<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Fri, May 6, 2016 at 11:07 PM, Will Dennis <span dir="ltr"><<a href="mailto:wdennis@nec-labs.com" target="_blank">wdennis@nec-labs.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div lang="EN-US" link="blue" vlink="purple">
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">That’s in iptables, right? I have iptables disabled on my oVirt nodes...</span></p></div></div></blockquote><div><br></div><div>No, it's a L2 filter libvirt sets up, I believe using ebtables.</div><div>Y.</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div lang="EN-US" link="blue" vlink="purple"><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Yaniv Kaul [mailto:<a href="mailto:ykaul@redhat.com" target="_blank">ykaul@redhat.com</a>]
<br>
<b>Sent:</b> Friday, May 06, 2016 3:50 PM<br>
<b>To:</b> Will Dennis<br>
<b>Subject:</b> Re: [ovirt-users] virt-in-virt problem: DHCP failing for a container in a oVirt VM<u></u><u></u></span></p><div><div class="h5">
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<p class="MsoNormal">Long shot - you need to disable the EnableMACAntiSpoofingFilterRules .<u></u><u></u></p>
<div>
<p class="MsoNormal">Y.<u></u><u></u></p>
</div>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<p class="MsoNormal">On Fri, May 6, 2016 at 8:27 PM, Will Dennis <<a href="mailto:wdennis@nec-labs.com" target="_blank">wdennis@nec-labs.com</a>> wrote:<u></u><u></u></p>
<div>
<div>
<p class="MsoNormal">Hi all,<u></u><u></u></p>
<p class="MsoNormal"> <u></u><u></u></p>
<p class="MsoNormal">Have an interesting problem – I am running a VM in oVirt that is running Proxmox VE 4.1 OS, which I have spun up a container on. The container is set for DHCP, and I have verified
that it is sending Discover packets as normal, and that these packets are making it out of the Proxmox VM to the oVirt bridge (which is attached to a VLAN sub-interface of a bond interface.) However, these packets do NOT make it past the oVirt bridge. The
interesting thing is that the Proxmox VM (as well as any other VM I spin up on oVirt) works fine with DHCP. (I also have other oVirt VMs instantiated which are using LXD to spin up containers, and I have the same problem with those as well.) I checked a bunch
of stuff, and the only clue I could find is that it seems that the oVirt bridge is not learning the MAC for the container on the VM, even though it does learn the VM’s MAC, but I can capture DHCP traffic coming from the container off the ‘vnet0’ interface
which is joined to that bridge...<u></u><u></u></p>
<p class="MsoNormal"> <u></u><u></u></p>
<p class="MsoNormal">Info:<u></u><u></u></p>
<p class="MsoNormal"> <u></u><u></u></p>
<p class="MsoNormal">===== off Proxmox VM =====<u></u><u></u></p>
<p class="MsoNormal"> <u></u><u></u></p>
<p class="MsoNormal">Container's MAC address: 32:62:65:61:65:33<u></u><u></u></p>
<p class="MsoNormal"> <u></u><u></u></p>
<p class="MsoNormal">root@proxmox-02:~# ip link sh<u></u><u></u></p>
<p class="MsoNormal">1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default<u></u><u></u></p>
<p class="MsoNormal"> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00<u></u><u></u></p>
<p class="MsoNormal">2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0 state UP mode DEFAULT group default qlen 1000<u></u><u></u></p>
