creating a vlan-tagged network
Hi all: I've got my ovirt cluster up, but am facing an odd situation that I haven't pinned down. I've also run into someone on the IRC channel with the same bug, no solutions as of yet. Google also hasn't helped. My goal is this: 1 physical NIC; two networks: ovirtmgmt (untagged) Public (vlan 2) ovirtmgmt works great. a VM on Public cannot talk to anything off the host. Steps to set up: Datacenter -> networks: created network, checked vm network, checked vlan, put 2 in the tag box. Set required. Save. I only have one cluster (default), and it automatically added it there. I went to the hosts in the cluster, and dragged the unassigned Public network onto the nic (which already has ovirtmgmt on it). After completing on all three of my hosts, the network shows online. Create VM, assign to Public, inside VM assign its IP, and it cannot talk to the world. In troubleshooting, I assigned another IP to the host itself (click pencil in host network settings). VM can ping host. SSH into host, host CAN ping other machines on the net and the router for the net. VM cannot ping anything but host (only have one VM on that host currently). VM is isolated until I move it to ovirtmgmt network, then it can get off the host to the world, etc. I tried disabling iptables just in case, but that had no effect. How do I troubleshoot this further? --Jim
On Sun, Jan 1, 2017 at 9:01 AM, Jim Kusznir <jim@palousetech.com> wrote:
Hi all:
I've got my ovirt cluster up, but am facing an odd situation that I haven't pinned down. I've also run into someone on the IRC channel with the same bug, no solutions as of yet. Google also hasn't helped.
My goal is this:
1 physical NIC; two networks: ovirtmgmt (untagged) Public (vlan 2)
ovirtmgmt works great. a VM on Public cannot talk to anything off the host.
Steps to set up:
Datacenter -> networks: created network, checked vm network, checked vlan, put 2 in the tag box. Set required. Save.
I only have one cluster (default), and it automatically added it there. I went to the hosts in the cluster, and dragged the unassigned Public network onto the nic (which already has ovirtmgmt on it). After completing on all three of my hosts, the network shows online.
Create VM, assign to Public, inside VM assign its IP, and it cannot talk to the world.
In troubleshooting, I assigned another IP to the host itself (click pencil in host network settings). VM can ping host. SSH into host, host CAN ping other machines on the net and the router for the net. VM cannot ping anything but host (only have one VM on that host currently). VM is isolated until I move it to ovirtmgmt network, then it can get off the host to the world, etc.
I tried disabling iptables just in case, but that had no effect.
How do I troubleshoot this further?
--Jim
Hi Jim, You could create another VM to check if there is connectivity between them. Then use tcpdump on the host bridge and on your nic while you ping, check if you see the packets and their correct tag. I would also check if you have by mistake a duplicate mac address for the VM (your will need to check your switch for that). How did you configured the switch this nic is connected to? You could also share your current setup config for us to see: (from host and VM) - ip addr - ip route - brctl show (only for host) Thanks, Edy.
I currently only have two IPs assigned to me...I can try and take another, but that may not route out of the rack. I've got the VM on one of the IPs and the host on the other currently. The switch is a "web-managed" basic 8-port switch (thrown in for testing while the "real" switch is in transit). It has the 3 ports the hosts are plugged in configured with vlan 1 untagged, set as PVID, and vlan 2 tagged. Another port on the switch is untagged on vlan 1 connected to the router for the ovirtmgmt network (protected by a VPN, but not "burning" public IPs for mgmt purposes), another couple ports are untagged on vlan 2. One of those ports goes out of the rack, another goes to the router's internet port. Router gets to the internet just fine. VM: kusznir@FusionPBX:~$ ip address 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:1a:4a:16:01:51 brd ff:ff:ff:ff:ff:ff inet 162.248.147.31/24 brd 162.248.147.255 