docs/archive/deployment-reports/INTERNET_CONNECTIVITY_TEST_REPORT.md

# Internet Connectivity Test Report

**Date:** 2026-01-20  
**Test Type:** Comprehensive Internet Connectivity Review  
**Containers Tested:** 7800 (API), 7801 (Portal), 7802 (Keycloak), 7803 (PostgreSQL)

---

## Executive Summary

**Status:** ❌ **CONNECTIVITY ISSUES DETECTED**

All containers are configured correctly but **cannot reach gateway or internet**. The host can reach the gateway, indicating the issue is with container-to-bridge communication.

---

## Test Results Summary

| Container | Service | IP | Status | Gateway | Host | Internet | DNS | HTTP/HTTPS |
|-----------|---------|----|----|---------|------|----------|-----|------------|
| 7800 | API | 192.168.11.50 | ✅ Running | ❌ FAIL | ❌ FAIL | ❌ FAIL | ❌ FAIL | ❌ FAIL |
| 7801 | Portal | 192.168.11.51 | ✅ Running | ❌ FAIL | ❌ FAIL | ❌ FAIL | ❌ FAIL | ❌ FAIL |
| 7802 | Keycloak | 192.168.11.52 | ✅ Running | ❌ FAIL | ❌ FAIL | ❌ FAIL | ❌ FAIL | ❌ FAIL |
| 7803 | PostgreSQL | 192.168.11.53 | ✅ Running | ❌ FAIL | ❌ FAIL | ❌ FAIL | ❌ FAIL | ❌ FAIL |

---

## Detailed Test Results

### ✅ Container Status
- **All containers:** Running
- **All IPs:** Correctly assigned (192.168.11.50-53)
- **All interfaces:** UP and configured

### ✅ Network Configuration
- **Bridge:** vmbr0v11 (UP)
- **Subnet:** 192.168.11.0/24
- **Gateway:** 192.168.11.1
- **Routing:** Default routes configured correctly

### ✅ DNS Configuration
- **All containers:** Using 192.168.11.1 as nameserver
- **Note:** DNS will fail if gateway is unreachable

### ❌ Connectivity Tests

#### Gateway Connectivity (192.168.11.1)
- **7800:** ❌ FAIL
- **7801:** ❌ FAIL
- **7802:** ❌ FAIL
- **7803:** ❌ FAIL
- **Host:** ✅ OK (host can reach gateway)

#### Host Connectivity (192.168.11.11)
- **All containers:** ❌ FAIL (cannot reach Proxmox host)

#### Internet Connectivity (8.8.8.8)
- **All containers:** ❌ FAIL

#### DNS Resolution
- **All containers:** ❌ FAIL (cannot resolve google.com)

#### HTTP/HTTPS Connectivity
- **All containers:** ❌ FAIL

#### Package Repository Access
- **All containers:** ❌ FAIL (cannot update packages)

---

## Network Interface Details

### Container Network Interfaces
All containers have eth0 interfaces that are:
- **State:** UP
- **MTU:** 1500
- **Type:** veth (virtual ethernet)

### Host Bridge Status
- **vmbr0v11:** UP and operational
- **Note:** Bridge has no IP address (normal for LXC bridges)

---

## Routing Information

### Container Routing Tables
All containers have correct routing:
```
default via 192.168.11.1 dev eth0 proto static
192.168.11.0/24 dev eth0 proto kernel scope link src <container-ip>
```

---

## Root Cause Analysis

### Issue Identified
**Containers cannot communicate through vmbr0v11 bridge**

### Possible Causes

1. **VLAN Tagging Issue:**
   - Containers may need VLAN tag configuration
   - vmbr0v11 might not be properly forwarding untagged traffic
   - VLAN 11 interface on router may require tagged traffic

2. **Bridge Configuration:**
   - vmbr0v11 may need additional configuration
   - Bridge may not be forwarding packets correctly
   - Firewall rules may be blocking traffic

3. **Router/Gateway Configuration:**
   - Gateway 192.168.11.1 may not accept traffic from containers
   - VLAN 11 interface may not be configured on router
   - Inter-VLAN routing may be disabled

