From: Alexandre Derumier <aderumier@odiso.com>
Date: Wed, 6 Oct 2021 08:32:20 +0000 (+0200)
Subject: sysctl: disable net.ipv4.igmp_link_local_mcast_reports
X-Git-Url: https://git.proxmox.com/?p=pve-cluster.git;a=commitdiff_plain;h=fa420799297fb0dcf8c17cfc80f038e402899e91

sysctl: disable net.ipv4.igmp_link_local_mcast_reports

currently, when veth or tap interfaces are plugged to bridge,
an igmp v3 report is broadcasted to the network, with the
bridge mac adddress.

Users have reported problems with hetzner for example, blocking the server
because of the unknown mac flooding the network.
https://forum.proxmox.com/threads/proxmox-claiming-mac-address.52601/page-6#post-421676

some traces:

ip addr:

190: fwbr109i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 22:5f:0b:cb:ac:42 brd ff:ff:ff:ff:ff:ff

ebtable log:
Oct  6 09:46:24 kvmformation3 kernel: [437256.753355] MAC-FLOOD-F IN=fwpr109p0 OUT=eno1 MAC source = 22:5f:0b:cb:ac:42 MAC dest = 01:00:5e:00:00:16 proto = 0x0800 IP SRC=0.0.0.0 IP DST=224.0.0.22, IP tos=0xC0, IP proto=2

tcpdump -e -i eno1 igmp
09:53:23.914825 22:5f:0b:cb:ac:42 (oui Unknown) > 01:00:5e:00:00:16 (oui Unknown), ethertype IPv4 (0x0800), length 54: 0.0.0.0 > igmp.mcast.net: igmp v3 report, 1 group record(s)

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---

diff --git a/debian/sysctl.d/10-pve.conf b/debian/sysctl.d/10-pve.conf
index 929698f..85b59b9 100644
--- a/debian/sysctl.d/10-pve.conf
+++ b/debian/sysctl.d/10-pve.conf
@@ -2,4 +2,5 @@ net.bridge.bridge-nf-call-ip6tables = 0
 net.bridge.bridge-nf-call-iptables = 0
 net.bridge.bridge-nf-call-arptables = 0
 net.bridge.bridge-nf-filter-vlan-tagged = 0
+net.ipv4.igmp_link_local_mcast_reports = 0
 fs.aio-max-nr = 1048576