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::21a:4aff:fe16:151/64 scope link valid_lft forever preferred_lft forever kusznir@FusionPBX:~$ ip route default via 162.248.147.1 dev eth0 162.248.147.0/24 dev eth0 proto kernel scope link src 162.248.147.31 kusznir@FusionPBX:~$ Host: [root@ovirt3 ~]# ip address 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: em1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master ovirtmgmt state UP qlen 1000 link/ether 00:21:9b:98:2f:44 brd ff:ff:ff:ff:ff:ff 3: em2: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN qlen 1000 link/ether 00:21:9b:98:2f:46 brd ff:ff:ff:ff:ff:ff 4: em3: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN qlen 1000 link/ether 00:21:9b:98:2f:48 brd ff:ff:ff:ff:ff:ff 5: em4: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN qlen 1000 link/ether 00:21:9b:98:2f:4a brd ff:ff:ff:ff:ff:ff 6: ;vdsmdummy;: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN link/ether 8e:1b:51:60:87:55 brd ff:ff:ff:ff:ff:ff 7: ovirtmgmt: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP link/ether 00:21:9b:98:2f:44 brd ff:ff:ff:ff:ff:ff inet 192.168.8.13/24 brd 192.168.8.255 scope global dynamic ovirtmgmt valid_lft 54830sec preferred_lft 54830sec 11: em1.2@em1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master Public_Cable state UP link/ether 00:21:9b:98:2f:44 brd ff:ff:ff:ff:ff:ff 12: Public_Cable: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP link/ether 00:21:9b:98:2f:44 brd ff:ff:ff:ff:ff:ff inet 162.248.147.33/24 brd 162.248.147.255 scope global Public_Cable valid_lft forever preferred_lft forever 14: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovirtmgmt state UNKNOWN qlen 500 link/ether fe:1a:4a:16:01:54 brd ff:ff:ff:ff:ff:ff inet6 fe80::fc1a:4aff:fe16:154/64 scope link valid_lft forever preferred_lft forever 15: vnet1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovirtmgmt state UNKNOWN qlen 500 link/ether fe:1a:4a:16:01:52 brd ff:ff:ff:ff:ff:ff inet6 fe80::fc1a:4aff:fe16:152/64 scope link valid_lft forever preferred_lft forever 16: vnet2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovirtmgmt state UNKNOWN qlen 500 link/ether fe:1a:4a:16:01:53 brd ff:ff:ff:ff:ff:ff inet6 fe80::fc1a:4aff:fe16:153/64 scope link valid_lft forever preferred_lft forever 17: vnet3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master Public_Cable state UNKNOWN qlen 500 link/ether fe:1a:4a:16:01:51 brd ff:ff:ff:ff:ff:ff inet6 fe80::fc1a:4aff:fe16:151/64 scope link valid_lft forever preferred_lft forever [root@ovirt3 ~]# ip route default via 192.168.8.1 dev ovirtmgmt 162.248.147.0/24 dev Public_Cable proto kernel scope link src 162.248.147.33 169.254.0.0/16 dev ovirtmgmt scope link metric 1007 169.254.0.0/16 dev Public_Cable scope link metric 1012 192.168.8.0/24 dev ovirtmgmt proto kernel scope link src 192.168.8.13 [root@ovirt3 ~]# brctl show bridge name bridge id STP enabled interfaces ;vdsmdummy; 8000.000000000000 no Public_Cable 8000.00219b982f44 no em1.2 vnet3 ovirtmgmt 8000.00219b982f44 no em1 vnet0 vnet1 vnet2 [root@ovirt3 ~]# I did see that the cluster settings has a switch type setting; currently at the default "LEGACY", it also has "OVS" as an option. Not sure if that matters or not. I configured another VM on the network, and static'ed an IP, and could ping the other VM as well as the host, but not the internet. The host can still ping the internet. --Jim
On Sun, Jan 1, 2017 at 10:50 AM, Jim Kusznir <jim@palousetech.com> wrote:
I currently only have two IPs assigned to me...I can try and take another, but that may not route out of the rack. I've got the VM on one of the IPs and the host on the other currently.
The switch is a "web-managed" basic 8-port switch (thrown in for testing while the "real" switch is in transit). It has the 3 ports the hosts are plugged in configured with vlan 1 untagged, set as PVID, and vlan 2 tagged. Another port on the switch is untagged on vlan 1 connected to the router for the ovirtmgmt network (protected by a VPN, but not "burning" public IPs for mgmt purposes), another couple ports are untagged on vlan 2. One of those ports goes out of the rack, another goes to the router's internet port. Router gets to the internet just fine.
