10:01 a.m.
Hi all:
I've got my ovirt cluster up, but am facing an odd situation that I haven't
pinned down. I've also run into someone on the IRC channel with the same
bug, no solutions as of yet. Google also hasn't helped.
My goal is this:
1 physical NIC; two networks:
ovirtmgmt (untagged)
Public (vlan 2)
ovirtmgmt works great. a VM on Public cannot talk to anything off the host.
Steps to set up:
Datacenter -> networks: created network, checked vm network, checked vlan,
put 2 in the tag box. Set required. Save.
I only have one cluster (default), and it automatically added it there. I
went to the hosts in the cluster, and dragged the unassigned Public network
onto the nic (which already has ovirtmgmt on it). After completing on all
three of my hosts, the network shows online.
Create VM, assign to Public, inside VM assign its IP, and it cannot talk to
the world.
In troubleshooting, I assigned another IP to the host itself (click pencil
in host network settings). VM can ping host. SSH into host, host CAN ping
other machines on the net and the router for the net. VM cannot ping
anything but host (only have one VM on that host currently). VM is
isolated until I move it to ovirtmgmt network, then it can get off the host
to the world, etc.
I tried disabling iptables just in case, but that had no effect.
How do I troubleshoot this further?
--Jim
10:48 a.m.
On Sun, Jan 1, 2017 at 9:01 AM, Jim Kusznir <jim(a)palousetech.com> wrote:
Hi all:
I've got my ovirt cluster up, but am facing an odd situation that I
haven't pinned down. I've also run into someone on the IRC channel with
the same bug, no solutions as of yet. Google also hasn't helped.
My goal is this:
1 physical NIC; two networks:
ovirtmgmt (untagged)
Public (vlan 2)
ovirtmgmt works great. a VM on Public cannot talk to anything off the
host.
Steps to set up:
Datacenter -> networks: created network, checked vm network, checked vlan,
put 2 in the tag box. Set required. Save.
I only have one cluster (default), and it automatically added it there. I
went to the hosts in the cluster, and dragged the unassigned Public network
onto the nic (which already has ovirtmgmt on it). After completing on all
three of my hosts, the network shows online.
Create VM, assign to Public, inside VM assign its IP, and it cannot talk
to the world.
In troubleshooting, I assigned another IP to the host itself (click pencil
in host network settings). VM can ping host. SSH into host, host CAN ping
other machines on the net and the router for the net. VM cannot ping
anything but host (only have one VM on that host currently). VM is
isolated until I move it to ovirtmgmt network, then it can get off the host
to the world, etc.
I tried disabling iptables just in case, but that had no effect.
How do I troubleshoot this further?
--Jim
Hi Jim,
You could create another VM to check if there is connectivity between them.
Then use tcpdump on the host bridge and on your nic while you ping, check
if you see the packets and their correct tag.
I would also check if you have by mistake a duplicate mac address for the
VM (your will need to check your switch for that).
How did you configured the switch this nic is connected to?
You could also share your current setup config for us to see: (from host
and VM)
- ip addr
- ip route
- brctl show (only for host)
Thanks,
Edy.
11:50 a.m.
I currently only have two IPs assigned to me...I can try and take another,
but that may not route out of the rack. I've got the VM on one of the IPs
and the host on the other currently.
The switch is a "web-managed" basic 8-port switch (thrown in for testing
while the "real" switch is in transit). It has the 3 ports the hosts are
plugged in configured with vlan 1 untagged, set as PVID, and vlan 2
tagged. Another port on the switch is untagged on vlan 1 connected to the
router for the ovirtmgmt network (protected by a VPN, but not "burning"
public IPs for mgmt purposes), another couple ports are untagged on vlan
2. One of those ports goes out of the rack, another goes to the router's
internet port. Router gets to the internet just fine.