4. **Network Isolation:**
   - VLAN 11 may have network isolation enabled
   - Firewall rules may block container-to-gateway communication
   - ACL rules may prevent inter-VLAN communication

---

## Recommendations

### Immediate Actions

1. **Check Router Configuration:**
   ```bash
   # Verify VLAN 11 interface exists on router
   # Check if gateway 192.168.11.1 responds to VLAN 11 traffic
   # Verify inter-VLAN routing is enabled
   ```

2. **Check Bridge Configuration:**
   ```bash
   # Verify vmbr0v11 is properly configured
   # Check if bridge needs VLAN tagging
   # Verify bridge forwarding is enabled
   ```

3. **Test Inter-Container Communication:**
   ```bash
   # Test if containers can reach each other
   # This will help isolate if issue is with bridge or gateway
   ```

4. **Check Firewall Rules:**
   ```bash
   # Verify firewall allows VLAN 11 traffic
   # Check if containers are blocked by firewall
   # Verify ACL rules allow container communication
   ```

### Configuration Options

#### Option 1: Use vmbr0 (Native VLAN 11)
If containers should be on native VLAN 11 (untagged):
```bash
# Change bridge from vmbr0v11 to vmbr0
# This assumes vmbr0 is on VLAN 11
pct set <vmid> -net0 bridge=vmbr0,name=eth0,ip=<ip>/24,gw=192.168.11.1
```

#### Option 2: Configure VLAN Tagging
If containers need VLAN 11 tagged:
```bash
# Add VLAN tag to container network
pct set <vmid> -net0 bridge=vmbr0,name=eth0,tag=11,ip=<ip>/24,gw=192.168.11.1
```

#### Option 3: Use Host as Gateway
If router gateway is not accessible:
```bash
# Configure host to route for containers
# Enable IP forwarding on host
# Configure NAT if needed
```

---

## Test Commands Reference

### Check Container IPs
```bash
ssh root@192.168.11.11 "for vmid in 7800 7801 7802 7803; do echo \"VMID \$vmid:\"; pct exec \$vmid -- ip -4 addr show eth0 | grep -oP '(?<=inet\s)\d+(\.\d+){3}'; done"
```

### Test Gateway
```bash
ssh root@192.168.11.11 "for vmid in 7800 7801 7802 7803; do echo -n \"VMID \$vmid -> 192.168.11.1: \"; pct exec \$vmid -- ping -c 1 -W 2 192.168.11.1 >/dev/null 2>&1 && echo 'OK' || echo 'FAIL'; done"
```

### Test Inter-Container
```bash
ssh root@192.168.11.11 "pct exec 7803 -- ping -c 1 192.168.11.50 && echo '7803 -> 7800: OK'"
```

### Check Bridge Status
```bash
ssh root@192.168.11.11 "ip link show vmbr0v11"
```

### Check Routing
```bash
ssh root@192.168.11.11 "pct exec 7803 -- ip route show"
```

---

## Next Steps

1. **Investigate Bridge Configuration:**
   - Check if vmbr0v11 needs VLAN tagging
   - Verify bridge forwarding rules
   - Test with different bridge configuration

2. **Check Router Configuration:**
   - Verify VLAN 11 interface on router
   - Check inter-VLAN routing settings
   - Verify firewall/ACL rules

3. **Test Alternative Configurations:**
   - Try using vmbr0 instead of vmbr0v11
   - Test with VLAN tagging
   - Test with host routing

4. **Document Resolution:**
   - Document working configuration
   - Update deployment scripts
   - Update network documentation

---

**Report Generated:** 2026-01-20  
**Status:** ❌ Connectivity Issues - Requires Investigation  
**Priority:** 🔴 High - Blocks service deployment
docs: Ledger Live integration, contract deploy learnings, NEXT_STEPS updates - ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands - CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround - CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check - NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere - MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates - LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference Co-authored-by: Cursor <cursoragent@cursor.com> 2026-02-12 15:46:57 -08:00			`# Internet Connectivity Test Report`

			`Date: 2026-01-20`
			`Test Type: Comprehensive Internet Connectivity Review`
			`Containers Tested: 7800 (API), 7801 (Portal), 7802 (Keycloak), 7803 (PostgreSQL)`

