[ovirt-users] Re: newbie questions on networking
Getting weirder. I reinstalled a third node from scratch with no bonding and my VM works fine. To answer an earlier question, we're not configuring any bonding on the data center switches so I've stuck to bonding modes like round robin, active/stand-by, and XOR. I've mostly been using XOR. Where it gets weird is if I switch the bonding mode from XOR to active/stand-by, a VM on that host can see the real world. And if I switch it from active/stand-by back to XOR, it still works. I'm currently running three nodes, all with bonded interfaces in XOR mode, and all is well. I wish I knew why. Randy ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org
Re: [ovirt-users] newbie questions on networking
I installed the ovirt node to standalone interfaces, then created the bond via the ovirt-node webui at port 9090, before adding the node to the cluster. The DHCP server happens to be in the same subnet but no, I can't ping it as I can't ping anything beyond the physical interfaces of the hosts. I've added a third host and can also ping that from the VM on node 1. For a hoot also spun up a new CentOS VM in case this was an OS problem. Same results. And when the two VMs are on different hosts, they can't ping each other. When I migrate one so they're both on the same host, they can each ping each other. On 5/7/2018 1:58 PM, Dominik Holler wrote: On Mon, 7 May 2018 11:43:51 -0700 "Rue, Randy" <randy...@gmail.com> wrote: I've sort of had some progress. On Friday I went to the dentist and when I returned, my VM could ping google. I don't believe I changed anything Friday morning but I confess I've been flailing on this for so long I'm not keeping detailed notes on what I change. And as I'm evaluating oVirt as a possible replacement for our production xencenter/xenserver systems, I need to know what was wrong and what fixed it. I reinstalled the ovirt-engine box and two hosts and started again. The only change I've made beyond the default is to remove the no-mac-spoofing filter from the ovirtmgmt vNIC profile so there are no filters applied. At this point I'm back to an ubuntu LTS server VM that again, is getting a DHCP IP address, nameserver entries in resolv.conf, and "route" shows correct local routing for addresses on the same subnet and the correct gateway for the rest of the world. The VM is even registering its hostname in our DNS correctly. And I can ping the static IP of the host the VM is on, but not the subnet gateway or anything in the real world. Can you ping the DHCP server? Two things I haven't mentioned that I haven't seen anything in the docs about. My ovirt-engine box is on a different subnet than my hosts, and my hosts are using a bonded pair of physical interfaces (XOR mode) for their single LAN connection. Was the bond created before adding the hosts to oVirt, or after adding the hosts via oVirt web UI? If the switch requires configuration for the bond, is this applied? Can you check if the VM can ping the getaway, if you use a simple Ethernet connection instead of the bond? Did I miss something in the docs where these are a problem? Dominik, to answer your thoughts earlier: * name resolution isn't happening at all, the VM can't reach a DNS server * I don't manage the data center network gear but am pretty sure there's no configuration that blocks traffic. This is supported by my temporary success on Friday. And we also have other virtualization hosts (VMWare hosts) in the same subnet, that forward traffic to/from their VMs just fine. OK, L3 seems to work now sometimes. * tcpdump on the host's ovirtmgmt interface is pretty noisy but if I grep for the ubuntu DDNS name I see a slew of ARP requests. I can see pings to the host's IP address, and attempts to SSH from the VM to its host. Any attempt to touch anything past the host shows nothing on any interface in tcpdump, not a ping to the subnet gateway, not an SSH attempt, not a DNS query or a ping to known IP address. The outgoing ARP requests looks like the traffic of the VM is forwarded to ovirtmgmt. Do you see ARP reply to the VM? Maybe the VM fails to get the MAC address of the gateway. * hot damn, here's a clue! I can ping other oVirt hosts! (by IP only) I also tried pinging the ovirt-engine box, wasn't surprised when that failed as the VM would need to reach the gateway to get to the different subnet. So it appears that even though I've set up the ovirtmgmt network using defaults, and it has the "VM Network" option checked, my logical network is still set to only allow traffic between the VMs and hosts. What am I missing? -randy ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] newbie questions on networking