VM:
kusznir@FusionPBX:~$ ip address
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
UP group default qlen 1000
link/ether 00:1a:4a:16:01:51 brd ff:ff:ff:ff:ff:ff
inet 162.248.147.31/24 brd 162.248.147.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::21a:4aff:fe16:151/64 scope link
valid_lft forever preferred_lft forever
kusznir@FusionPBX:~$ ip route
default via 162.248.147.1 dev eth0
162.248.147.0/24 dev eth0 proto kernel scope link src 162.248.147.31
kusznir@FusionPBX:~$
Host:
[root@ovirt3 ~]# ip address
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: em1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master
ovirtmgmt state UP qlen 1000
link/ether 00:21:9b:98:2f:44 brd ff:ff:ff:ff:ff:ff
3: em2: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN qlen 1000
link/ether 00:21:9b:98:2f:46 brd ff:ff:ff:ff:ff:ff
4: em3: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN qlen 1000
link/ether 00:21:9b:98:2f:48 brd ff:ff:ff:ff:ff:ff
5: em4: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN
qlen 1000
link/ether 00:21:9b:98:2f:4a brd ff:ff:ff:ff:ff:ff
6: ;vdsmdummy;: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN
link/ether 8e:1b:51:60:87:55 brd ff:ff:ff:ff:ff:ff
7: ovirtmgmt: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
state UP
link/ether 00:21:9b:98:2f:44 brd ff:ff:ff:ff:ff:ff
inet 192.168.8.13/24 brd 192.168.8.255 scope global dynamic ovirtmgmt
valid_lft 54830sec preferred_lft 54830sec
11: em1.2@em1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
master Public_Cable state UP
link/ether 00:21:9b:98:2f:44 brd ff:ff:ff:ff:ff:ff
12: Public_Cable: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
state UP
link/ether 00:21:9b:98:2f:44 brd ff:ff:ff:ff:ff:ff
inet 162.248.147.33/24 brd 162.248.147.255 scope global Public_Cable
valid_lft forever preferred_lft forever
14: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
master ovirtmgmt state UNKNOWN qlen 500
link/ether fe:1a:4a:16:01:54 brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc1a:4aff:fe16:154/64 scope link
valid_lft forever preferred_lft forever
15: vnet1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
master ovirtmgmt state UNKNOWN qlen 500
link/ether fe:1a:4a:16:01:52 brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc1a:4aff:fe16:152/64 scope link
valid_lft forever preferred_lft forever
16: vnet2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
master ovirtmgmt state UNKNOWN qlen 500
link/ether fe:1a:4a:16:01:53 brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc1a:4aff:fe16:153/64 scope link
valid_lft forever preferred_lft forever
17: vnet3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
master Public_Cable state UNKNOWN qlen 500
link/ether fe:1a:4a:16:01:51 brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc1a:4aff:fe16:151/64 scope link
valid_lft forever preferred_lft forever
[root@ovirt3 ~]# ip route
default via 192.168.8.1 dev ovirtmgmt
162.248.147.0/24 dev Public_Cable proto kernel scope link src
162.248.147.33
169.254.0.0/16 dev ovirtmgmt scope link metric 1007
169.254.0.0/16 dev Public_Cable scope link metric 1012
192.168.8.0/24 dev ovirtmgmt proto kernel scope link src 192.168.8.13
[root@ovirt3 ~]# brctl show
bridge name bridge id STP enabled interfaces
;vdsmdummy; 8000.000000000000 no
Public_Cable 8000.00219b982f44 no em1.2
vnet3
ovirtmgmt 8000.00219b982f44 no em1
vnet0
vnet1
vnet2
[root@ovirt3 ~]#
I did see that the cluster settings has a switch type setting; currently at
the default "LEGACY", it also has "OVS" as an option. Not sure if
that
matters or not.
I configured another VM on the network, and static'ed an IP, and could ping
the other VM as well as the host, but not the internet. The host can still
ping the internet.
--Jim
12:26 p.m.
On Sun, Jan 1, 2017 at 10:50 AM, Jim Kusznir <jim(a)palousetech.com> wrote:
I currently only have two IPs assigned to me...I can try and take
another,
but that may not route out of the rack. I've got the VM on one of the IPs
and the host on the other currently.
The switch is a "web-managed" basic 8-port switch (thrown in for testing
while the "real" switch is in transit). It has the 3 ports the hosts are
plugged in configured with vlan 1 untagged, set as PVID, and vlan 2
tagged. Another port on the switch is untagged on vlan 1 connected to the
router for the ovirtmgmt network (protected by a VPN, but not "burning"
public IPs for mgmt purposes), another couple ports are untagged on vlan
2. One of those ports goes out of the rack, another goes to the router's
internet port. Router gets to the internet just fine.