			`---`

			`## Executive Summary`

			`Status: ❌ CONNECTIVITY ISSUES DETECTED`

			`All containers are configured correctly but cannot reach gateway or internet. The host can reach the gateway, indicating the issue is with container-to-bridge communication.`

			`---`

			`## Test Results Summary`

			`\| Container \| Service \| IP \| Status \| Gateway \| Host \| Internet \| DNS \| HTTP/HTTPS \|`
			`\|-----------\|---------\|----\|----\|---------\|------\|----------\|-----\|------------\|`
			`\| 7800 \| API \| 192.168.11.50 \| ✅ Running \| ❌ FAIL \| ❌ FAIL \| ❌ FAIL \| ❌ FAIL \| ❌ FAIL \|`
			`\| 7801 \| Portal \| 192.168.11.51 \| ✅ Running \| ❌ FAIL \| ❌ FAIL \| ❌ FAIL \| ❌ FAIL \| ❌ FAIL \|`
			`\| 7802 \| Keycloak \| 192.168.11.52 \| ✅ Running \| ❌ FAIL \| ❌ FAIL \| ❌ FAIL \| ❌ FAIL \| ❌ FAIL \|`
			`\| 7803 \| PostgreSQL \| 192.168.11.53 \| ✅ Running \| ❌ FAIL \| ❌ FAIL \| ❌ FAIL \| ❌ FAIL \| ❌ FAIL \|`

			`---`

			`## Detailed Test Results`

			`### ✅ Container Status`
			`- All containers: Running`
			`- All IPs: Correctly assigned (192.168.11.50-53)`
			`- All interfaces: UP and configured`

			`### ✅ Network Configuration`
			`- Bridge: vmbr0v11 (UP)`
			`- Subnet: 192.168.11.0/24`
			`- Gateway: 192.168.11.1`
			`- Routing: Default routes configured correctly`

			`### ✅ DNS Configuration`
			`- All containers: Using 192.168.11.1 as nameserver`
			`- Note: DNS will fail if gateway is unreachable`

			`### ❌ Connectivity Tests`

			`#### Gateway Connectivity (192.168.11.1)`
			`- 7800: ❌ FAIL`
			`- 7801: ❌ FAIL`
			`- 7802: ❌ FAIL`
			`- 7803: ❌ FAIL`
			`- Host: ✅ OK (host can reach gateway)`

			`#### Host Connectivity (192.168.11.11)`
			`- All containers: ❌ FAIL (cannot reach Proxmox host)`

			`#### Internet Connectivity (8.8.8.8)`
			`- All containers: ❌ FAIL`

			`#### DNS Resolution`
			`- All containers: ❌ FAIL (cannot resolve google.com)`

			`#### HTTP/HTTPS Connectivity`
			`- All containers: ❌ FAIL`

			`#### Package Repository Access`
			`- All containers: ❌ FAIL (cannot update packages)`

			`---`

			`## Network Interface Details`

			`### Container Network Interfaces`
			`All containers have eth0 interfaces that are:`
			`- State: UP`
			`- MTU: 1500`
			`- Type: veth (virtual ethernet)`

			`### Host Bridge Status`
			`- vmbr0v11: UP and operational`
			`- Note: Bridge has no IP address (normal for LXC bridges)`

			`---`

			`## Routing Information`

			`### Container Routing Tables`
			`All containers have correct routing:`
			```
			`default via 192.168.11.1 dev eth0 proto static`
			`192.168.11.0/24 dev eth0 proto kernel scope link src <container-ip>`
			```

			`---`

			`## Root Cause Analysis`

			`### Issue Identified`
			`Containers cannot communicate through vmbr0v11 bridge`

			`### Possible Causes`

			`1. VLAN Tagging Issue:`
			`- Containers may need VLAN tag configuration`
			`- vmbr0v11 might not be properly forwarding untagged traffic`
			`- VLAN 11 interface on router may require tagged traffic`

			`2. Bridge Configuration:`
			`- vmbr0v11 may need additional configuration`
			`- Bridge may not be forwarding packets correctly`
			`- Firewall rules may be blocking traffic`

			`3. Router/Gateway Configuration:`
			`- Gateway 192.168.11.1 may not accept traffic from containers`
			`- VLAN 11 interface may not be configured on router`
			`- Inter-VLAN routing may be disabled`

