vm with openvswitch+KVM can not access extranal network, can ping gateway
Cloudstack4.1.1
A: one kvm host ubuntu12.04 with openvswitch,
B: xen server6.0,
C: one kvm host centos with openvswitch
in cloudstack have two network.
Guestvlan301 Isolated 192.168.31.0/24 ,Egress rule, 0.0.0.0/0 all
Guestvlan300 Isolated 192.168.31.0/24 ,Egress rule, 0.0.0.0/0 all
①:vrouter301 run on Xen, Public IP Address 192.168.240.54 Guest IP
Address 192.168.31.1
vm in vlan301 ,can ping gateway 192.168.31.1 and can access
internet. vm can run on kvm or xen, both ok.
②:vronter300 run on Kvm with openvswitch, Public IP Address
192.168.240.53 Guest IP Address 192.168.30.1
vm in vlan300 ,can ping gateway 192.168.30.1, but can not access
internet. vrouter can access internet.
how to make vm under kvm+openvswitch to access outside network and internet
[root@centos-kvm01 libvirt]# ovs-vsctl show
7cb5f505-7ac1-4403-9f9d-101882ed7bad
Bridge kvmmgt
Port kvmmgt
Interface kvmmgt
type: internal
Port "eth0"
Interface "eth0"
Bridge "cloudbr0"
Port "cloudbr0"
Interface "cloudbr0"
type: internal
Port "eth1"
Interface "eth1" ## Eth1 uplink port is Esxi
vswitch in promiscuous mode, Xen server Eth1 uplink this too, can
work fine ; Kvm use native bridge work fine too.
Port "vnet3"
tag: 240
Interface "vnet3"
Port "vnet0"
tag: 301
Interface "vnet0"
Port "vnet1"
tag: 300
Interface "vnet1"
Port "vnet4"
tag: 240
Interface "vnet4"
Bridge "cloud0"
Port "cloud0"
Interface "cloud0"
type: internal
Port "vnet2"
Interface "vnet2"
Bridge storage
Port "eth2"
Interface "eth2"
Port storage
Interface storage
type: internal
ovs_version: "1.10.0"
i do the test,
one VM 192.168.30.90 run ping 192.168.123.1
vrouter 192.168.30.1(outside IP 192.168.240.53 vlan 240) run ping
www.google.com
[root@centos-kvm01 ~]# ovs-dpctl dump-flows |grep 30.90
in_port(9),eth(src=02:00:07:94:00:09,dst=02:00:3c:30:00:06),eth_type(0x0806),arp(sip=192.168.30.1,tip=192.168.30.90,op=2,sha=02:00:07:94:00:09,tha=02:00:3c:30:00:06),
packets:0, bytes:0, used:never, actions:push_vlan(vid=300,pcp=0),5
in_port(11),eth(src=06:28:b6:00:01:20,dst=00:50:56:97:5c:55),eth_type(0x0800),ipv4(src=192.168.30.90,dst=192.168.123.1,proto=1,tos=0,ttl=63,frag=no),icmp(type=8,code=0),
packets:5855, bytes:573790, used:0.810s,
actions:push_vlan(vid=240,pcp=0),5
in_port(5),eth(src=02:00:3c:30:00:06,dst=02:00:07:94:00:09),eth_type(0x8100),vlan(vid=300,pcp=0),encap(eth_type(0x0806),arp(sip=192.168.30.90,tip=192.168.30.1,op=1,sha=02:00:3c:30:00:06,tha=00:00:00:00:00:00)),
packets:0, bytes:0, used:never, actions:pop_vlan,9
in_port(5),eth(src=02:00:3c:30:00:06,dst=02:00:07:94:00:09),eth_type(0x8100),vlan(vid=300,pcp=0),encap(eth_type(0x0800),ipv4(src=192.168.30.90,dst=192.168.123.1,proto=1,tos=0,ttl=64,frag=no),icmp(type=8,code=0)),
packets:5855, bytes:597210, used:0.809s, actions:pop_vlan,9
###### actions:push_vlan(vid=240,pcp=0),5 , this is maybe have
some problem !!!!!!! is it??
[root@centos-kvm01 ~]# ovs-dpctl dump-flows |grep 240.53
in_port(11),eth(src=06:28:b6:00:01:20,dst=00:50:56:97:5c:55),eth_type(0x0800),ipv4(src=192.168.240.53,dst=74.125.128.105,proto=1,tos=0,ttl=64,frag=no),icmp(type=8,code=0),
packets:6167, bytes:604366, used:0.486s,
actions:push_vlan(vid=240,pcp=0),5
in_port(5),eth(src=00:50:56:97:5c:55,dst=06:28:b6:00:01:20),eth_type(0x8100),vlan(vid=240,pcp=0),encap(eth_type(0x0806),arp(sip=192.168.240.1,tip=192.168.240.53,op=1,sha=00:50:56:97:5c:55,tha=00:00:00:00:00:00)),
packets:0, bytes:0, used:never, actions:pop_vlan,11
in_port(5),eth(src=00:50:56:97:5c:55,dst=06:28:b6:00:01:20),eth_type(0x8100),vlan(vid=240,pcp=0),encap(eth_type(0x0800),ipv4(src=74.125.128.105,dst=192.168.240.53,proto=1,tos=0,ttl=49,frag=no),icmp(type=0,code=0)),
packets:6059, bytes:618018, used:0.450s, actions:pop_vlan,11
in_port(11),eth(src=06:28:b6:00:01:20,dst=00:50:56:97:5c:55),eth_type(0x0806),arp(sip=192.168.240.53,tip=192.168.240.1,op=2,sha=06:28:b6:00:01:20,tha=00:50:56:97:5c:55),
packets:0, bytes:0, used:never, actions:push_vlan(vid=240,pcp=0),5