VM: kusznir@FusionPBX:~$ ip address 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:1a:4a:16:01:51 brd ff:ff:ff:ff:ff:ff inet 162.248.147.31/24 brd 162.248.147.255 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::21a:4aff:fe16:151/64 scope link valid_lft forever preferred_lft forever kusznir@FusionPBX:~$ ip route default via 162.248.147.1 dev eth0 162.248.147.0/24 dev eth0 proto kernel scope link src 162.248.147.31 kusznir@FusionPBX:~$
Host: [root@ovirt3 ~]# ip address 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: em1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master ovirtmgmt state UP qlen 1000 link/ether 00:21:9b:98:2f:44 brd ff:ff:ff:ff:ff:ff 3: em2: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN qlen 1000 link/ether 00:21:9b:98:2f:46 brd ff:ff:ff:ff:ff:ff 4: em3: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN qlen 1000 link/ether 00:21:9b:98:2f:48 brd ff:ff:ff:ff:ff:ff 5: em4: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN qlen 1000 link/ether 00:21:9b:98:2f:4a brd ff:ff:ff:ff:ff:ff 6: ;vdsmdummy;: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN link/ether 8e:1b:51:60:87:55 brd ff:ff:ff:ff:ff:ff 7: ovirtmgmt: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP link/ether 00:21:9b:98:2f:44 brd ff:ff:ff:ff:ff:ff inet 192.168.8.13/24 brd 192.168.8.255 scope global dynamic ovirtmgmt valid_lft 54830sec preferred_lft 54830sec 11: em1.2@em1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master Public_Cable state UP link/ether 00:21:9b:98:2f:44 brd ff:ff:ff:ff:ff:ff 12: Public_Cable: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP link/ether 00:21:9b:98:2f:44 brd ff:ff:ff:ff:ff:ff inet 162.248.147.33/24 brd 162.248.147.255 scope global Public_Cable valid_lft forever preferred_lft forever 14: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovirtmgmt state UNKNOWN qlen 500 link/ether fe:1a:4a:16:01:54 brd ff:ff:ff:ff:ff:ff inet6 fe80::fc1a:4aff:fe16:154/64 scope link valid_lft forever preferred_lft forever 15: vnet1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovirtmgmt state UNKNOWN qlen 500 link/ether fe:1a:4a:16:01:52 brd ff:ff:ff:ff:ff:ff inet6 fe80::fc1a:4aff:fe16:152/64 scope link valid_lft forever preferred_lft forever 16: vnet2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovirtmgmt state UNKNOWN qlen 500 link/ether fe:1a:4a:16:01:53 brd ff:ff:ff:ff:ff:ff inet6 fe80::fc1a:4aff:fe16:153/64 scope link valid_lft forever preferred_lft forever 17: vnet3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master Public_Cable state UNKNOWN qlen 500 link/ether fe:1a:4a:16:01:51 brd ff:ff:ff:ff:ff:ff inet6 fe80::fc1a:4aff:fe16:151/64 scope link valid_lft forever preferred_lft forever [root@ovirt3 ~]# ip route default via 192.168.8.1 dev ovirtmgmt 162.248.147.0/24 dev Public_Cable proto kernel scope link src 162.248.147.33 169.254.0.0/16 dev ovirtmgmt scope link metric 1007 169.254.0.0/16 dev Public_Cable scope link metric 1012 192.168.8.0/24 dev ovirtmgmt proto kernel scope link src 192.168.8.13 [root@ovirt3 ~]# brctl show bridge name bridge id STP enabled interfaces ;vdsmdummy; 8000.000000000000 no Public_Cable 8000.00219b982f44 no em1.2 vnet3 ovirtmgmt 8000.00219b982f44 no em1 vnet0 vnet1 vnet2 [root@ovirt3 ~]#
I did see that the cluster settings has a switch type setting; currently at the default "LEGACY", it also has "OVS" as an option. Not sure if that matters or not.
I configured another VM on the network, and static'ed an IP, and could ping the other VM as well as the host, but not the internet. The host can still ping the internet.
--Jim
What address are you pinging the internet? For the successful ping, can you use ping -I (capital i) to choose the source address you exit the host with?
