On Wed, May 13, 2020 at 9:44 PM s.danzi <s.danzi(a)hawai.it <mailto:s.danzi@hawai.it>> wrote: Hi to all! I'm having an issue with networks bridges on ovirt node. It's look like this bug: https://bugzilla.redhat.com/show_bug.cgi?id=1279161 On VM I have a bridge between a tap device and network interface.  On node side the interface is bridged with bond0 vlan 128 (bond0.128 lacp). When I ping an host on the other side of tap device I can see this: Arp request goes from my lan to the tap device on vm. Arp reply return from tap vm and bridge forward this to vm networks interface. Using tcpdump on vm interface on node I can see the arp reply, using tcpdump on bond0.128 or on bridge I can't see the arp reply.  Arp request is forwarded from bond0.128 to vm net but arp reply isn't forwarded from vm net to bond0.128. Any chance that there is network filtering involved? Please check if the related vNIC profile has No Network Filter. If there is a Network Filter set, please shutdown the VM, set to No Network Filter in the vNIC profile, and start the VM again and check if the issue is gone.

On May 14, 2020 6:16:06 PM GMT+03:00, Stefano Danzi <s.danzi(a)hawai.it&gt; wrote: > > Il 14/05/2020 12:50, Dominik Holler ha scritto: >> >> On Wed, May 13, 2020 at 9:44 PM s.danzi <s.danzi(a)hawai.it >> <mailto:s.danzi@hawai.it>> wrote: >> >> Hi to all! >> >> I'm having an issue with networks bridges on ovirt node. >> >> It's look like this bug: >> https://bugzilla.redhat.com/show_bug.cgi?id=1279161 >> >> On VM I have a bridge between a tap device and network > interface. >> On node side the interface is bridged with bond0 vlan 128 >> (bond0.128 lacp). >> >> When I ping an host on the other side of tap device I can see > this: >> Arp request goes from my lan to the tap device on vm. Arp reply >> return from tap vm and bridge forward this to vm networks >> interface. Using tcpdump on vm interface on node I can see the > arp >> reply, using tcpdump on bond0.128 or on bridge I can't see the > arp >> reply.  Arp request is forwarded from bond0.128 to vm net but arp >> reply isn't forwarded from vm net to bond0.128. >> >> >> >> Any chance that there is network filtering involved? >> Please check if the related vNIC profile has No Network Filter. >> If there is a Network Filter set, please shutdown the VM, set to No >> Network Filter in the vNIC profile, and start the VM again and check >> if the issue is gone. > Hi! No Network filter.... It was my first check. Have you checked the MTU ? You need to keep it a little bit lower on the VM, as you have vlan on the hypervisor. Best Regards, Strahil Nikolov

On Fri, May 15, 2020 at 9:35 AM Stefano Danzi <s.danzi(a)hawai.it <mailto:s.danzi@hawai.it>> wrote: Il 14/05/2020 20:13, Strahil Nikolov ha scritto: > On May 14, 2020 6:16:06 PM GMT+03:00, Stefano Danzi <s.danzi(a)hawai.it <mailto:s.danzi@hawai.it>> wrote: >> >> Il 14/05/2020 12:50, Dominik Holler ha scritto: >>> >>> On Wed, May 13, 2020 at 9:44 PM s.danzi <s.danzi(a)hawai.it <mailto:s.danzi@hawai.it> >>> <mailto:s.danzi@hawai.it <mailto:s.danzi@hawai.it>>> wrote: >>> >>>      Hi to all! >>> >>>      I'm having an issue with networks bridges on ovirt node. >>> >>>      It's look like this bug: >>> https://bugzilla.redhat.com/show_bug.cgi?id=1279161 >>> >>>      On VM I have a bridge between a tap device and network >> interface. >>>      On node side the interface is bridged with bond0 vlan 128 >>>      (bond0.128 lacp). >>> >>>      When I ping an host on the other side of tap device I can see >> this: >>>      Arp request goes from my lan to the tap device on vm. Arp reply >>>      return from tap vm and bridge forward this to vm networks >>>      interface. Using tcpdump on vm interface on node I can see the >> arp >>>      reply, using tcpdump on bond0.128 or on bridge I can't see the >> arp >>>      reply.  Arp request is forwarded from bond0.128 to vm net but arp >>>      reply isn't forwarded from vm net to bond0.128. >>> >>> >>> >>> Any chance that there is network filtering involved? >>> Please check if the related vNIC profile has No Network Filter. >>> If there is a Network Filter set, please shutdown the VM, set to No >>> Network Filter in the vNIC profile, and start the VM again and check >>> if the issue is gone. >> Hi! No Network filter.... It was my first check. Did you power off the VM after removing the network filter from the vNIC profile? There is currently no indication of the running vNIC configuration does not match the desired configuration (BZ1113630).