<p class="MsoNormal"> link/ether 00:1a:4a:16:01:57 brd ff:ff:ff:ff:ff:ff<u></u><u></u></p>
<p class="MsoNormal">3: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default<u></u><u></u></p>
<p class="MsoNormal"> link/ether 00:1a:4a:16:01:57 brd ff:ff:ff:ff:ff:ff<u></u><u></u></p>
<p class="MsoNormal">7: veth100i0@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0 state UP mode DEFAULT group default qlen 1000<u></u><u></u></p>
<p class="MsoNormal"> link/ether fe:50:4f:3c:bd:b8 brd ff:ff:ff:ff:ff:ff link-netnsid 0 <<< veth connection to container<u></u><u></u></p>
<p class="MsoNormal"> <u></u><u></u></p>
<p class="MsoNormal">root@proxmox-02:~# brctl showmacs vmbr0<u></u><u></u></p>
<p class="MsoNormal">port no mac addr is local? ageing timer<u></u><u></u></p>
<p class="MsoNormal"> 1 00:12:3f:24:a4:54 no 112.88<u></u><u></u></p>
<p class="MsoNormal"> 1 00:1a:4a:16:01:56 no 0.02<u></u><u></u></p>
<p class="MsoNormal"> 1 00:1a:4a:16:01:57 yes 0.00<u></u><u></u></p>
<p class="MsoNormal"> 1 00:1a:4a:16:01:57 yes 0.00<u></u><u></u></p>
<p class="MsoNormal"> 1 00:24:50:dd:a2:05 no 1.37<u></u><u></u></p>
<p class="MsoNormal"> 1 18:03:73:e3:be:5a no 21.04<u></u><u></u></p>
<p class="MsoNormal"> 1 18:03:73:e3:ca:24 no 4.23<u></u><u></u></p>
<p class="MsoNormal"> 1 18:03:73:e3:cb:5b no 48.41<u></u><u></u></p>
<p class="MsoNormal"> 1 18:03:73:e3:cc:e5 no 91.93<u></u><u></u></p>
<p class="MsoNormal"> 1 18:03:73:e3:cd:b8 no 151.04<u></u><u></u></p>
<p class="MsoNormal"> 1 18:03:73:e3:ce:43 no 0.80<u></u><u></u></p>
<p class="MsoNormal"> 1 18:03:73:e3:d0:a4 no 290.74<u></u><u></u></p>
<p class="MsoNormal"> 1 18:03:73:e3:d4:26 no 34.06<u></u><u></u></p>
<p class="MsoNormal"> 1 18:03:73:e3:d5:3d no 6.36<u></u><u></u></p>
<p class="MsoNormal"> 1 18:03:73:e4:23:08 no 88.76<u></u><u></u></p>
<p class="MsoNormal"> 1 18:03:73:e4:25:92 no 111.86<u></u><u></u></p>
<p class="MsoNormal"> 1 18:03:73:e4:26:2f no 9.54<u></u><u></u></p>
<p class="MsoNormal"> 1 18:03:73:e4:2b:4c no 114.86<u></u><u></u></p>
<p class="MsoNormal"> 1 18:03:73:e4:31:15 no 263.91<u></u><u></u></p>
<p class="MsoNormal"> 1 18:03:73:e4:6c:19 no 6.36<u></u><u></u></p>
<p class="MsoNormal"> 1 18:03:73:e4:7e:0a no 103.06<u></u><u></u></p>
<p class="MsoNormal"> 1 18:03:73:e8:16:e0 no 23.21<u></u><u></u></p>
<p class="MsoNormal"> 2 32:62:65:61:65:33 no 5.08 <<< container’s MAC learned on Proxmox bridge<u></u><u></u></p>
<p class="MsoNormal"> 1 34:17:eb:9b:e0:29 no 265.22<u></u><u></u></p>
<p class="MsoNormal"> 1 34:17:eb:9b:f8:ea no 114.86<u></u><u></u></p>
<p class="MsoNormal"> 1 44:d3:ca:7e:3c:ff no 0.00<u></u><u></u></p>
<p class="MsoNormal"> 1 78:2b:cb:3b:ca:b9 no 284.70<u></u><u></u></p>
<p class="MsoNormal"> 1 78:2b:cb:92:cb:cb no 279.70<u></u><u></u></p>
<p class="MsoNormal"> 1 78:2b:cb:93:08:a8 no 287.05<u></u><u></u></p>
<p class="MsoNormal"> 1 b8:ca:3a:7a:70:63 no 4.83<u></u><u></u></p>
<p class="MsoNormal"> 1 f8:bc:12:69:bb:a3 no 121.82<u></u><u></u></p>
<p class="MsoNormal"> 2 fe:50:4f:3c:bd:b8 yes 0.00<u></u><u></u></p>
<p class="MsoNormal"> 2 fe:50:4f:3c:bd:b8 yes 0.00<u></u><u></u></p>
<p class="MsoNormal"> <u></u><u></u></p>
<p class="MsoNormal">===== off oVirt node that has Proxmox VM ====<u></u><u></u></p>
<p class="MsoNormal"> <u></u><u></u></p>
<p class="MsoNormal">(relevant lines from ‘ip link show’)<u></u><u></u></p>
