Bridge not forwarding frames on node.
Hi to all!I'm having an issue with networks bridges on ovirt node.It's look like this bug: https://bugzilla.redhat.com/show_bug.cgi?id=1279161On VM I have a bridge between a tap device and network interface. On node side the interface is bridged with bond0 vlan 128 (bond0.128 lacp).When I ping an host on the other side of tap device I can see this:Arp request goes from my lan to the tap device on vm. Arp reply return from tap vm and bridge forward this to vm networks interface. Using tcpdump on vm interface on node I can see the arp reply, using tcpdump on bond0.128 or on bridge I can't see the arp reply. Arp request is forwarded from bond0.128 to vm net but arp reply isn't forwarded from vm net to bond0.128. Very strange.....
On Wed, May 13, 2020 at 9:44 PM s.danzi <s.danzi@hawai.it> wrote:
Hi to all!
I'm having an issue with networks bridges on ovirt node.
It's look like this bug: https://bugzilla.redhat.com/show_bug.cgi?id=1279161
On VM I have a bridge between a tap device and network interface. On node side the interface is bridged with bond0 vlan 128 (bond0.128 lacp).
When I ping an host on the other side of tap device I can see this:
Arp request goes from my lan to the tap device on vm. Arp reply return from tap vm and bridge forward this to vm networks interface. Using tcpdump on vm interface on node I can see the arp reply, using tcpdump on bond0.128 or on bridge I can't see the arp reply. Arp request is forwarded from bond0.128 to vm net but arp reply isn't forwarded from vm net to bond0.128.
Any chance that there is network filtering involved? Please check if the related vNIC profile has No Network Filter. If there is a Network Filter set, please shutdown the VM, set to No Network Filter in the vNIC profile, and start the VM again and check if the issue is gone.
Very strange.....
_______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/6ONQZEHXKW6NLY...
Il 14/05/2020 12:50, Dominik Holler ha scritto:
On Wed, May 13, 2020 at 9:44 PM s.danzi <s.danzi@hawai.it <mailto:s.danzi@hawai.it>> wrote:
Hi to all!
I'm having an issue with networks bridges on ovirt node.
It's look like this bug: https://bugzilla.redhat.com/show_bug.cgi?id=1279161
On VM I have a bridge between a tap device and network interface. On node side the interface is bridged with bond0 vlan 128 (bond0.128 lacp).
When I ping an host on the other side of tap device I can see this:
Arp request goes from my lan to the tap device on vm. Arp reply return from tap vm and bridge forward this to vm networks interface. Using tcpdump on vm interface on node I can see the arp reply, using tcpdump on bond0.128 or on bridge I can't see the arp reply. Arp request is forwarded from bond0.128 to vm net but arp reply isn't forwarded from vm net to bond0.128.
Any chance that there is network filtering involved? Please check if the related vNIC profile has No Network Filter. If there is a Network Filter set, please shutdown the VM, set to No Network Filter in the vNIC profile, and start the VM again and check if the issue is gone.
Hi! No Network filter.... It was my first check.
On May 14, 2020 6:16:06 PM GMT+03:00, Stefano Danzi <s.danzi@hawai.it> wrote:
Il 14/05/2020 12:50, Dominik Holler ha scritto:
On Wed, May 13, 2020 at 9:44 PM s.danzi <s.danzi@hawai.it <mailto:s.danzi@hawai.it>> wrote:
Hi to all!
I'm having an issue with networks bridges on ovirt node.
It's look like this bug: https://bugzilla.redhat.com/show_bug.cgi?id=1279161
On VM I have a bridge between a tap device and network
interface.
On node side the interface is bridged with bond0 vlan 128 (bond0.128 lacp).
When I ping an host on the other side of tap device I can see
this:
Arp request goes from my lan to the tap device on vm. Arp reply return from tap vm and bridge forward this to vm networks interface. Using tcpdump on vm interface on node I can see the
arp
reply, using tcpdump on bond0.128 or on bridge I can't see the
arp
reply. Arp request is forwarded from bond0.128 to vm net but arp reply isn't forwarded from vm net to bond0.128.