Looks like the physical interface on the host and the virtual interface on the VM are both at the default 1500 MTU. How can I determine the MTU setting for the physical switches without admin access to them? Or do I need to ask the network team? On 5/7/2018 2:03 PM, Clint Boggio wrote: Randy this flaky layer two problem reeks of a possible MTU situation between your oVirt switches and your physical switches. On May 7, 2018, at 3:59 PM, Dominik Holler <dhol...@redhat.com> wrote: On Mon, 7 May 2018 11:43:51 -0700 "Rue, Randy" <randy...@gmail.com> wrote: I've sort of had some progress. On Friday I went to the dentist and when I returned, my VM could ping google. I don't believe I changed anything Friday morning but I confess I've been flailing on this for so long I'm not keeping detailed notes on what I change. And as I'm evaluating oVirt as a possible replacement for our production xencenter/xenserver systems, I need to know what was wrong and what fixed it. I reinstalled the ovirt-engine box and two hosts and started again. The only change I've made beyond the default is to remove the no-mac-spoofing filter from the ovirtmgmt vNIC profile so there are no filters applied. At this point I'm back to an ubuntu LTS server VM that again, is getting a DHCP IP address, nameserver entries in resolv.conf, and "route" shows correct local routing for addresses on the same subnet and the correct gateway for the rest of the world. The VM is even registering its hostname in our DNS correctly. And I can ping the static IP of the host the VM is on, but not the subnet gateway or anything in the real world. Can you ping the DHCP server? Two things I haven't mentioned that I haven't seen anything in the docs about. My ovirt-engine box is on a different subnet than my hosts, and my hosts are using a bonded pair of physical interfaces (XOR mode) for their single LAN connection. Was the bond created before adding the hosts to oVirt, or after adding the hosts via oVirt web UI? If the switch requires configuration for the bond, is this applied? Can you check if the VM can ping the getaway, if you use a simple Ethernet connection instead of the bond? Did I miss something in the docs where these are a problem? Dominik, to answer your thoughts earlier: * name resolution isn't happening at all, the VM can't reach a DNS server * I don't manage the data center network gear but am pretty sure there's no configuration that blocks traffic. This is supported by my temporary success on Friday. And we also have other virtualization hosts (VMWare hosts) in the same subnet, that forward traffic to/from their VMs just fine. OK, L3 seems to work now sometimes. * tcpdump on the host's ovirtmgmt interface is pretty noisy but if I grep for the ubuntu DDNS name I see a slew of ARP requests. I can see pings to the host's IP address, and attempts to SSH from the VM to its host. Any attempt to touch anything past the host shows nothing on any interface in tcpdump, not a ping to the subnet gateway, not an SSH attempt, not a DNS query or a ping to known IP address. The outgoing ARP requests looks like the traffic of the VM is forwarded to ovirtmgmt. Do you see ARP reply to the VM? Maybe the VM fails to get the MAC address of the gateway. * hot damn, here's a clue! I can ping other oVirt hosts! (by IP only) I also tried pinging the ovirt-engine box, wasn't surprised when that failed as the VM would need to reach the gateway to get to the different subnet. So it appears that even though I've set up the ovirtmgmt network using defaults, and it has the "VM Network" option checked, my logical network is still set to only allow traffic between the VMs and hosts. What am I missing? -randy ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] newbie questions on networking
I've sort of had some progress. On Friday I went to the dentist and when I returned, my VM could ping google. I don't believe I changed anything Friday morning but I confess I've been flailing on this for so long I'm not keeping detailed notes on what I change. And as I'm evaluating oVirt as a possible replacement for our production xencenter/xenserver systems, I need to know what was wrong and what fixed it. I reinstalled the ovirt-engine box and two hosts and started again. The only change I've made beyond the default is to remove the no-mac-spoofing filter from the ovirtmgmt vNIC profile so there are no filters applied. At this point I'm back to an ubuntu LTS server VM that again, is getting a DHCP IP address, nameserver entries in resolv.conf, and "route" shows correct local routing for addresses on the same subnet and the correct gateway for the rest of the world. The VM is even registering its hostname in our DNS correctly. And I can ping the static IP of the host the VM is on, but not the subnet gateway or anything in the real world. Two things I haven't mentioned that I haven't seen anything in the docs about. My ovirt-engine box is on a different subnet than my hosts, and my hosts are using a bonded pair of physical interfaces (XOR mode) for their single LAN connection. Did I miss something in the docs where these are a problem? Dominik, to answer your thoughts earlier: * name resolution isn't happening at all, the VM can't reach a DNS server * I don't manage the data center network gear but am pretty sure there's no configuration that blocks traffic. This is supported by my temporary success on Friday. And we also have other virtualization hosts (VMWare hosts) in the same subnet, that