VM:
kusznir@FusionPBX:~$ ip address
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UP group default qlen 1000
link/ether 00:1a:4a:16:01:51 brd ff:ff:ff:ff:ff:ff
inet 162.248.147.31/24 brd 162.248.147.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::21a:4aff:fe16:151/64 scope link
valid_lft forever preferred_lft forever
kusznir@FusionPBX:~$ ip route
default via 162.248.147.1 dev eth0
162.248.147.0/24 dev eth0 proto kernel scope link src 162.248.147.31
kusznir@FusionPBX:~$
Host:
[root@ovirt3 ~]# ip address
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: em1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master
ovirtmgmt state UP qlen 1000
link/ether 00:21:9b:98:2f:44 brd ff:ff:ff:ff:ff:ff
3: em2: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN qlen 1000
link/ether 00:21:9b:98:2f:46 brd ff:ff:ff:ff:ff:ff
4: em3: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN qlen 1000
link/ether 00:21:9b:98:2f:48 brd ff:ff:ff:ff:ff:ff
5: em4: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN
qlen 1000
link/ether 00:21:9b:98:2f:4a brd ff:ff:ff:ff:ff:ff
6: ;vdsmdummy;: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN
link/ether 8e:1b:51:60:87:55 brd ff:ff:ff:ff:ff:ff
7: ovirtmgmt: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
state UP
link/ether 00:21:9b:98:2f:44 brd ff:ff:ff:ff:ff:ff
inet 192.168.8.13/24 brd 192.168.8.255 scope global dynamic ovirtmgmt
valid_lft 54830sec preferred_lft 54830sec
11: em1.2@em1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
master Public_Cable state UP
link/ether 00:21:9b:98:2f:44 brd ff:ff:ff:ff:ff:ff
12: Public_Cable: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
noqueue state UP
link/ether 00:21:9b:98:2f:44 brd ff:ff:ff:ff:ff:ff
inet 162.248.147.33/24 brd 162.248.147.255 scope global Public_Cable
valid_lft forever preferred_lft forever
14: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
master ovirtmgmt state UNKNOWN qlen 500
link/ether fe:1a:4a:16:01:54 brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc1a:4aff:fe16:154/64 scope link
valid_lft forever preferred_lft forever
15: vnet1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
master ovirtmgmt state UNKNOWN qlen 500
link/ether fe:1a:4a:16:01:52 brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc1a:4aff:fe16:152/64 scope link
valid_lft forever preferred_lft forever
16: vnet2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
master ovirtmgmt state UNKNOWN qlen 500
link/ether fe:1a:4a:16:01:53 brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc1a:4aff:fe16:153/64 scope link
valid_lft forever preferred_lft forever
17: vnet3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
master Public_Cable state UNKNOWN qlen 500
link/ether fe:1a:4a:16:01:51 brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc1a:4aff:fe16:151/64 scope link
valid_lft forever preferred_lft forever
[root@ovirt3 ~]# ip route
default via 192.168.8.1 dev ovirtmgmt
162.248.147.0/24 dev Public_Cable proto kernel scope link src
162.248.147.33
169.254.0.0/16 dev ovirtmgmt scope link metric 1007
169.254.0.0/16 dev Public_Cable scope link metric 1012
192.168.8.0/24 dev ovirtmgmt proto kernel scope link src 192.168.8.13
[root@ovirt3 ~]# brctl show
bridge name bridge id STP enabled interfaces
;vdsmdummy; 8000.000000000000 no
Public_Cable 8000.00219b982f44 no em1.2
vnet3
ovirtmgmt 8000.00219b982f44 no em1
vnet0
vnet1
vnet2
[root@ovirt3 ~]#
I did see that the cluster settings has a switch type setting; currently
at the default "LEGACY", it also has "OVS" as an option. Not sure if
that
matters or not.
I configured another VM on the network, and static'ed an IP, and could
ping the other VM as well as the host, but not the internet. The host can
still ping the internet.
--Jim
What address are you pinging the internet?
For the successful ping, can you use ping -I (capital i) to choose the
source address you exit the host with?
8:16 p.m.
I pinged both the router on the subnet and a host IP in-between the two
ip's.
[root@ovirt3 ~]# ping -I 162.248.147.33 162.248.147.1
PING 162.248.147.1 (162.248.147.1) from 162.248.147.33 : 56(84) bytes of
data.
64 bytes from 162.248.147.1: icmp_seq=1 ttl=255 time=8.17 ms
64 bytes from 162.248.147.1: icmp_seq=2 ttl=255 time=7.47 ms
64 bytes from 162.248.147.1: icmp_seq=3 ttl=255 time=7.53 ms
64 bytes from 162.248.147.1: icmp_seq=4 ttl=255 time=8.42 ms
^C
--- 162.248.147.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 7.475/7.901/8.424/0.420 ms
[root@ovirt3 ~]#
The VM only has its public IP.