I pinged both the router on the subnet and a host IP in-between the two ip's. [root@ovirt3 ~]# ping -I 162.248.147.33 162.248.147.1 PING 162.248.147.1 (162.248.147.1) from 162.248.147.33 : 56(84) bytes of data. 64 bytes from 162.248.147.1: icmp_seq=1 ttl=255 time=8.17 ms 64 bytes from 162.248.147.1: icmp_seq=2 ttl=255 time=7.47 ms 64 bytes from 162.248.147.1: icmp_seq=3 ttl=255 time=7.53 ms 64 bytes from 162.248.147.1: icmp_seq=4 ttl=255 time=8.42 ms ^C --- 162.248.147.1 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3004ms rtt min/avg/max/mdev = 7.475/7.901/8.424/0.420 ms [root@ovirt3 ~]# The VM only has its public IP. --Jim On Jan 1, 2017 01:26, "Edward Haas" <ehaas@redhat.com> wrote:
On Sun, Jan 1, 2017 at 10:50 AM, Jim Kusznir <jim@palousetech.com> wrote:
I currently only have two IPs assigned to me...I can try and take another, but that may not route out of the rack. I've got the VM on one of the IPs and the host on the other currently.
The switch is a "web-managed" basic 8-port switch (thrown in for testing while the "real" switch is in transit). It has the 3 ports the hosts are plugged in configured with vlan 1 untagged, set as PVID, and vlan 2 tagged. Another port on the switch is untagged on vlan 1 connected to the router for the ovirtmgmt network (protected by a VPN, but not "burning" public IPs for mgmt purposes), another couple ports are untagged on vlan 2. One of those ports goes out of the rack, another goes to the router's internet port. Router gets to the internet just fine.
VM: kusznir@FusionPBX:~$ ip address 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:1a:4a:16:01:51 brd ff:ff:ff:ff:ff:ff inet 162.248.147.31/24 brd 162.248.147.255 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::21a:4aff:fe16:151/64 scope link valid_lft forever preferred_lft forever kusznir@FusionPBX:~$ ip route default via 162.248.147.1 dev eth0 162.248.147.0/24 dev eth0 proto kernel scope link src 162.248.147.31 kusznir@FusionPBX:~$
Host: [root@ovirt3 ~]# ip address 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: em1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master ovirtmgmt state UP qlen 1000 link/ether 00:21:9b:98:2f:44 brd ff:ff:ff:ff:ff:ff 3: em2: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN qlen 1000 link/ether 00:21:9b:98:2f:46 brd ff:ff:ff:ff:ff:ff 4: em3: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN qlen 1000 link/ether 00:21:9b:98:2f:48 brd ff:ff:ff:ff:ff:ff 5: em4: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN qlen 1000 link/ether 00:21:9b:98:2f:4a brd ff:ff:ff:ff:ff:ff 6: ;vdsmdummy;: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN link/ether 8e:1b:51:60:87:55 brd ff:ff:ff:ff:ff:ff 7: ovirtmgmt: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP link/ether 00:21:9b:98:2f:44 brd ff:ff:ff:ff:ff:ff inet 192.168.8.13/24 brd 192.168.8.255 scope global dynamic ovirtmgmt valid_lft 54830sec preferred_lft 54830sec 11: em1.2@em1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master Public_Cable state UP link/ether 00:21:9b:98:2f:44 brd ff:ff:ff:ff:ff:ff 12: Public_Cable: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP link/ether 00:21:9b:98:2f:44 brd ff:ff:ff:ff:ff:ff inet 162.248.147.33/24 brd 162.248.147.255 scope global Public_Cable valid_lft forever preferred_lft forever 14: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovirtmgmt state UNKNOWN qlen 500 link/ether fe:1a:4a:16:01:54 brd ff:ff:ff:ff:ff:ff inet6 fe80::fc1a:4aff:fe16:154/64 scope link valid_lft forever preferred_lft forever 15: vnet1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovirtmgmt state UNKNOWN qlen 500 link/ether fe:1a:4a:16:01:52 brd ff:ff:ff:ff:ff:ff inet6 fe80::fc1a:4aff:fe16:152/64 scope link valid_lft forever preferred_lft forever 16: vnet2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovirtmgmt state UNKNOWN qlen 500 link/ether fe:1a:4a:16:01:53 brd ff:ff:ff:ff:ff:ff inet6 fe80::fc1a:4aff:fe16:153/64 scope link valid_lft forever preferred_lft forever 17: vnet3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master Public_Cable state UNKNOWN qlen 500 link/ether fe:1a:4a:16:01:51 brd ff:ff:ff:ff:ff:ff inet6 fe80::fc1a:4aff:fe16:151/64 scope link valid_lft forever preferred_lft forever [root@ovirt3 ~]# ip route default via 192.168.8.1 dev ovirtmgmt 162.248.147.0/24 dev Public_Cable proto kernel scope link src 162.248.147.33 169.254.0.0/16 dev ovirtmgmt scope link metric 1007 169.254.0.0/16 dev Public_Cable scope link metric 1012 192.168.8.0/24 dev ovirtmgmt proto kernel scope link src 192.168.8.13 [root@ovirt3 ~]# brctl show bridge name bridge id STP enabled interfaces ;vdsmdummy; 8000.000000000000 no Public_Cable 8000.00219b982f44 no em1.2 vnet3 ovirtmgmt 8000.00219b982f44 no em1 vnet0 vnet1 vnet2 [root@ovirt3 ~]#
I did see that the cluster settings has a switch type setting; currently at the default "LEGACY", it also has "OVS" as an option. Not sure if that matters or not.
