----- Original Message ----- > From: "Frank Wall" <[email protected]> > To: "Moti Asayag" <[email protected]> > Cc: [email protected] > Sent: Thursday, October 17, 2013 4:33:51 PM > Subject: Re: [Users] Guest to guest multicast > > Hi Moti, > > On 17.10.2013 15:08, Moti Asayag wrote: > > Could you try disabling the filter, restart the vms and re-run the test > > ? > > 1. On the ovirt-engine run: engine-config -s > > EnableMACAntiSpoofingFilterRules=false --cver=3.3 > > (if you're using ovirt-engine 3.2, make sure to specify it in the > > --cver= option). > > 2. Restart the ovirt-engine service > > 3. Restart the vms > > 4. Re-run the test > > YES! This solved the VRRP problem. THANK YOU! > > At some point I was already suspecting that ebtables and the > Anti-Spoofing > rules would be causing my problem, because I could see them in the XML > configuration of my VMs, but a "ebtables -L" did not show any rule. So I > kept on searching...
you should have specify the 'nat' table name and then you'd see the entire rules: ebtables -t nat -L > > My question is: How would I find these Anti-Spoofing rules that > oVirt applies to each VM? Just want to find out at which point my > debugging went into the wrong direction ;-) > ovirt applies the same rules for all of the vm. A custom nwfilter rule named 'vdsm-no-mac-spoofing' is being created by vdsm when it starts. To see it contents requires using 'virsh' on the node: virsh -r nwfilter-dumpxml vdsm-no-mac-spoofing <uuid>c05471a7-9dee-6021-32e3-5d70e7617fc5</uuid> <filterref filter='no-mac-spoofing'/> <filterref filter='no-arp-mac-spoofing'/> </filter> where the 2 rules are predefined by libvirt's nwfilter. > > Thanks > - Frank > _______________________________________________ Users mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/users