<p class="MsoNormal">2: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT<u></u><u></u></p>
<p class="MsoNormal">3: enp4s0f0: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master bond0 state UP mode DEFAULT qlen 1000<u></u><u></u></p>
<p class="MsoNormal">4: enp4s0f1: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master bond0 state UP mode DEFAULT qlen 1000<u></u><u></u></p>
<p class="MsoNormal">8:
<a href="mailto:bond0.169@bond0" target="_blank">bond0.169@bond0</a>: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master 169-net state UP mode DEFAULT<u></u><u></u></p>
<p class="MsoNormal">10:
<a href="mailto:bond0.180@bond0" target="_blank">bond0.180@bond0</a>: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master 180-net state UP mode DEFAULT<u></u><u></u></p>
<p class="MsoNormal">12:
<a href="mailto:bond0.207@bond0" target="_blank">bond0.207@bond0</a>: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master 207-net state UP mode DEFAULT<u></u><u></u></p>
<p class="MsoNormal">13: 207-net: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT<u></u><u></u></p>
<p class="MsoNormal">30: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master 207-net state UNKNOWN mode DEFAULT qlen 500 <<< veth connection to Proxmox VM<u></u><u></u></p>
<p class="MsoNormal">31: vnet1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master 207-net state UNKNOWN mode DEFAULT qlen 500<u></u><u></u></p>
<p class="MsoNormal"> <u></u><u></u></p>
<p class="MsoNormal">[root@ovirt-node-03 ~]# brctl show<u></u><u></u></p>
<p class="MsoNormal">bridge name bridge id STP enabled interfaces<u></u><u></u></p>
<p class="MsoNormal">169-net 8000.0015177be9da no bond0.169<u></u><u></u></p>
<p class="MsoNormal">180-net 8000.0015177be9da no bond0.180<u></u><u></u></p>
<p class="MsoNormal">207-net 8000.0015177be9da no bond0.207<u></u><u></u></p>
<p class="MsoNormal"> vnet0<u></u><u></u></p>
<p class="MsoNormal"> vnet1<u></u><u></u></p>
<p class="MsoNormal">;vdsmdummy; 8000.000000000000 no<u></u><u></u></p>
<p class="MsoNormal">ovirtmgmt 8000.00218535086a no enp12s0f0<u></u><u></u></p>
<p class="MsoNormal"> <u></u><u></u></p>
<p class="MsoNormal"> <u></u><u></u></p>
<p class="MsoNormal">[root@ovirt-node-03 ~]# tcpdump -i vnet0 -vvv -s 1500 '(port 67 or port 68)'<u></u><u></u></p>
<p class="MsoNormal">tcpdump: WARNING: vnet0: no IPv4 address assigned<u></u><u></u></p>
<p class="MsoNormal">tcpdump: listening on vnet0, link-type EN10MB (Ethernet), capture size 1500 bytes<u></u><u></u></p>
<p class="MsoNormal">12:52:07.628571 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)<u></u><u></u></p>
<p class="MsoNormal"> 0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 32:62:65:61:65:33 (oui Unknown), length 300, xid 0x9efc4849, secs 94, Flags [none] (0x0000)<u></u><u></u></p>
<p class="MsoNormal"> Client-Ethernet-Address 32:62:65:61:65:33 (oui Unknown) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^<u></u><u></u></p>
<p class="MsoNormal"> Vendor-rfc1048 Extensions<u></u><u></u></p>
<p class="MsoNormal"> Magic Cookie 0x63825363<u></u><u></u></p>
<p class="MsoNormal"> DHCP-Message Option 53, length 1: Discover<u></u><u></u></p>
<p class="MsoNormal"> Hostname Option 12, length 5: "test1"<u></u><u></u></p>
<p class="MsoNormal"> Parameter-Request Option 55, length 13:<u></u><u></u></p>