Any chance that there is network filtering involved? Please check if the related vNIC profile has No Network Filter. If there is a Network Filter set, please shutdown the VM, set to No Network Filter in the vNIC profile, and start the VM again and check if the issue is gone.
Hi! No Network filter.... It was my first check.
Have you checked the MTU ? You need to keep it a little bit lower on the VM, as you have vlan on the hypervisor. Best Regards, Strahil Nikolov
On May 14, 2020 6:16:06 PM GMT+03:00, Stefano Danzi <s.danzi@hawai.it> wrote:
Il 14/05/2020 12:50, Dominik Holler ha scritto:
On Wed, May 13, 2020 at 9:44 PM s.danzi <s.danzi@hawai.it <mailto:s.danzi@hawai.it>> wrote:
Hi to all!
I'm having an issue with networks bridges on ovirt node.
It's look like this bug: https://bugzilla.redhat.com/show_bug.cgi?id=1279161
On VM I have a bridge between a tap device and network
interface.
On node side the interface is bridged with bond0 vlan 128 (bond0.128 lacp).
When I ping an host on the other side of tap device I can see
this:
Arp request goes from my lan to the tap device on vm. Arp reply return from tap vm and bridge forward this to vm networks interface. Using tcpdump on vm interface on node I can see the
arp
reply, using tcpdump on bond0.128 or on bridge I can't see the
arp
reply. Arp request is forwarded from bond0.128 to vm net but arp reply isn't forwarded from vm net to bond0.128.
Any chance that there is network filtering involved? Please check if the related vNIC profile has No Network Filter. If there is a Network Filter set, please shutdown the VM, set to No Network Filter in the vNIC profile, and start the VM again and check if the issue is gone.
Hi! No Network filter.... It was my first check.
Have you checked the MTU ? You need to keep it a little bit lower on the VM, as you have vlan on the hypervisor.
Best Regards, Strahil Nikolov Hi! I have to check, but it is strange..... Arp replies originated from the VM has not problems, only ARP replies
Il 14/05/2020 20:13, Strahil Nikolov ha scritto: that came from TAP device in VM where not forwarded to real LAN. Exactly as descived in bz1279161 (that's solved in bz1135347 but it's not public and I can't read it)
On Fri, May 15, 2020 at 9:35 AM Stefano Danzi <s.danzi@hawai.it> wrote:
Il 14/05/2020 20:13, Strahil Nikolov ha scritto:
On May 14, 2020 6:16:06 PM GMT+03:00, Stefano Danzi <s.danzi@hawai.it> wrote:
Il 14/05/2020 12:50, Dominik Holler ha scritto:
On Wed, May 13, 2020 at 9:44 PM s.danzi <s.danzi@hawai.it <mailto:s.danzi@hawai.it>> wrote:
Hi to all!
I'm having an issue with networks bridges on ovirt node.
It's look like this bug: https://bugzilla.redhat.com/show_bug.cgi?id=1279161
On VM I have a bridge between a tap device and network
interface.
On node side the interface is bridged with bond0 vlan 128 (bond0.128 lacp).
When I ping an host on the other side of tap device I can see
this:
Arp request goes from my lan to the tap device on vm. Arp reply return from tap vm and bridge forward this to vm networks interface. Using tcpdump on vm interface on node I can see the
arp
reply, using tcpdump on bond0.128 or on bridge I can't see the
arp
reply. Arp request is forwarded from bond0.128 to vm net but arp reply isn't forwarded from vm net to bond0.128.
Any chance that there is network filtering involved? Please check if the related vNIC profile has No Network Filter. If there is a Network Filter set, please shutdown the VM, set to No Network Filter in the vNIC profile, and start the VM again and check if the issue is gone.
Hi! No Network filter.... It was my first check.
Did you power off the VM after removing the network filter from the vNIC profile? There is currently no indication of the running vNIC configuration does not match the desired configuration (BZ1113630).
Have you checked the MTU ? You need to keep it a little bit lower on the VM, as you have vlan on the hypervisor.
Best Regards, Strahil Nikolov Hi! I have to check, but it is strange..... Arp replies originated from the VM has not problems, only ARP replies that came from TAP device in VM where not forwarded to real LAN.