			`4. Network Isolation:`
			`- VLAN 11 may have network isolation enabled`
			`- Firewall rules may block container-to-gateway communication`
			`- ACL rules may prevent inter-VLAN communication`

			`---`

			`## Recommendations`

			`### Immediate Actions`

			`1. Check Router Configuration:`
			```bash
			`# Verify VLAN 11 interface exists on router`
			`# Check if gateway 192.168.11.1 responds to VLAN 11 traffic`
			`# Verify inter-VLAN routing is enabled`
			```

			`2. Check Bridge Configuration:`
			```bash
			`# Verify vmbr0v11 is properly configured`
			`# Check if bridge needs VLAN tagging`
			`# Verify bridge forwarding is enabled`
			```

			`3. Test Inter-Container Communication:`
			```bash
			`# Test if containers can reach each other`
			`# This will help isolate if issue is with bridge or gateway`
			```

			`4. Check Firewall Rules:`
			```bash
			`# Verify firewall allows VLAN 11 traffic`
			`# Check if containers are blocked by firewall`
			`# Verify ACL rules allow container communication`
			```

			`### Configuration Options`

			`#### Option 1: Use vmbr0 (Native VLAN 11)`
			`If containers should be on native VLAN 11 (untagged):`
			```bash
			`# Change bridge from vmbr0v11 to vmbr0`
			`# This assumes vmbr0 is on VLAN 11`
			`pct set <vmid> -net0 bridge=vmbr0,name=eth0,ip=<ip>/24,gw=192.168.11.1`
			```

			`#### Option 2: Configure VLAN Tagging`
			`If containers need VLAN 11 tagged:`
			```bash
			`# Add VLAN tag to container network`
			`pct set <vmid> -net0 bridge=vmbr0,name=eth0,tag=11,ip=<ip>/24,gw=192.168.11.1`
			```

			`#### Option 3: Use Host as Gateway`
			`If router gateway is not accessible:`
			```bash
			`# Configure host to route for containers`
			`# Enable IP forwarding on host`
			`# Configure NAT if needed`
			```

			`---`

			`## Test Commands Reference`

			`### Check Container IPs`
			```bash
			`ssh root@192.168.11.11 "for vmid in 7800 7801 7802 7803; do echo \"VMID \$vmid:\"; pct exec \$vmid -- ip -4 addr show eth0 \| grep -oP '(?<=inet\s)\d+(\.\d+){3}'; done"`
			```

			`### Test Gateway`
			```bash
			`ssh root@192.168.11.11 "for vmid in 7800 7801 7802 7803; do echo -n \"VMID \$vmid -> 192.168.11.1: \"; pct exec \$vmid -- ping -c 1 -W 2 192.168.11.1 >/dev/null 2>&1 && echo 'OK' \|\| echo 'FAIL'; done"`
			```

			`### Test Inter-Container`
			```bash
			`ssh root@192.168.11.11 "pct exec 7803 -- ping -c 1 192.168.11.50 && echo '7803 -> 7800: OK'"`
			```

			`### Check Bridge Status`
			```bash
			`ssh root@192.168.11.11 "ip link show vmbr0v11"`
			```

			`### Check Routing`
			```bash
			`ssh root@192.168.11.11 "pct exec 7803 -- ip route show"`
			```

			`---`

			`## Next Steps`

			`1. Investigate Bridge Configuration:`
			`- Check if vmbr0v11 needs VLAN tagging`
			`- Verify bridge forwarding rules`
			`- Test with different bridge configuration`

			`2. Check Router Configuration:`
			`- Verify VLAN 11 interface on router`
			`- Check inter-VLAN routing settings`
			`- Verify firewall/ACL rules`

			`3. Test Alternative Configurations:`
			`- Try using vmbr0 instead of vmbr0v11`
			`- Test with VLAN tagging`
			`- Test with host routing`

			`4. Document Resolution:`
			`- Document working configuration`
			`- Update deployment scripts`
			`- Update network documentation`

			`---`

			`Report Generated: 2026-01-20`
			`Status: ❌ Connectivity Issues - Requires Investigation`
			`Priority: 🔴 High - Blocks service deployment`