<p class="MsoNormal"> Subnet-Mask, BR, Time-Zone, Default-Gateway<u></u><u></u></p>
<p class="MsoNormal"> Domain-Name, Domain-Name-Server, Option 119, Hostname<u></u><u></u></p>
<p class="MsoNormal"> Netbios-Name-Server, Netbios-Scope, MTU, Classless-Static-Route<u></u><u></u></p>
<p class="MsoNormal"> NTP<u></u><u></u></p>
<p class="MsoNormal"> END Option 255, length 0<u></u><u></u></p>
<p class="MsoNormal"> PAD Option 0, length 0, occurs 34<u></u><u></u></p>
<p class="MsoNormal"> <u></u><u></u></p>
<p class="MsoNormal"> <u></u><u></u></p>
<p class="MsoNormal">[root@ovirt-node-03 ~]# brctl showmacs 207-net<u></u><u></u></p>
<p class="MsoNormal">port no mac addr is local? ageing timer<u></u><u></u></p>
<p class="MsoNormal"> 1 00:15:17:7b:e9:da yes 0.00<u></u><u></u></p>
<p class="MsoNormal"> 1 00:15:17:7b:e9:da yes 0.00<u></u><u></u></p>
<p class="MsoNormal"> 3 00:1a:4a:16:01:56 no 0.11
<u></u><u></u></p>
<p class="MsoNormal"> 2 00:1a:4a:16:01:57 no 0.13 << Proxmox VM's eth0 MAC learned<u></u><u></u></p>
<p class="MsoNormal"> 1 00:24:50:dd:a2:05 no 1.05<u></u><u></u></p>
<p class="MsoNormal"> 1 18:03:73:e3:be:5a no 198.87<u></u><u></u></p>
<p class="MsoNormal"> 1 18:03:73:e3:ca:24 no 60.01<u></u><u></u></p>
<p class="MsoNormal"> 1 18:03:73:e3:cb:5b no 68.26<u></u><u></u></p>
<p class="MsoNormal"> 1 18:03:73:e3:cd:b8 no 41.39<u></u><u></u></p>
<p class="MsoNormal"> 1 18:03:73:e3:d4:26 no 57.25<u></u><u></u></p>
<p class="MsoNormal"> 1 18:03:73:e3:d5:3d no 133.53<u></u><u></u></p>
<p class="MsoNormal"> 1 18:03:73:e4:23:08 no 34.28<u></u><u></u></p>
<p class="MsoNormal"> 1 18:03:73:e4:26:2f no 20.10<u></u><u></u></p>
<p class="MsoNormal"> 1 18:03:73:e4:2b:4c no 22.49<u></u><u></u></p>
<p class="MsoNormal"> 1 18:03:73:e4:6c:19 no 14.87<u></u><u></u></p>
<p class="MsoNormal"> 1 18:03:73:e4:7e:0a no 54.46<u></u><u></u></p>
<p class="MsoNormal"> 1 18:03:73:e8:16:e0 no 28.71<u></u><u></u></p>
<p class="MsoNormal"> 1 34:17:eb:9b:f8:ea no 22.49<u></u><u></u></p>
<p class="MsoNormal"> 1 44:d3:ca:7e:3c:ff no 0.60<u></u><u></u></p>
<p class="MsoNormal"> 1 78:2b:cb:3b:ca:b9 no 217.66<u></u><u></u></p>
<p class="MsoNormal"> 1 78:2b:cb:92:cb:cb no 194.18<u></u><u></u></p>
<p class="MsoNormal"> 1 78:2b:cb:93:08:a8 no 102.49<u></u><u></u></p>
<p class="MsoNormal"> 1 b8:ca:3a:7a:70:63 no 4.19<u></u><u></u></p>
<p class="MsoNormal"> 1 f8:bc:12:69:bb:a3 no 110.52<u></u><u></u></p>
<p class="MsoNormal"> 3 fe:1a:4a:16:01:56 yes 0.00 <<< veth connection to Proxmox VM (veth0)<u></u><u></u></p>
<p class="MsoNormal"> 3 fe:1a:4a:16:01:56 yes 0.00<u></u><u></u></p>
<p class="MsoNormal"> 2 fe:1a:4a:16:01:57 yes 0.00<u></u><u></u></p>
<p class="MsoNormal"> 2 fe:1a:4a:16:01:57 yes 0.00<u></u><u></u></p>
<p class="MsoNormal">(notice no other entries for port 3 – should be learning MAC 32:62:65:61:65:33 from incoming traffic on vnet0)<u></u><u></u></p>
<p class="MsoNormal"> <u></u><u></u></p>
<p class="MsoNormal">=====<u></u><u></u></p>
<p class="MsoNormal"> <u></u><u></u></p>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a><br>
<a href="http://lists.ovirt.org/mailman/listinfo/users" target="_blank">http://lists.ovirt.org/mailman/listinfo/users</a><u></u><u></u></p>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
</div></div></div>
</div>
</blockquote></div><br></div></div>