----- Original Message -----
From: "Frank Wall" <fw@moov.de> To: "Moti Asayag" <masayag@redhat.com> Cc: users@ovirt.org Sent: Thursday, October 17, 2013 4:33:51 PM Subject: Re: [Users] Guest to guest multicast
Hi Moti,
On 17.10.2013 15:08, Moti Asayag wrote:
Could you try disabling the filter, restart the vms and re-run the test ? 1. On the ovirt-engine run: engine-config -s EnableMACAntiSpoofingFilterRules=false --cver=3.3 (if you're using ovirt-engine 3.2, make sure to specify it in the --cver= option). 2. Restart the ovirt-engine service 3. Restart the vms 4. Re-run the test
YES! This solved the VRRP problem. THANK YOU!
At some point I was already suspecting that ebtables and the Anti-Spoofing rules would be causing my problem, because I could see them in the XML configuration of my VMs, but a "ebtables -L" did not show any rule. So I kept on searching...
you should have specify the 'nat' table name and then you'd see the entire rules: ebtables -t nat -L
My question is: How would I find these Anti-Spoofing rules that oVirt applies to each VM? Just want to find out at which point my debugging went into the wrong direction ;-)
ovirt applies the same rules for all of the vm. A custom nwfilter rule named 'vdsm-no-mac-spoofing' is being created by vdsm when it starts. To see it contents requires using 'virsh' on the node: virsh -r nwfilter-dumpxml vdsm-no-mac-spoofing <uuid>c05471a7-9dee-6021-32e3-5d70e7617fc5</uuid> <filterref filter='no-mac-spoofing'/> <filterref filter='no-arp-mac-spoofing'/> </filter> where the 2 rules are predefined by libvirt's nwfilter.
Thanks - Frank