Do you have a TAP device inside the VM?
Exactly as descived in bz1279161 (that's solved in bz1135347 but it's not public and I can't read it)
Unfortunately BZ1135347 does not look helpful here.
Il 15/05/2020 14:29, Dominik Holler ha scritto:
On Fri, May 15, 2020 at 9:35 AM Stefano Danzi <s.danzi@hawai.it <mailto:s.danzi@hawai.it>> wrote:
Il 14/05/2020 20:13, Strahil Nikolov ha scritto: > On May 14, 2020 6:16:06 PM GMT+03:00, Stefano Danzi <s.danzi@hawai.it <mailto:s.danzi@hawai.it>> wrote: >> >> Il 14/05/2020 12:50, Dominik Holler ha scritto: >>> >>> On Wed, May 13, 2020 at 9:44 PM s.danzi <s.danzi@hawai.it <mailto:s.danzi@hawai.it> >>> <mailto:s.danzi@hawai.it <mailto:s.danzi@hawai.it>>> wrote: >>> >>> Hi to all! >>> >>> I'm having an issue with networks bridges on ovirt node. >>> >>> It's look like this bug: >>> https://bugzilla.redhat.com/show_bug.cgi?id=1279161 >>> >>> On VM I have a bridge between a tap device and network >> interface. >>> On node side the interface is bridged with bond0 vlan 128 >>> (bond0.128 lacp). >>> >>> When I ping an host on the other side of tap device I can see >> this: >>> Arp request goes from my lan to the tap device on vm. Arp reply >>> return from tap vm and bridge forward this to vm networks >>> interface. Using tcpdump on vm interface on node I can see the >> arp >>> reply, using tcpdump on bond0.128 or on bridge I can't see the >> arp >>> reply. Arp request is forwarded from bond0.128 to vm net but arp >>> reply isn't forwarded from vm net to bond0.128. >>> >>> >>> >>> Any chance that there is network filtering involved? >>> Please check if the related vNIC profile has No Network Filter. >>> If there is a Network Filter set, please shutdown the VM, set to No >>> Network Filter in the vNIC profile, and start the VM again and check >>> if the issue is gone. >> Hi! No Network filter.... It was my first check.
Did you power off the VM after removing the network filter from the vNIC profile? There is currently no indication of the running vNIC configuration does not match the desired configuration (BZ1113630).
Yes, of corse
> Have you checked the MTU ? > You need to keep it a little bit lower on the VM, as you have vlan on the hypervisor. > > Best Regards, > Strahil Nikolov Hi! I have to check, but it is strange..... Arp replies originated from the VM has not problems, only ARP replies that came from TAP device in VM where not forwarded to real LAN.
Do you have a TAP device inside the VM?
Yes! This VM act as L2 VPN server. Inside the VM tap device is bridged with vm lan adapter.
Exactly as descived in bz1279161 (that's solved in bz1135347 but it's not public and I can't read it)
Unfortunately BZ1135347 does not look helpful here.
On Fri, May 15, 2020 at 2:41 PM Stefano Danzi <s.danzi@hawai.it> wrote:
Il 15/05/2020 14:29, Dominik Holler ha scritto:
On Fri, May 15, 2020 at 9:35 AM Stefano Danzi <s.danzi@hawai.it> wrote:
Il 14/05/2020 20:13, Strahil Nikolov ha scritto:
On May 14, 2020 6:16:06 PM GMT+03:00, Stefano Danzi <s.danzi@hawai.it> wrote:
Il 14/05/2020 12:50, Dominik Holler ha scritto:
On Wed, May 13, 2020 at 9:44 PM s.danzi <s.danzi@hawai.it <mailto:s.danzi@hawai.it>> wrote:
Hi to all!
I'm having an issue with networks bridges on ovirt node.
It's look like this bug: https://bugzilla.redhat.com/show_bug.cgi?id=1279161
On VM I have a bridge between a tap device and network
interface.
On node side the interface is bridged with bond0 vlan 128 (bond0.128 lacp).
