Is there a way to enable promiscuous mode on virtual adapters? I can't seem to access guest IP addresses on our product (that uses Xen). In Vmware I could enable promiscious mode so that our guest's IP would be allow, as well as the other virtual interfaces under it.

Hi Dan, Yes I am an ovirt user. Basically, I am running into an issue running xen inside of kvm. Our scenario is that this is lab environment, and we enjoy the luxury of spinning up kvm instances (as opposed to installing on bare metal each time we need something). Our product uses Xen, and we are pretty much stuck with it for the time being. I think what I am running into is a double bridge issue... Xen has a bridge, and so does kvm obviously. I am able to ping dom0 (which is just the bridge itself) on Xen from the outside world, but I am not able to ping udom... and... udom doesn't have access out either. When I was using vmware, I enabled promisc mode on the virtual switch, and this solution worked fine... If we ignore the types of technology that I am using, and just focus on the networking, what would I be looking at as possibilities? Or... a better question would be, does ovirt have a promiscuous flag somewhere that I can set?

On Tuesday, April 29, 2014 01:35:08 PM Dan Kenigsberg wrote: > On Tue, Apr 29, 2014 at 06:33:14AM -0400, richard.seguin(a)marisec.ca wrote: > > Hi Dan, > > > > Yes I am an ovirt user. Basically, I am running into an issue running xen > > inside of kvm. Our scenario is that this is lab environment, and we > > enjoy the luxury of spinning up kvm instances (as opposed to installing > > on bare metal each time we need something). Our product uses Xen, and we > > are pretty much stuck with it for the time being. > > > > I think what I am running into is a double bridge issue... Xen has a > > bridge, and so does kvm obviously. I am able to ping dom0 (which is just > > the bridge itself) on Xen from the outside world, but I am not able to > > ping udom... and... udom doesn't have access out either. When I was > > using vmware, I enabled promisc mode on the virtual switch, and this > > solution worked fine... > > > > If we ignore the types of technology that I am using, and just focus on > > the networking, what would I be looking at as possibilities? Or... a > > better question would be, does ovirt have a promiscuous flag somewhere > > that I can set? > I cannot say that I understand your setup, but if you have nested > virtuallization (such as a Xen udom) you may experience ovirt's > no-mac-spoofing rule: by default we disallow our VMs to emit traffic > that has different mac address from the one assigned by oVirt. > > To avoid this, follow http://www.ovirt.org/Vdsm_Hooks#Installing_a_hook > and report if that's the issue. If the mac address is the issue wouldn't it be easier for him to just edit the VM and in custom properties set macspoof to true?

You have no idea how much I wanted this to work... macspoof = true nothing changed...

-----Original Message----- From: "Alexander Wels" <awels(a)redhat.com&gt; Sent: Tuesday, April 29, 2014 8:47am To: users(a)ovirt.org Cc: "Dan Kenigsberg" <danken(a)redhat.com&gt;, richard.seguin(a)marisec.ca Subject: Re: [ovirt-users] IP forwarding... Cannot access guest IP On Tuesday, April 29, 2014 01:35:08 PM Dan Kenigsberg wrote: > On Tue, Apr 29, 2014 at 06:33:14AM -0400, richard.seguin(a)marisec.ca wrote: > > Hi Dan, > > > > Yes I am an ovirt user. Basically, I am running into an issue running > > xen > > inside of kvm. Our scenario is that this is lab environment, and we > > enjoy the luxury of spinning up kvm instances (as opposed to installing > > on bare metal each time we need something). Our product uses Xen, and we > > are pretty much stuck with it for the time being. > > > > I think what I am running into is a double bridge issue... Xen has a > > bridge, and so does kvm obviously. I am able to ping dom0 (which is > > just > > the bridge itself) on Xen from the outside world, but I am not able to > > ping udom... and... udom doesn't have access out either. When I was > > using vmware, I enabled promisc mode on the virtual switch, and this > > solution worked fine... > > > > If we ignore the types of technology that I am using, and just focus on > > the networking, what would I be looking at as possibilities? Or... a > > better question would be, does ovirt have a promiscuous flag somewhere > > that I can set? > > I cannot say that I understand your setup, but if you have nested > virtuallization (such as a Xen udom) you may experience ovirt's > no-mac-spoofing rule: by default we disallow our VMs to emit traffic > that has different mac address from the one assigned by oVirt. > > To avoid this, follow http://www.ovirt.org/Vdsm_Hooks#Installing_a_hook > and report if that's the issue. If the mac address is the issue wouldn't it be easier for him to just edit the VM and in custom properties set macspoof to true? > _______________________________________________ > Users mailing list > Users(a)ovirt.org > http://lists.ovirt.org/mailman/listinfo/users

You have no idea how much I wanted this to work... macspoof = true nothing changed...

-----Original Message----- From: "Alexander Wels" <awels(a)redhat.com&gt; Sent: Tuesday, April 29, 2014 8:47am To: users(a)ovirt.org Cc: "Dan Kenigsberg" <danken(a)redhat.com&gt;, richard.seguin(a)marisec.ca Subject: Re: [ovirt-users] IP forwarding... Cannot access guest IP On Tuesday, April 29, 2014 01:35:08 PM Dan Kenigsberg wrote: > On Tue, Apr 29, 2014 at 06:33:14AM -0400, richard.seguin(a)marisec.ca wrote: > > Hi Dan, > > > > Yes I am an ovirt user. Basically, I am running into an issue running > > xen > > inside of kvm. Our scenario is that this is lab environment, and we > > enjoy the luxury of spinning up kvm instances (as opposed to installing > > on bare metal each time we need something). Our product uses Xen, and we > > are pretty much stuck with it for the time being. > > > > I think what I am running into is a double bridge issue... Xen has a > > bridge, and so does kvm obviously. I am able to ping dom0 (which is > > just > > the bridge itself) on Xen from the outside world, but I am not able to > > ping udom... and... udom doesn't have access out either. When I was > > using vmware, I enabled promisc mode on the virtual switch, and this > > solution worked fine... > > > > If we ignore the types of technology that I am using, and just focus on > > the networking, what would I be looking at as possibilities? Or... a > > better question would be, does ovirt have a promiscuous flag somewhere > > that I can set? > > I cannot say that I understand your setup, but if you have nested > virtuallization (such as a Xen udom) you may experience ovirt's > no-mac-spoofing rule: by default we disallow our VMs to emit traffic > that has different mac address from the one assigned by oVirt. > > To avoid this, follow http://www.ovirt.org/Vdsm_Hooks#Installing_a_hook > and report if that's the issue. If the mac address is the issue wouldn't it be easier for him to just edit the VM and in custom properties set macspoof to true? > _______________________________________________ > Users mailing list > Users(a)ovirt.org > http://lists.ovirt.org/mailman/listinfo/users

All of the other hypervisors that I am reading about allows for promiscuous mode to be turned on at the host level... Do we have anything like that?