Re: [Users] Guest to guest multicast
----- Original Message -----
From: "Frank Wall" <fw(a)moov.de>
To: "Moti Asayag" <masayag(a)redhat.com>
Cc: users(a)ovirt.org
Sent: Thursday, October 17, 2013 4:33:51 PM
Subject: Re: [Users] Guest to guest multicast
Hi Moti,
On 17.10.2013 15:08, Moti Asayag wrote:
> Could you try disabling the filter, restart the vms and re-run the test
> ?
> 1. On the ovirt-engine run: engine-config -s
> EnableMACAntiSpoofingFilterRules=false --cver=3.3
> (if you're using ovirt-engine 3.2, make sure to specify it in the
> --cver= option).
> 2. Restart the ovirt-engine service
> 3. Restart the vms
> 4. Re-run the test
YES! This solved the VRRP problem. THANK YOU!
At some point I was already suspecting that ebtables and the
Anti-Spoofing
rules would be causing my problem, because I could see them in the XML
configuration of my VMs, but a "ebtables -L" did not show any rule. So I
kept on searching...
you should have specify the 'nat' table name and then you'd see the entire
rules:
ebtables -t nat -L
My question is: How would I find these Anti-Spoofing rules that
oVirt applies to each VM? Just want to find out at which point my
debugging went into the wrong direction ;-)
ovirt applies the same rules for all of the vm. A custom nwfilter rule named
'vdsm-no-mac-spoofing'
is being created by vdsm when it starts.
To see it contents requires using 'virsh' on the node:
virsh -r nwfilter-dumpxml vdsm-no-mac-spoofing
<uuid>c05471a7-9dee-6021-32e3-5d70e7617fc5</uuid>
<filterref filter='no-mac-spoofing'/>
<filterref filter='no-arp-mac-spoofing'/>
</filter>
where the 2 rules are predefined by libvirt's nwfilter.
Thanks
- Frank