[ovirt-users] newbie questions on networking

Mon May 7 21:03:31 UTC 2018

Randy this flaky layer two problem reeks of a possible MTU situation between your oVirt switches and your physical switches.

> On May 7, 2018, at 3:59 PM, Dominik Holler <dholler at redhat.com> wrote:
> 
> On Mon, 7 May 2018 11:43:51 -0700
> "Rue, Randy" <randyrue at gmail.com> wrote:
> 
>> I've sort of had some progress. On Friday I went to the dentist and
>> when I returned, my VM could ping google.
>> 
>> I don't believe I changed anything Friday morning but I confess I've 
>> been flailing on this for so long I'm not keeping detailed notes on
>> what I change. And as I'm evaluating oVirt as a possible replacement
>> for our production xencenter/xenserver systems, I need to know what
>> was wrong and what fixed it.
>> 
>> I reinstalled the ovirt-engine box and two hosts and started again.
>> The only change I've made beyond the default is to remove the 
>> no-mac-spoofing filter from the ovirtmgmt vNIC profile so there are
>> no filters applied. At this point I'm back to an ubuntu LTS server VM
>> that again, is getting a DHCP IP address, nameserver entries in
>> resolv.conf, and "route" shows correct local routing for addresses on
>> the same subnet and the correct gateway for the rest of the world.
>> The VM is even registering its hostname in our DNS correctly. And I
>> can ping the static IP of the host the VM is on, but not the subnet
>> gateway or anything in the real world.
>> 
> 
> Can you ping the DHCP server?
> 
>> Two things I haven't mentioned that I haven't seen anything in the
>> docs about. My ovirt-engine box is on a different subnet than my
>> hosts, and my hosts are using a bonded pair of physical interfaces
>> (XOR mode) for their single LAN connection.
> 
> Was the bond created before adding the hosts to oVirt, or after adding
> the hosts via oVirt web UI?
> If the switch requires configuration for the bond, is this applied?
> Can you check if the VM can ping the getaway, if you use a simple
> Ethernet connection instead of the bond?
> 
>> Did I miss something in the docs where these are a problem?
>> 
>> Dominik, to answer your thoughts earlier:
>> 
>> * name resolution isn't happening at all, the VM can't reach a DNS
>> server
>> 
>> * I don't manage the data center network gear but am pretty sure
>> there's no configuration that blocks traffic. This is supported by my
>> temporary success on Friday. And we also have other virtualization
>> hosts (VMWare hosts) in the same subnet, that forward traffic to/from
>> their VMs just fine.
>> 
> 
> OK, L3 seems to work now sometimes.
> 
>> * tcpdump on the host's ovirtmgmt interface is pretty noisy but if I 
>> grep for the ubuntu DDNS name I see a slew of ARP requests. I can see 
>> pings to the host's IP address, and attempts to SSH from the VM to
>> its host. Any attempt to touch anything past the host shows nothing
>> on any interface in tcpdump, not a ping to the subnet gateway, not an
>> SSH attempt, not a DNS query or a ping to known IP address.
>> 
> 
> The outgoing ARP requests looks like the traffic of the VM is forwarded
> to ovirtmgmt.
> Do you see ARP reply to the VM?
> Maybe the VM fails to get the MAC address of the gateway.
> 
>> * hot damn, here's a clue! I can ping other oVirt hosts! (by IP only)
>> I also tried pinging the ovirt-engine box, wasn't surprised when that 
>> failed as the VM would need to reach the gateway to get to the
>> different subnet.
>> 
>> So it appears that even though I've set up the ovirtmgmt network
>> using defaults, and it has the "VM Network" option checked, my
>> logical network is still set to only allow traffic between the VMs
>> and hosts.
>> 
>> What am I missing?
>> 
>> -randy
> 
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
> 