When I ping an host on the other side of tap device I can see
this:
Arp request goes from my lan to the tap device on vm. Arp reply return from tap vm and bridge forward this to vm networks interface. Using tcpdump on vm interface on node I can see the
arp
reply, using tcpdump on bond0.128 or on bridge I can't see the
arp
reply. Arp request is forwarded from bond0.128 to vm net but arp reply isn't forwarded from vm net to bond0.128.
Any chance that there is network filtering involved? Please check if the related vNIC profile has No Network Filter. If there is a Network Filter set, please shutdown the VM, set to No Network Filter in the vNIC profile, and start the VM again and check if the issue is gone.
Hi! No Network filter.... It was my first check.
Did you power off the VM after removing the network filter from the vNIC profile? There is currently no indication of the running vNIC configuration does not match the desired configuration (BZ1113630).
Yes, of corse
Thanks, I just wanted to avoid misunderstandings.
You need to keep it a little bit lower on the VM, as you have vlan on
Have you checked the MTU ? the hypervisor.
Best Regards, Strahil Nikolov
Hi! I have to check, but it is strange..... Arp replies originated from the VM has not problems, only ARP replies that came from TAP device in VM where not forwarded to real LAN.
Do you have a TAP device inside the VM?
Yes! This VM act as L2 VPN server. Inside the VM tap device is bridged with vm lan adapter.
This should work, so let me ask some detailed questions: Does the issue reproduce, if you are using a single NIC instead of a bond? Can you please share the output of bridge fdb show br ovirtmgmt and brctl showmacs ovirtmgmt while replacing ovirtmgmt with the name of your bridge? What are relevant MAC addresses like bridge/bond, vNIC and tun device in the output? What is the output of ebtables -t filter -L ? The thread [ovirt-users] DHCP Client in Guest VM does not work on ovirtmgmt https://lists.ovirt.org/archives/list/users@ovirt.org/thread/566IC5K2B2JJV77... might be similar.
Exactly as descived in bz1279161 (that's solved in bz1135347 but it's not public and I can't read it)
Unfortunately BZ1135347 does not look helpful here.
I've just rebooted the ovirt node and now it works, without any changes in configuration. I can't imagine why. Il 15/05/2020 15:10, Dominik Holler ha scritto:
Hi! I have to check, but it is strange..... Arp replies originated from the VM has not problems, only ARP replies that came from TAP device in VM where not forwarded to real LAN.
Do you have a TAP device inside the VM?
Yes! This VM act as L2 VPN server. Inside the VM tap device is bridged with vm lan adapter.
This should work, so let me ask some detailed questions:
Does the issue reproduce, if you are using a single NIC instead of a bond?
Can you please share the output of bridge fdb show br ovirtmgmt and brctl showmacs ovirtmgmt while replacing ovirtmgmt with the name of your bridge? What are relevant MAC addresses like bridge/bond, vNIC and tun device in the output?
What is the output of ebtables -t filter -L ?
The thread [ovirt-users] DHCP Client in Guest VM does not work on ovirtmgmt https://lists.ovirt.org/archives/list/users@ovirt.org/thread/566IC5K2B2JJV77... might be similar.
Exactly as descived in bz1279161 (that's solved in bz1135347 but it's not public and I can't read it)
Unfortunately BZ1135347 does not look helpful here.
On Fri, May 15, 2020 at 4:39 PM Stefano Danzi <s.danzi@hawai.it> wrote:
I've just rebooted the ovirt node and now it works, without any changes in configuration. I can't imagine why.
Thanks for letting us know that this solved the problem. Please let us know if the issue happens again.
Il 15/05/2020 15:10, Dominik Holler ha scritto:
Hi! I have to check, but it is strange.....
Arp replies originated from the VM has not problems, only ARP replies that came from TAP device in VM where not forwarded to real LAN.
Do you have a TAP device inside the VM?
Yes! This VM act as L2 VPN server. Inside the VM tap device is bridged with vm lan adapter.
This should work, so let me ask some detailed questions:
Does the issue reproduce, if you are using a single NIC instead of a bond?