--Jim
On Jan 1, 2017 01:26, "Edward Haas" <ehaas(a)redhat.com> wrote:
On Sun, Jan 1, 2017 at 10:50 AM, Jim Kusznir <jim(a)palousetech.com> wrote:
> I currently only have two IPs assigned to me...I can try and take
> another, but that may not route out of the rack. I've got the VM on one of
> the IPs and the host on the other currently.
>
> The switch is a "web-managed" basic 8-port switch (thrown in for testing
> while the "real" switch is in transit). It has the 3 ports the hosts are
> plugged in configured with vlan 1 untagged, set as PVID, and vlan 2
> tagged. Another port on the switch is untagged on vlan 1 connected to the
> router for the ovirtmgmt network (protected by a VPN, but not "burning"
> public IPs for mgmt purposes), another couple ports are untagged on vlan
> 2. One of those ports goes out of the rack, another goes to the router's
> internet port. Router gets to the internet just fine.
>
> VM:
> kusznir@FusionPBX:~$ ip address
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
> default
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> inet 127.0.0.1/8 scope host lo
> valid_lft forever preferred_lft forever
> inet6 ::1/128 scope host
> valid_lft forever preferred_lft forever
> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
> state UP group default qlen 1000
> link/ether 00:1a:4a:16:01:51 brd ff:ff:ff:ff:ff:ff
> inet 162.248.147.31/24 brd 162.248.147.255 scope global eth0
> valid_lft forever preferred_lft forever
> inet6 fe80::21a:4aff:fe16:151/64 scope link
> valid_lft forever preferred_lft forever
> kusznir@FusionPBX:~$ ip route
> default via 162.248.147.1 dev eth0
> 162.248.147.0/24 dev eth0 proto kernel scope link src 162.248.147.31
> kusznir@FusionPBX:~$
>
> Host:
> [root@ovirt3 ~]# ip address
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> inet 127.0.0.1/8 scope host lo
> valid_lft forever preferred_lft forever
> inet6 ::1/128 scope host
> valid_lft forever preferred_lft forever
> 2: em1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master
> ovirtmgmt state UP qlen 1000
> link/ether 00:21:9b:98:2f:44 brd ff:ff:ff:ff:ff:ff
> 3: em2: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN qlen 1000
> link/ether 00:21:9b:98:2f:46 brd ff:ff:ff:ff:ff:ff
> 4: em3: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN qlen 1000
> link/ether 00:21:9b:98:2f:48 brd ff:ff:ff:ff:ff:ff
> 5: em4: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN
> qlen 1000
> link/ether 00:21:9b:98:2f:4a brd ff:ff:ff:ff:ff:ff
> 6: ;vdsmdummy;: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN
> link/ether 8e:1b:51:60:87:55 brd ff:ff:ff:ff:ff:ff
> 7: ovirtmgmt: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
> state UP
> link/ether 00:21:9b:98:2f:44 brd ff:ff:ff:ff:ff:ff
> inet 192.168.8.13/24 brd 192.168.8.255 scope global dynamic ovirtmgmt
> valid_lft 54830sec preferred_lft 54830sec
> 11: em1.2@em1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
> master Public_Cable state UP
> link/ether 00:21:9b:98:2f:44 brd ff:ff:ff:ff:ff:ff
> 12: Public_Cable: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
> noqueue state UP
> link/ether 00:21:9b:98:2f:44 brd ff:ff:ff:ff:ff:ff
> inet 162.248.147.33/24 brd 162.248.147.255 scope global Public_Cable
> valid_lft forever preferred_lft forever
> 14: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
> master ovirtmgmt state UNKNOWN qlen 500
> link/ether fe:1a:4a:16:01:54 brd ff:ff:ff:ff:ff:ff
> inet6 fe80::fc1a:4aff:fe16:154/64 scope link
> valid_lft forever preferred_lft forever
> 15: vnet1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
> master ovirtmgmt state UNKNOWN qlen 500
> link/ether fe:1a:4a:16:01:52 brd ff:ff:ff:ff:ff:ff
> inet6 fe80::fc1a:4aff:fe16:152/64 scope link
> valid_lft forever preferred_lft forever
> 16: vnet2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
> master ovirtmgmt state UNKNOWN qlen 500
> link/ether fe:1a:4a:16:01:53 brd ff:ff:ff:ff:ff:ff
> inet6 fe80::fc1a:4aff:fe16:153/64 scope link
> valid_lft forever preferred_lft forever
> 17: vnet3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
> master Public_Cable state UNKNOWN qlen 500
> link/ether fe:1a:4a:16:01:51 brd ff:ff:ff:ff:ff:ff
> inet6 fe80::fc1a:4aff:fe16:151/64 scope link
> valid_lft forever preferred_lft forever
> [root@ovirt3 ~]# ip route
> default via 192.168.8.1 dev ovirtmgmt
> 162.248.147.0/24 dev Public_Cable proto kernel scope link src
> 162.248.147.33
> 169.254.0.0/16 dev ovirtmgmt scope link metric 1007
> 169.254.0.0/16 dev Public_Cable scope link metric 1012
> 192.168.8.0/24 dev ovirtmgmt proto kernel scope link src 192.168.8.13
> [root@ovirt3 ~]# brctl show
> bridge name bridge id STP enabled interfaces
> ;vdsmdummy; 8000.000000000000 no
> Public_Cable 8000.00219b982f44 no em1.2
> vnet3
> ovirtmgmt 8000.00219b982f44 no em1
> vnet0
> vnet1
> vnet2
> [root@ovirt3 ~]#
>
> I did see that the cluster settings has a switch type setting; currently
> at the default "LEGACY", it also has "OVS" as an option. Not
sure if that
> matters or not.
