On Fri, May 6, 2016 at 11:07 PM, Will Dennis <wden...@nec-labs.com> wrote:
> That’s in iptables, right? I have iptables disabled on my oVirt nodes... > No, it's a L2 filter libvirt sets up, I believe using ebtables. Y. > > > *From:* Yaniv Kaul [mailto:yk...@redhat.com] > *Sent:* Friday, May 06, 2016 3:50 PM > *To:* Will Dennis > *Subject:* Re: [ovirt-users] virt-in-virt problem: DHCP failing for a > container in a oVirt VM > > > > Long shot - you need to disable the EnableMACAntiSpoofingFilterRules . > > Y. > > > > On Fri, May 6, 2016 at 8:27 PM, Will Dennis <wden...@nec-labs.com> wrote: > > Hi all, > > > > Have an interesting problem – I am running a VM in oVirt that is running > Proxmox VE 4.1 OS, which I have spun up a container on. The container is > set for DHCP, and I have verified that it is sending Discover packets as > normal, and that these packets are making it out of the Proxmox VM to the > oVirt bridge (which is attached to a VLAN sub-interface of a bond > interface.) However, these packets do NOT make it past the oVirt bridge. > The interesting thing is that the Proxmox VM (as well as any other VM I > spin up on oVirt) works fine with DHCP. (I also have other oVirt VMs > instantiated which are using LXD to spin up containers, and I have the same > problem with those as well.) I checked a bunch of stuff, and the only clue > I could find is that it seems that the oVirt bridge is not learning the MAC > for the container on the VM, even though it does learn the VM’s MAC, but I > can capture DHCP traffic coming from the container off the ‘vnet0’ > interface which is joined to that bridge... > > > > Info: > > > > ===== off Proxmox VM ===== > > > > Container's MAC address: 32:62:65:61:65:33 > > > > root@proxmox-02:~# ip link sh > > 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode > DEFAULT group default > > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > > 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast > master vmbr0 state UP mode DEFAULT group default qlen 1000 > > link/ether 00:1a:4a:16:01:57 brd ff:ff:ff:ff:ff:ff > > 3: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state > UP mode DEFAULT group default > > link/ether 00:1a:4a:16:01:57 brd ff:ff:ff:ff:ff:ff > > 7: veth100i0@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc > pfifo_fast master vmbr0 state UP mode DEFAULT group default qlen 1000 > > link/ether fe:50:4f:3c:bd:b8 brd ff:ff:ff:ff:ff:ff link-netnsid 0 > <<< veth connection to container > > > > root@proxmox-02:~# brctl showmacs vmbr0 > > port no mac addr is local? ageing timer > > 1 00:12:3f:24:a4:54 no 112.88 > > 1 00:1a:4a:16:01:56 no 0.02 > > 1 00:1a:4a:16:01:57 yes 0.00 > > 1 00:1a:4a:16:01:57 yes 0.00 > > 1 00:24:50:dd:a2:05 no 1.37 > > 1 18:03:73:e3:be:5a no 21.04 > > 1 18:03:73:e3:ca:24 no 4.23 > > 1 18:03:73:e3:cb:5b no 48.41 > > 1 18:03:73:e3:cc:e5 no 91.93 > > 1 18:03:73:e3:cd:b8 no 151.04 > > 1 18:03:73:e3:ce:43 no 0.80 > > 1 18:03:73:e3:d0:a4 no 290.74 > > 1 18:03:73:e3:d4:26 no 34.06 > > 1 18:03:73:e3:d5:3d no 6.36 > > 1 18:03:73:e4:23:08 no 88.76 > > 1 18:03:73:e4:25:92 no 111.86 > > 1 18:03:73:e4:26:2f no 9.54 > > 1 18:03:73:e4:2b:4c no 114.86 > > 1 18:03:73:e4:31:15 no 263.91 > > 1 18:03:73:e4:6c:19 no 6.36 > > 1 18:03:73:e4:7e:0a no 103.06 > > 1 18:03:73:e8:16:e0 no 23.21 > > 2 32:62:65:61:65:33 no 5.08 <<< container’s > MAC learned on Proxmox bridge > > 1 34:17:eb:9b:e0:29 no 265.22 > > 1 34:17:eb:9b:f8:ea no 114.86 > > 1 44:d3:ca:7e:3c:ff no 0.00 > > 1 78:2b:cb:3b:ca:b9 no 284.70 > > 1 78:2b:cb:92:cb:cb no 279.70 > > 1 78:2b:cb:93:08:a8 no 287.05 > > 1 b8:ca:3a:7a:70:63 no 4.83 > > 1 f8:bc:12:69:bb:a3 no 121.82 > > 2 fe:50:4f:3c:bd:b8 yes 0.00 > > 2 fe:50:4f:3c:bd:b8 yes 0.00 > > > > ===== off oVirt node that has Proxmox VM ==== > > > > (relevant lines from ‘ip link show’) > > 2: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue > state UP mode DEFAULT > > 3: enp4s0f0: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc > pfifo_fast master bond0 state UP mode DEFAULT qlen 1000 > > 4: enp4s0f1: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc > pfifo_fast master bond0 state UP mode DEFAULT qlen 1000 > > 8: bond0.169@bond0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc > noqueue master 169-net state UP mode DEFAULT > > 10: bond0.180@bond0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc > noqueue master 180-net state UP mode DEFAULT > > 12: bond0.207@bond0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc > noqueue master 207-net state UP mode DEFAULT > > 13: 207-net: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue > state UP mode DEFAULT > > 30: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast > master 207-net state UNKNOWN mode DEFAULT qlen 500 <<< veth connection to > Proxmox VM > > 31: vnet1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast > master 207-net state UNKNOWN mode DEFAULT qlen 500 > > > > [root@ovirt-node-03 ~]# brctl show > > bridge name bridge id STP enabled interfaces > > 169-net 8000.0015177be9da no bond0.169 > > 180-net 8000.0015177be9da no bond0.180 > > 207-net 8000.0015177be9da no bond0.207 > > vnet0 > > vnet1 > > ;vdsmdummy; 8000.000000000000 no > > ovirtmgmt 8000.00218535086a no enp12s0f0 > > > > > > [root@ovirt-node-03 ~]# tcpdump -i vnet0 -vvv -s 1500 '(port 67 or port > 68)' > > tcpdump: WARNING: vnet0: no IPv4 address assigned > > tcpdump: listening on vnet0, link-type EN10MB (Ethernet), capture size > 1500 bytes > > 12:52:07.628571 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto > UDP (17), length 328) > > 0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, > Request from 32:62:65:61:65:33 (oui Unknown), length 300, xid 0x9efc4849, > secs 94, Flags [none] (0x0000) > > Client-Ethernet-Address 32:62:65:61:65:33 (oui Unknown) > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > Vendor-rfc1048 Extensions > > Magic Cookie 0x63825363 > > DHCP-Message Option 53, length 1: Discover > > Hostname Option 12, length 5: "test1" > > Parameter-Request Option 55, length 13: > > Subnet-Mask, BR, Time-Zone, Default-Gateway > > Domain-Name, Domain-Name-Server, Option 119, Hostname > > Netbios-Name-Server, Netbios-Scope, MTU, > Classless-Static-Route > > NTP > > END Option 255, length 0 > > PAD Option 0, length 0, occurs 34 > > > > > > [root@ovirt-node-03 ~]# brctl showmacs 207-net > > port no mac addr is local? ageing timer > > 1 00:15:17:7b:e9:da yes 0.00 > > 1 00:15:17:7b:e9:da yes 0.00 > > 3 00:1a:4a:16:01:56 no 0.11 > > 2 00:1a:4a:16:01:57 no 0.13 << Proxmox VM's > eth0 MAC learned > > 1 00:24:50:dd:a2:05 no 1.05 > > 1 18:03:73:e3:be:5a no 198.87 > > 1 18:03:73:e3:ca:24 no 60.01 > > 1 18:03:73:e3:cb:5b no 68.26 > > 1 18:03:73:e3:cd:b8 no 41.39 > > 1 18:03:73:e3:d4:26 no 57.25 > > 1 18:03:73:e3:d5:3d no 133.53 > > 1 18:03:73:e4:23:08 no 34.28 > > 1 18:03:73:e4:26:2f no 20.10 > > 1 18:03:73:e4:2b:4c no 22.49 > > 1 18:03:73:e4:6c:19 no 14.87 > > 1 18:03:73:e4:7e:0a no 54.46 > > 1 18:03:73:e8:16:e0 no 28.71 > > 1 34:17:eb:9b:f8:ea no 22.49 > > 1 44:d3:ca:7e:3c:ff no 0.60 > > 1 78:2b:cb:3b:ca:b9 no 217.66 > > 1 78:2b:cb:92:cb:cb no 194.18 > > 1 78:2b:cb:93:08:a8 no 102.49 > > 1 b8:ca:3a:7a:70:63 no 4.19 > > 1 f8:bc:12:69:bb:a3 no 110.52 > > 3 fe:1a:4a:16:01:56 yes 0.00 <<< veth > connection to Proxmox VM (veth0) > > 3 fe:1a:4a:16:01:56 yes 0.00 > > 2 fe:1a:4a:16:01:57 yes 0.00 > > 2 fe:1a:4a:16:01:57 yes 0.00 > > (notice no other entries for port 3 – should be learning MAC > 32:62:65:61:65:33 from incoming traffic on vnet0) > > > > ===== > > > > > > > _______________________________________________ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users > > >
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users