I configured another VM on the network, and static'ed an IP, and could ping the other VM as well as the host, but not the internet. The host can still ping the internet.
--Jim
What address are you pinging the internet? For the successful ping, can you use ping -I (capital i) to choose the source address you exit the host with?
On Sun, Jan 1, 2017 at 7:16 PM, Jim Kusznir <jim@palousetech.com> wrote:
I pinged both the router on the subnet and a host IP in-between the two ip's.
[root@ovirt3 ~]# ping -I 162.248.147.33 162.248.147.1 PING 162.248.147.1 (162.248.147.1) from 162.248.147.33 : 56(84) bytes of data. 64 bytes from 162.248.147.1: icmp_seq=1 ttl=255 time=8.17 ms 64 bytes from 162.248.147.1: icmp_seq=2 ttl=255 time=7.47 ms 64 bytes from 162.248.147.1: icmp_seq=3 ttl=255 time=7.53 ms 64 bytes from 162.248.147.1: icmp_seq=4 ttl=255 time=8.42 ms ^C --- 162.248.147.1 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3004ms rtt min/avg/max/mdev = 7.475/7.901/8.424/0.420 ms [root@ovirt3 ~]#
The VM only has its public IP.
--Jim
Very strange, all looks good to me. I can try to help you debug using tcpdump, just send me the details for remote connection on private. It will also help if you join the vdsm or ovir IRC channels.
On Jan 1, 2017 01:26, "Edward Haas" <ehaas@redhat.com> wrote:
On Sun, Jan 1, 2017 at 10:50 AM, Jim Kusznir <jim@palousetech.com> wrote:
I currently only have two IPs assigned to me...I can try and take another, but that may not route out of the rack. I've got the VM on one of the IPs and the host on the other currently.
The switch is a "web-managed" basic 8-port switch (thrown in for testing while the "real" switch is in transit). It has the 3 ports the hosts are plugged in configured with vlan 1 untagged, set as PVID, and vlan 2 tagged. Another port on the switch is untagged on vlan 1 connected to the router for the ovirtmgmt network (protected by a VPN, but not "burning" public IPs for mgmt purposes), another couple ports are untagged on vlan 2. One of those ports goes out of the rack, another goes to the router's internet port. Router gets to the internet just fine.