>
> I configured another VM on the network, and static'ed an IP, and could
> ping the other VM as well as the host, but not the internet. The host can
> still ping the internet.
>
> --Jim
>
What address are you pinging the internet?
For the successful ping, can you use ping -I (capital i) to choose the
source address you exit the host with?
10:57 a.m.
On Sun, Jan 1, 2017 at 7:16 PM, Jim Kusznir <jim(a)palousetech.com> wrote:
I pinged both the router on the subnet and a host IP in-between the
two
ip's.
[root@ovirt3 ~]# ping -I 162.248.147.33 162.248.147.1
PING 162.248.147.1 (162.248.147.1) from 162.248.147.33 : 56(84) bytes of
data.
64 bytes from 162.248.147.1: icmp_seq=1 ttl=255 time=8.17 ms
64 bytes from 162.248.147.1: icmp_seq=2 ttl=255 time=7.47 ms
64 bytes from 162.248.147.1: icmp_seq=3 ttl=255 time=7.53 ms
64 bytes from 162.248.147.1: icmp_seq=4 ttl=255 time=8.42 ms
^C
--- 162.248.147.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 7.475/7.901/8.424/0.420 ms
[root@ovirt3 ~]#
The VM only has its public IP.
--Jim
Very strange, all looks good to me.
I can try to help you debug using tcpdump, just send me the details for
remote connection on private.
It will also help if you join the vdsm or ovir IRC channels.
On Jan 1, 2017 01:26, "Edward Haas" <ehaas(a)redhat.com> wrote:
>
>
> On Sun, Jan 1, 2017 at 10:50 AM, Jim Kusznir <jim(a)palousetech.com> wrote:
>
>> I currently only have two IPs assigned to me...I can try and take
>> another, but that may not route out of the rack. I've got the VM on one of
>> the IPs and the host on the other currently.
>>
>> The switch is a "web-managed" basic 8-port switch (thrown in for
testing
>> while the "real" switch is in transit). It has the 3 ports the hosts
are
>> plugged in configured with vlan 1 untagged, set as PVID, and vlan 2
>> tagged. Another port on the switch is untagged on vlan 1 connected to the
>> router for the ovirtmgmt network (protected by a VPN, but not
"burning"
>> public IPs for mgmt purposes), another couple ports are untagged on vlan
>> 2. One of those ports goes out of the rack, another goes to the router's
>> internet port. Router gets to the internet just fine.