forward traffic to/from their VMs just fine. * tcpdump on the host's ovirtmgmt interface is pretty noisy but if I grep for the ubuntu DDNS name I see a slew of ARP requests. I can see pings to the host's IP address, and attempts to SSH from the VM to its host. Any attempt to touch anything past the host shows nothing on any interface in tcpdump, not a ping to the subnet gateway, not an SSH attempt, not a DNS query or a ping to known IP address. * hot damn, here's a clue! I can ping other oVirt hosts! (by IP only) I also tried pinging the ovirt-engine box, wasn't surprised when that failed as the VM would need to reach the gateway to get to the different subnet. So it appears that even though I've set up the ovirtmgmt network using defaults, and it has the "VM Network" option checked, my logical network is still set to only allow traffic between the VMs and hosts. What am I missing? -randy ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] newbie questions on networking
And Hi Again Again, I still haven't received any copies of the first two emails I sent to this list. Is this list moderated, or do new members require some approval before their posts will be forwarded (but will still make it to the archives)? If so, should I have gotten some reply explaining this when I subscribed? I can ping the VM from the host. Can also SSH from the host to the VM. Oddly, I can SSH from the VM to the host but it's flaky. After some time in the docs it appears the network I want is the "VM Network," and that the ovirtmgmt network is this by default. This option is checked for my ovirtmgmt network. So why can't my VM see the real world? Hoping to hear from you. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] newbie questions on networking
Hi Again, I'm not sure if my first post yesterday went through, I can see it in the list archives but I didn't receive a copy and I've confirmed my list settings include me getting a copy of my own posts. In any case, nobody has replied and unless I'm the only guy that needs my VMs to talk to the rest of the world I assume someone else knows how to fix this. I've read and re-read the Quick Start Guide, Installation Guide and Administration Guide even though they appear to describe an earlier version. If I've overlooked the answer and this is an RTFM issue, feel free to tell me so but I'd be grateful if you'd also tell me exactly which part of the FM to read. Again, my VM is getting an IP address and nameserver settings from the DHCP service running on the server room subnet the oVirt host sits in. From the Vm, I can ping the static IP of the host the vm is on, but not anything else on the server room subnet including the other hosts or the subnet's gateway. The "route" command sits for about 10 seconds before completing but eventually shows two rows, one for default with the correct local gateway and one for the local subnet. All appears to be well on the VM, the problem appears to be the host is not passing traffic. The dialogue for the interface on the host shows some logos on the ovirtmgmt network that's assigned to it, including a green "VM" tile. Is this the "outside" role for commodity connections to a VM? I've also spent some time rooting around different parts of the admin interface and found some settings under the ovirtmgmt network's vNIC Profiles for the "Network Filter." Tried changing that to "allow IPv4" and then to "No Network Filter" with no change. I hope to hear from you soon. randy in Seattle ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] newbie questions on networking
Hi All, I'm new to oVirt and have set up a basic cluster of an engine and five hosts, using the quick start and default settings as much as possible. I confess it's taken some heavy flailing to get this far, the docs all seem to be for the previous versions and the latest greatest appears to be significantly different. I now have a working data center / cluster /hosts and a bouncing baby ubuntu server LTS VM. My VM is getting a DHCP address and nameservers from the data center the hosts sit in. But from the VM I can only ping the IP of the host the VM is on. Can't reach the gateway of the local subnet, or anything in the real world. Am I missing some step? the "Quick Start" doesn't say much beyond "The ovirtmgmt Management network is used for this document, however if you wish to create new logical networks see the oVirt Administration Guide." The admin guide has information on creating new networks but I'm not spotting the parts I need to connect my VM to the real world. Or how to attach another network to the host if all NICs are in use. Short Version: * Is some change needed to allow VMs on the ovirtmgmt network to connect to the real world? If so, what? * Is the ovirtmgmt network not meant for "commodity" use, and instead I should have some other network? If so, how do I connect that to the real LAN/WAN, and how do I replace the ovirtmgmt with it? (my hosts each only have two NICs bonded in a pair). Hope to hear from you, Randy in Seattle ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