> Have you checked the MTU ? > You need to keep it a little bit lower on the VM, as you have vlan on the hypervisor. > > Best Regards, > Strahil Nikolov Hi! I have to check, but it is strange..... Arp replies originated from the VM has not problems, only ARP replies that came from TAP device in VM where not forwarded to real LAN. Do you have a TAP device inside the VM?

Exactly as descived in bz1279161 (that's solved in bz1135347 but it's not public and I can't read it) Unfortunately BZ1135347 does not look helpful here.

> Hi! I have to check, but it is strange..... > Arp replies originated from the VM has not problems, only ARP > replies > that came from TAP device in VM where not forwarded to real LAN. > > > Do you have a TAP device inside the VM? Yes! This VM act as L2 VPN server. Inside the VM tap device is bridged with vm lan adapter. This should work, so let me ask some detailed questions: Does the issue reproduce, if you are using a single NIC instead of a bond? Can you please share the output of bridge fdb show br ovirtmgmt and brctl showmacs ovirtmgmt while replacing ovirtmgmt with the name of your bridge? What are relevant MAC addresses like bridge/bond, vNIC and tun device in the output? What is the output of ebtables -t filter -L ? The thread [ovirt-users] DHCP Client in Guest VM does not work on ovirtmgmt https://lists.ovirt.org/archives/list/users@ovirt.org/thread/566IC5K2B2JJ... might be similar. > Exactly as descived in bz1279161 (that's solved in bz1135347 > but it's > not public and I can't read it) > > > Unfortunately BZ1135347 does not look helpful here.

Il 14/05/2020 12:50, Dominik Holler ha scritto: > > > On Wed, May 13, 2020 at 9:44 PM s.danzi <s.danzi(a)hawai.it > <mailto:s.danzi@hawai.it>> wrote: > > Hi to all! > > I'm having an issue with networks bridges on ovirt node. > > It's look like this bug: > https://bugzilla.redhat.com/show_bug.cgi?id=1279161 > > On VM I have a bridge between a tap device and network interface. > On node side the interface is bridged with bond0 vlan 128 > (bond0.128 lacp). > > When I ping an host on the other side of tap device I can see this: > > Arp request goes from my lan to the tap device on vm. Arp reply > return from tap vm and bridge forward this to vm networks > interface. Using tcpdump on vm interface on node I can see the arp > reply, using tcpdump on bond0.128 or on bridge I can't see the arp > reply.  Arp request is forwarded from bond0.128 to vm net but arp > reply isn't forwarded from vm net to bond0.128. > > > > Any chance that there is network filtering involved? > Please check if the related vNIC profile has No Network Filter. > If there is a Network Filter set, please shutdown the VM, set to No > Network Filter in the vNIC profile, and start the VM again and check > if the issue is gone. Hi! No Network filter.... It was my first check. _______________________________________________ Users mailing list -- users(a)ovirt.org To unsubscribe send an email to users-leave(a)ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/WCD554AXHF7...