>>
>> VM:
>> kusznir@FusionPBX:~$ ip address
>> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
>> group default
>> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>> inet 127.0.0.1/8 scope host lo
>> valid_lft forever preferred_lft forever
>> inet6 ::1/128 scope host
>> valid_lft forever preferred_lft forever
>> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
>> state UP group default qlen 1000
>> link/ether 00:1a:4a:16:01:51 brd ff:ff:ff:ff:ff:ff
>> inet 162.248.147.31/24 brd 162.248.147.255 scope global eth0
>> valid_lft forever preferred_lft forever
>> inet6 fe80::21a:4aff:fe16:151/64 scope link
>> valid_lft forever preferred_lft forever
>> kusznir@FusionPBX:~$ ip route
>> default via 162.248.147.1 dev eth0
>> 162.248.147.0/24 dev eth0 proto kernel scope link src 162.248.147.31
>> kusznir@FusionPBX:~$
>>
>> Host:
>> [root@ovirt3 ~]# ip address
>> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
>> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>> inet 127.0.0.1/8 scope host lo
>> valid_lft forever preferred_lft forever
>> inet6 ::1/128 scope host
>> valid_lft forever preferred_lft forever
>> 2: em1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master
>> ovirtmgmt state UP qlen 1000
>> link/ether 00:21:9b:98:2f:44 brd ff:ff:ff:ff:ff:ff
>> 3: em2: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN qlen 1000
>> link/ether 00:21:9b:98:2f:46 brd ff:ff:ff:ff:ff:ff
>> 4: em3: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN qlen 1000
>> link/ether 00:21:9b:98:2f:48 brd ff:ff:ff:ff:ff:ff
>> 5: em4: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state
>> DOWN qlen 1000
>> link/ether 00:21:9b:98:2f:4a brd ff:ff:ff:ff:ff:ff
>> 6: ;vdsmdummy;: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN
>> link/ether 8e:1b:51:60:87:55 brd ff:ff:ff:ff:ff:ff
>> 7: ovirtmgmt: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
>> state UP
>> link/ether 00:21:9b:98:2f:44 brd ff:ff:ff:ff:ff:ff
>> inet 192.168.8.13/24 brd 192.168.8.255 scope global dynamic
>> ovirtmgmt
>> valid_lft 54830sec preferred_lft 54830sec
>> 11: em1.2@em1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
>> master Public_Cable state UP
>> link/ether 00:21:9b:98:2f:44 brd ff:ff:ff:ff:ff:ff
>> 12: Public_Cable: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
>> noqueue state UP
>> link/ether 00:21:9b:98:2f:44 brd ff:ff:ff:ff:ff:ff
>> inet 162.248.147.33/24 brd 162.248.147.255 scope global Public_Cable
>> valid_lft forever preferred_lft forever
>> 14: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
>> master ovirtmgmt state UNKNOWN qlen 500
>> link/ether fe:1a:4a:16:01:54 brd ff:ff:ff:ff:ff:ff
>> inet6 fe80::fc1a:4aff:fe16:154/64 scope link
>> valid_lft forever preferred_lft forever
>> 15: vnet1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
>> master ovirtmgmt state UNKNOWN qlen 500
>> link/ether fe:1a:4a:16:01:52 brd ff:ff:ff:ff:ff:ff
>> inet6 fe80::fc1a:4aff:fe16:152/64 scope link
>> valid_lft forever preferred_lft forever
>> 16: vnet2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
>> master ovirtmgmt state UNKNOWN qlen 500
>> link/ether fe:1a:4a:16:01:53 brd ff:ff:ff:ff:ff:ff
>> inet6 fe80::fc1a:4aff:fe16:153/64 scope link
>> valid_lft forever preferred_lft forever
>> 17: vnet3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
>> master Public_Cable state UNKNOWN qlen 500
>> link/ether fe:1a:4a:16:01:51 brd ff:ff:ff:ff:ff:ff
>> inet6 fe80::fc1a:4aff:fe16:151/64 scope link
>> valid_lft forever preferred_lft forever
>> [root@ovirt3 ~]# ip route
>> default via 192.168.8.1 dev ovirtmgmt
>> 162.248.147.0/24 dev Public_Cable proto kernel scope link src
>> 162.248.147.33
>> 169.254.0.0/16 dev ovirtmgmt scope link metric 1007
>> 169.254.0.0/16 dev Public_Cable scope link metric 1012
>> 192.168.8.0/24 dev ovirtmgmt proto kernel scope link src
>> 192.168.8.13
>> [root@ovirt3 ~]# brctl show
>> bridge name bridge id STP enabled interfaces
>> ;vdsmdummy; 8000.000000000000 no
>> Public_Cable 8000.00219b982f44 no em1.2
>> vnet3
>> ovirtmgmt 8000.00219b982f44 no em1
>> vnet0
>> vnet1
>> vnet2
>> [root@ovirt3 ~]#
>>
>> I did see that the cluster settings has a switch type setting; currently
>> at the default "LEGACY", it also has "OVS" as an option. Not
sure if that
>> matters or not.
>>
>> I configured another VM on the network, and static'ed an IP, and could
>> ping the other VM as well as the host, but not the internet. The host can
>> still ping the internet.
