<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Sep 14, 2016 at 12:22 PM, Luca 'remix_tj' Lorenzetto <span dir="ltr"><<a href="mailto:lorenzetto.luca@gmail.com" target="_blank">lorenzetto.luca@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On Wed, Sep 14, 2016 at 10:54 AM, Edward Haas <<a href="mailto:ehaas@redhat.com">ehaas@redhat.com</a>> wrote:<br>
> If I understood correctly, the VM cannot ping the gw/pc even without vlans in<br>
> place.<br>
> Do you have multiple macs on the VM itself? (like a bridge or some sub<br>
> interfaces)<br>
<br>
No, i have not.<br>
<span class=""><br>
<br>
> The only thing that comes to my mind is the mac-spoofing that is enabled by<br>
> default,<br>
> it restricts the VM from using more than one mac address to communicate<br>
> through a<br>
> vnic.<br>
<br>
</span>No, now is a simple VM with one NIC.<br>
<span class=""><br>
> Except that, I do not have a good idea on what may be wrong.<br>
> Your best friend is tcpdump, make sure you do not see any vlan/tagged<br>
> packets on<br>
> the bridge. (if a tagged packet enters from eno5, it will pass to the bridge<br>
> as is, even<br>
> passed to the vtap as is... the VM will drop it as it does not expect a tag<br>
> there)<br>
><br>
<br>
</span>This is what i get with<br>
<br>
tcpdump -e -n -i Development arp<br>
<br>
11:04:12.285320 00:1a:4a:16:01:51 > Broadcast, ethertype ARP (0x0806),<br>
length 42: Request who-has 10.5.31.254 tell 10.5.28.211, length 28<br>
11:04:12.285348 00:1a:4a:16:01:51 > Broadcast, ethertype ARP (0x0806),<br>
length 42: Request who-has 10.5.31.254 tell 10.5.28.211, length 28<br>
11:04:12.289081 00:00:0c:07:ac:01 > 00:1a:4a:16:01:51, ethertype ARP<br>
(0x0806), length 60: Reply 10.5.31.254 is-at 00:00:0c:07:ac:01, length<br>
46<br>
<br>
<br>
instead, with tcpdump -e -n -i vnic0 arp<br>
<br>
11:14:13.344807 00:1a:4a:16:01:51 > Broadcast, ethertype ARP (0x0806),<br>
length 42: Request who-has 10.5.31.254 tell 10.5.28.211, length 28<br>
11:14:13.344834 00:1a:4a:16:01:51 > Broadcast, ethertype ARP (0x0806),<br>
length 42: Request who-has 10.5.31.254 tell 10.5.28.211, length 28<br>
<br>
On eno5, i get instead this:<br>
<br>
11:15:57.355926 00:1a:4a:16:01:51 > Broadcast, ethertype ARP (0x0806),<br>
length 42: Request who-has 10.5.31.254 tell 10.5.28.211, length 28<br>
11:15:57.355944 00:1a:4a:16:01:51 > Broadcast, ethertype ARP (0x0806),<br>
length 42: Request who-has 10.5.31.254 tell 10.5.28.211, length 28<br>
11:15:57.358683 00:00:0c:07:ac:01 > 00:1a:4a:16:01:51, ethertype ARP<br>
(0x0806), length 60: Reply 10.5.31.254 is-at 00:00:0c:07:ac:01, length<br>
46<br>
<br>
I can't copy/paste from the vm, but same tcpdump on the vm will show<br>
only arp requests outgoing and no arp reply incoming.<br>
<br>
For better clarification:<br>
<br>
00:1a:4a:16:01:51 is the mac address of eth0 of the VM<br>
00:00:0c:07:ac:01 is the mac address of the router interface (10.5.31.254)<br>
fe:1a:4a:16:01:51 is the mac address of vtap nic0<br>
<br>
As you can see arp reply arrives to eno5 and to the bridge<br>
Development, but arrives not to the vtap vnic0.<br>
<br>
This is the issue, because if i set with a static arp entry on the VM<br>
(arp -s 10.5.31.254 00:00:0c:07:ac:01) ping succeeds. </blockquote><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="HOEnZb"><div class="h5"><br>
Luca<br>
<br>
</div></div></blockquote></div><br></div><div class="gmail_extra">Yes, it looks like the response gets stuck in the bridge for some reason.<br></div><div class="gmail_extra">Can you please share your kernel version?<br><br></div><div class="gmail_extra">Hannes, do you have any idea what could be the cause of this?<br></div><div class="gmail_extra">Any recommendation on how to debug this one?<br><br></div></div>