Can you please share the output of bridge fdb show br ovirtmgmt and brctl showmacs ovirtmgmt while replacing ovirtmgmt with the name of your bridge? What are relevant MAC addresses like bridge/bond, vNIC and tun device in the output?
What is the output of
ebtables -t filter -L
?
The thread [ovirt-users] DHCP Client in Guest VM does not work on ovirtmgmt
https://lists.ovirt.org/archives/list/users@ovirt.org/thread/566IC5K2B2JJV77... might be similar.
Exactly as descived in bz1279161 (that's solved in bz1135347 but it's not public and I can't read it)
Unfortunately BZ1135347 does not look helpful here.
Maybe you can check the vm network filter. Take a look at Network -> vNic profile -> <name of VM network> and choose edit. If "Network Filter" has the default value "vdsm-no-mac-spoofing", it can prevent bridge normal behaviour. Maybe "No network filter" can do the magic. HTH. Cheers, Giulio On 14/05/2020 17:16, Stefano Danzi wrote:
Il 14/05/2020 12:50, Dominik Holler ha scritto:
On Wed, May 13, 2020 at 9:44 PM s.danzi <s.danzi@hawai.it <mailto:s.danzi@hawai.it>> wrote:
Hi to all!
I'm having an issue with networks bridges on ovirt node.
It's look like this bug: https://bugzilla.redhat.com/show_bug.cgi?id=1279161
On VM I have a bridge between a tap device and network interface. On node side the interface is bridged with bond0 vlan 128 (bond0.128 lacp).
When I ping an host on the other side of tap device I can see this:
Arp request goes from my lan to the tap device on vm. Arp reply return from tap vm and bridge forward this to vm networks interface. Using tcpdump on vm interface on node I can see the arp reply, using tcpdump on bond0.128 or on bridge I can't see the arp reply. Arp request is forwarded from bond0.128 to vm net but arp reply isn't forwarded from vm net to bond0.128.
Any chance that there is network filtering involved? Please check if the related vNIC profile has No Network Filter. If there is a Network Filter set, please shutdown the VM, set to No Network Filter in the vNIC profile, and start the VM again and check if the issue is gone.
Hi! No Network filter.... It was my first check.
_______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/WCD554AXHF7TQH...
-- Giulio Casella giulio at di.unimi.it System and network architect Computer Science Dept. - University of Milano
Already removed the network filter.... This is not the problem :( Il 14/05/2020 23:20, Giulio Casella ha scritto:
Maybe you can check the vm network filter. Take a look at Network -> vNic profile -> <name of VM network> and choose edit. If "Network Filter" has the default value "vdsm-no-mac-spoofing", it can prevent bridge normal behaviour. Maybe "No network filter" can do the magic.
HTH.
Cheers, Giulio
On 14/05/2020 17:16, Stefano Danzi wrote:
Il 14/05/2020 12:50, Dominik Holler ha scritto:
On Wed, May 13, 2020 at 9:44 PM s.danzi <s.danzi@hawai.it <mailto:s.danzi@hawai.it>> wrote:
Hi to all!
I'm having an issue with networks bridges on ovirt node.
It's look like this bug: https://bugzilla.redhat.com/show_bug.cgi?id=1279161
On VM I have a bridge between a tap device and network interface. On node side the interface is bridged with bond0 vlan 128 (bond0.128 lacp).
When I ping an host on the other side of tap device I can see this:
Arp request goes from my lan to the tap device on vm. Arp reply return from tap vm and bridge forward this to vm networks interface. Using tcpdump on vm interface on node I can see the arp reply, using tcpdump on bond0.128 or on bridge I can't see the arp reply. Arp request is forwarded from bond0.128 to vm net but arp reply isn't forwarded from vm net to bond0.128.
Any chance that there is network filtering involved? Please check if the related vNIC profile has No Network Filter. If there is a Network Filter set, please shutdown the VM, set to No Network Filter in the vNIC profile, and start the VM again and check if the issue is gone.
Hi! No Network filter.... It was my first check.
_______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/WCD554AXHF7TQH...
participants (5)
-
Dominik Holler -
Giulio Casella -
s.danzi -
Stefano Danzi
-
Strahil Nikolov