>>
>> --Jim
>>
>
>
> What address are you pinging the internet?
> For the successful ping, can you use ping -I (capital i) to choose the
> source address you exit the host with?
>
>
9:20 p.m.
Actually, I finally was able to identify the issue and fix it...Turns out
(as you probably expected), it wasn't ovirt...
My upstream provider had some wierd security left over, it limited the MAC
addresses permitted to exit the building, and my ovirt host made the list
somehow while my VMs did not.
I now have two VMs on two different nodes that are online!
Thank you for your help!
--Jim
On Sun, Jan 1, 2017 at 11:57 PM, Edward Haas <ehaas(a)redhat.com> wrote:
On Sun, Jan 1, 2017 at 7:16 PM, Jim Kusznir <jim(a)palousetech.com> wrote:
> I pinged both the router on the subnet and a host IP in-between the two
> ip's.
>
> [root@ovirt3 ~]# ping -I 162.248.147.33 162.248.147.1
> PING 162.248.147.1 (162.248.147.1) from 162.248.147.33 : 56(84) bytes of
> data.
> 64 bytes from 162.248.147.1: icmp_seq=1 ttl=255 time=8.17 ms
> 64 bytes from 162.248.147.1: icmp_seq=2 ttl=255 time=7.47 ms
> 64 bytes from 162.248.147.1: icmp_seq=3 ttl=255 time=7.53 ms
> 64 bytes from 162.248.147.1: icmp_seq=4 ttl=255 time=8.42 ms
> ^C
> --- 162.248.147.1 ping statistics ---
> 4 packets transmitted, 4 received, 0% packet loss, time 3004ms
> rtt min/avg/max/mdev = 7.475/7.901/8.424/0.420 ms
> [root@ovirt3 ~]#
>
> The VM only has its public IP.
>
> --Jim
>
Very strange, all looks good to me.
I can try to help you debug using tcpdump, just send me the details for
remote connection on private.
It will also help if you join the vdsm or ovir IRC channels.
>
> On Jan 1, 2017 01:26, "Edward Haas" <ehaas(a)redhat.com> wrote:
>
>>
>>
>> On Sun, Jan 1, 2017 at 10:50 AM, Jim Kusznir <jim(a)palousetech.com>
>> wrote:
>>
>>> I currently only have two IPs assigned to me...I can try and take
>>> another, but that may not route out of the rack. I've got the VM on one
of
>>> the IPs and the host on the other currently.
>>>
>>> The switch is a "web-managed" basic 8-port switch (thrown in for
>>> testing while the "real" switch is in transit). It has the 3 ports
the
>>> hosts are plugged in configured with vlan 1 untagged, set as PVID, and vlan
>>> 2 tagged. Another port on the switch is untagged on vlan 1 connected to
>>> the router for the ovirtmgmt network (protected by a VPN, but not
"burning"
>>> public IPs for mgmt purposes), another couple ports are untagged on vlan
>>> 2. One of those ports goes out of the rack, another goes to the
router's
>>> internet port. Router gets to the internet just fine.
>>>
>>> VM:
>>> kusznir@FusionPBX:~$ ip address
>>> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
>>> group default
>>> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>>> inet 127.0.0.1/8 scope host lo
>>> valid_lft forever preferred_lft forever
>>> inet6 ::1/128 scope host
>>> valid_lft forever preferred_lft forever
>>> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
>>> state UP group default qlen 1000
>>> link/ether 00:1a:4a:16:01:51 brd ff:ff:ff:ff:ff:ff
>>> inet 162.248.147.31/24 brd 162.248.147.255 scope global eth0
>>> valid_lft forever preferred_lft forever
>>> inet6 fe80::21a:4aff:fe16:151/64 scope link
>>> valid_lft forever preferred_lft forever
>>> kusznir@FusionPBX:~$ ip route
>>> default via 162.248.147.1 dev eth0
>>> 162.248.147.0/24 dev eth0 proto kernel scope link src
>>> 162.248.147.31
>>> kusznir@FusionPBX:~$
>>>
>>> Host:
>>> [root@ovirt3 ~]# ip address
>>> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
>>> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>>> inet 127.0.0.1/8 scope host lo
>>> valid_lft forever preferred_lft forever
>>> inet6 ::1/128 scope host
