eno1 MAC source = 22:5f:0b:cb:ac:42 MAC dest = 01:00:5e:00:00:16 proto = 0x0800 IP SRC=0.0.0.0 IP DST=224.0.0.22, IP tos=0xC0, IP proto=2 tcpdump -e -i eno1 igmp 09:53:23.914825 22:5f:0b:cb:ac:42 (oui Unknown) > 01:00:5e:00:00:16 (oui Unknown), ethertype IPv4 (0x0800), length 54: 0.0.0.0 > igmp.mcast.net: igmp v3 report, 1 group record(s) Signed-off-by: Alexandre Derumier <aderum...@odiso.com> --- debian/sysctl.d/pve.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/debian/sysctl.d/pve.conf b/debian/sysctl.d/pve.conf index 929698f..85b59b9 100644 --- a/debian/sysctl.d/pve.conf +++ b/debian/sysctl.d/pve.conf @@ -2,4 +2,5 @@ net.bridge.bridge-nf-call-ip6tables = 0 net.bridge.bridge-nf-call-iptables = 0 net.bridge.bridge-nf-call-arptables = 0 net.bridge.bridge-nf-filter-vlan-tagged = 0 +net.ipv4.igmp_link_local_mcast_reports = 0 fs.aio-max-nr = 1048576 -- 2.30.2 _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
