Randy this flaky layer two problem reeks of a possible MTU situation between your oVirt
switches and your physical switches.
On May 7, 2018, at 3:59 PM, Dominik Holler <dholler(a)redhat.com>
wrote:
On Mon, 7 May 2018 11:43:51 -0700
"Rue, Randy" <randyrue(a)gmail.com> wrote:
> I've sort of had some progress. On Friday I went to the dentist and
> when I returned, my VM could ping google.
>
> I don't believe I changed anything Friday morning but I confess I've
> been flailing on this for so long I'm not keeping detailed notes on
> what I change. And as I'm evaluating oVirt as a possible replacement
> for our production xencenter/xenserver systems, I need to know what
> was wrong and what fixed it.
>
> I reinstalled the ovirt-engine box and two hosts and started again.
> The only change I've made beyond the default is to remove the
> no-mac-spoofing filter from the ovirtmgmt vNIC profile so there are
> no filters applied. At this point I'm back to an ubuntu LTS server VM
> that again, is getting a DHCP IP address, nameserver entries in
> resolv.conf, and "route" shows correct local routing for addresses on
> the same subnet and the correct gateway for the rest of the world.
> The VM is even registering its hostname in our DNS correctly. And I
> can ping the static IP of the host the VM is on, but not the subnet
> gateway or anything in the real world.
>
Can you ping the DHCP server?
> Two things I haven't mentioned that I haven't seen anything in the
> docs about. My ovirt-engine box is on a different subnet than my
> hosts, and my hosts are using a bonded pair of physical interfaces
> (XOR mode) for their single LAN connection.
Was the bond created before adding the hosts to oVirt, or after adding
the hosts via oVirt web UI?
If the switch requires configuration for the bond, is this applied?
Can you check if the VM can ping the getaway, if you use a simple
Ethernet connection instead of the bond?
> Did I miss something in the docs where these are a problem?
>
> Dominik, to answer your thoughts earlier:
>
> * name resolution isn't happening at all, the VM can't reach a DNS
> server
>
> * I don't manage the data center network gear but am pretty sure
> there's no configuration that blocks traffic. This is supported by my
> temporary success on Friday. And we also have other virtualization
> hosts (VMWare hosts) in the same subnet, that forward traffic to/from
> their VMs just fine.
>
OK, L3 seems to work now sometimes.
> * tcpdump on the host's ovirtmgmt interface is pretty noisy but if I
> grep for the ubuntu DDNS name I see a slew of ARP requests. I can see
> pings to the host's IP address, and attempts to SSH from the VM to
> its host. Any attempt to touch anything past the host shows nothing
> on any interface in tcpdump, not a ping to the subnet gateway, not an
> SSH attempt, not a DNS query or a ping to known IP address.
>
The outgoing ARP requests looks like the traffic of the VM is forwarded
to ovirtmgmt.
Do you see ARP reply to the VM?
Maybe the VM fails to get the MAC address of the gateway.
> * hot damn, here's a clue! I can ping other oVirt hosts! (by IP only)
> I also tried pinging the ovirt-engine box, wasn't surprised when that
> failed as the VM would need to reach the gateway to get to the
> different subnet.
>
> So it appears that even though I've set up the ovirtmgmt network
> using defaults, and it has the "VM Network" option checked, my
> logical network is still set to only allow traffic between the VMs
> and hosts.
>
> What am I missing?
>
> -randy
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users