>>> valid_lft forever preferred_lft forever
>>> 2: em1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master
>>> ovirtmgmt state UP qlen 1000
>>> link/ether 00:21:9b:98:2f:44 brd ff:ff:ff:ff:ff:ff
>>> 3: em2: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN qlen 1000
>>> link/ether 00:21:9b:98:2f:46 brd ff:ff:ff:ff:ff:ff
>>> 4: em3: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN qlen 1000
>>> link/ether 00:21:9b:98:2f:48 brd ff:ff:ff:ff:ff:ff
>>> 5: em4: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state
>>> DOWN qlen 1000
>>> link/ether 00:21:9b:98:2f:4a brd ff:ff:ff:ff:ff:ff
>>> 6: ;vdsmdummy;: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN
>>> link/ether 8e:1b:51:60:87:55 brd ff:ff:ff:ff:ff:ff
>>> 7: ovirtmgmt: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
>>> state UP
>>> link/ether 00:21:9b:98:2f:44 brd ff:ff:ff:ff:ff:ff
>>> inet 192.168.8.13/24 brd 192.168.8.255 scope global dynamic
>>> ovirtmgmt
>>> valid_lft 54830sec preferred_lft 54830sec
>>> 11: em1.2@em1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
>>> noqueue master Public_Cable state UP
>>> link/ether 00:21:9b:98:2f:44 brd ff:ff:ff:ff:ff:ff
>>> 12: Public_Cable: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
>>> noqueue state UP
>>> link/ether 00:21:9b:98:2f:44 brd ff:ff:ff:ff:ff:ff
>>> inet 162.248.147.33/24 brd 162.248.147.255 scope global
>>> Public_Cable
>>> valid_lft forever preferred_lft forever
>>> 14: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
>>> master ovirtmgmt state UNKNOWN qlen 500
>>> link/ether fe:1a:4a:16:01:54 brd ff:ff:ff:ff:ff:ff
>>> inet6 fe80::fc1a:4aff:fe16:154/64 scope link
>>> valid_lft forever preferred_lft forever
>>> 15: vnet1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
>>> master ovirtmgmt state UNKNOWN qlen 500
>>> link/ether fe:1a:4a:16:01:52 brd ff:ff:ff:ff:ff:ff
>>> inet6 fe80::fc1a:4aff:fe16:152/64 scope link
>>> valid_lft forever preferred_lft forever
>>> 16: vnet2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
>>> master ovirtmgmt state UNKNOWN qlen 500
>>> link/ether fe:1a:4a:16:01:53 brd ff:ff:ff:ff:ff:ff
>>> inet6 fe80::fc1a:4aff:fe16:153/64 scope link
>>> valid_lft forever preferred_lft forever
>>> 17: vnet3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
>>> master Public_Cable state UNKNOWN qlen 500
>>> link/ether fe:1a:4a:16:01:51 brd ff:ff:ff:ff:ff:ff
>>> inet6 fe80::fc1a:4aff:fe16:151/64 scope link
>>> valid_lft forever preferred_lft forever
>>> [root@ovirt3 ~]# ip route
>>> default via 192.168.8.1 dev ovirtmgmt
>>> 162.248.147.0/24 dev Public_Cable proto kernel scope link src
>>> 162.248.147.33
>>> 169.254.0.0/16 dev ovirtmgmt scope link metric 1007
>>> 169.254.0.0/16 dev Public_Cable scope link metric 1012
>>> 192.168.8.0/24 dev ovirtmgmt proto kernel scope link src
>>> 192.168.8.13
>>> [root@ovirt3 ~]# brctl show
>>> bridge name bridge id STP enabled interfaces
>>> ;vdsmdummy; 8000.000000000000 no
>>> Public_Cable 8000.00219b982f44 no em1.2
>>> vnet3
>>> ovirtmgmt 8000.00219b982f44 no em1
>>> vnet0
>>> vnet1
>>> vnet2
>>> [root@ovirt3 ~]#
>>>
>>> I did see that the cluster settings has a switch type setting;
>>> currently at the default "LEGACY", it also has "OVS" as
an option. Not
>>> sure if that matters or not.
>>>
>>> I configured another VM on the network, and static'ed an IP, and could
>>> ping the other VM as well as the host, but not the internet. The host can
>>> still ping the internet.
>>>
>>> --Jim
>>>
>>
>>
>> What address are you pinging the internet?
>> For the successful ping, can you use ping -I (capital i) to choose the
>> source address you exit the host with?
>>
>>
2881
days inactive
2882
days old
6 comments
2 participants
participants (2)
-
Edward Haas -
Jim Kusznir