VM: kusznir@FusionPBX:~$ ip address 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:1a:4a:16:01:51 brd ff:ff:ff:ff:ff:ff inet 162.248.147.31/24 brd 162.248.147.255 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::21a:4aff:fe16:151/64 scope link valid_lft forever preferred_lft forever kusznir@FusionPBX:~$ ip route default via 162.248.147.1 dev eth0 162.248.147.0/24 dev eth0 proto kernel scope link src 162.248.147.31 kusznir@FusionPBX:~$
Host: [root@ovirt3 ~]# ip address 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: em1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master ovirtmgmt state UP qlen 1000 link/ether 00:21:9b:98:2f:44 brd ff:ff:ff:ff:ff:ff 3: em2: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN qlen 1000 link/ether 00:21:9b:98:2f:46 brd ff:ff:ff:ff:ff:ff 4: em3: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN qlen 1000 link/ether 00:21:9b:98:2f:48 brd ff:ff:ff:ff:ff:ff 5: em4: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN qlen 1000 link/ether 00:21:9b:98:2f:4a brd ff:ff:ff:ff:ff:ff 6: ;vdsmdummy;: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN link/ether 8e:1b:51:60:87:55 brd ff:ff:ff:ff:ff:ff 7: ovirtmgmt: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP link/ether 00:21:9b:98:2f:44 brd ff:ff:ff:ff:ff:ff inet 192.168.8.13/24 brd 192.168.8.255 scope global dynamic ovirtmgmt valid_lft 54830sec preferred_lft 54830sec 11: em1.2@em1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master Public_Cable state UP link/ether 00:21:9b:98:2f:44 brd ff:ff:ff:ff:ff:ff 12: Public_Cable: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP link/ether 00:21:9b:98:2f:44 brd ff:ff:ff:ff:ff:ff inet 162.248.147.33/24 brd 162.248.147.255 scope global Public_Cable valid_lft forever preferred_lft forever 14: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovirtmgmt state UNKNOWN qlen 500 link/ether fe:1a:4a:16:01:54 brd ff:ff:ff:ff:ff:ff inet6 fe80::fc1a:4aff:fe16:154/64 scope link valid_lft forever preferred_lft forever 15: vnet1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovirtmgmt state UNKNOWN qlen 500 link/ether fe:1a:4a:16:01:52 brd ff:ff:ff:ff:ff:ff inet6 fe80::fc1a:4aff:fe16:152/64 scope link valid_lft forever preferred_lft forever 16: vnet2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovirtmgmt state UNKNOWN qlen 500 link/ether fe:1a:4a:16:01:53 brd ff:ff:ff:ff:ff:ff inet6 fe80::fc1a:4aff:fe16:153/64 scope link valid_lft forever preferred_lft forever 17: vnet3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master Public_Cable state UNKNOWN qlen 500 link/ether fe:1a:4a:16:01:51 brd ff:ff:ff:ff:ff:ff inet6 fe80::fc1a:4aff:fe16:151/64 scope link valid_lft forever preferred_lft forever [root@ovirt3 ~]# ip route default via 192.168.8.1 dev ovirtmgmt 162.248.147.0/24 dev Public_Cable proto kernel scope link src 162.248.147.33 169.254.0.0/16 dev ovirtmgmt scope link metric 1007 169.254.0.0/16 dev Public_Cable scope link metric 1012 192.168.8.0/24 dev ovirtmgmt proto kernel scope link src 192.168.8.13 [root@ovirt3 ~]# brctl show bridge name bridge id STP enabled interfaces ;vdsmdummy; 8000.000000000000 no Public_Cable 8000.00219b982f44 no em1.2 vnet3 ovirtmgmt 8000.00219b982f44 no em1 vnet0 vnet1 vnet2 [root@ovirt3 ~]#
I did see that the cluster settings has a switch type setting; currently at the default "LEGACY", it also has "OVS" as an option. Not sure if that matters or not.
I configured another VM on the network, and static'ed an IP, and could ping the other VM as well as the host, but not the internet. The host can still ping the internet.
--Jim
What address are you pinging the internet? For the successful ping, can you use ping -I (capital i) to choose the source address you exit the host with?
Actually, I finally was able to identify the issue and fix it...Turns out (as you probably expected), it wasn't ovirt... My upstream provider had some wierd security left over, it limited the MAC addresses permitted to exit the building, and my ovirt host made the list somehow while my VMs did not. I now have two VMs on two different nodes that are online! Thank you for your help! --Jim On Sun, Jan 1, 2017 at 11:57 PM, Edward Haas <ehaas@redhat.com> wrote:
On Sun, Jan 1, 2017 at 7:16 PM, Jim Kusznir <jim@palousetech.com> wrote:
I pinged both the router on the subnet and a host IP in-between the two ip's.
[root@ovirt3 ~]# ping -I 162.248.147.33 162.248.147.1 PING 162.248.147.1 (162.248.147.1) from 162.248.147.33 : 56(84) bytes of data. 64 bytes from 162.248.147.1: icmp_seq=1 ttl=255 time=8.17 ms 64 bytes from 162.248.147.1: icmp_seq=2 ttl=255 time=7.47 ms 64 bytes from 162.248.147.1: icmp_seq=3 ttl=255 time=7.53 ms 64 bytes from 162.248.147.1: icmp_seq=4 ttl=255 time=8.42 ms ^C --- 162.248.147.1 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3004ms rtt min/avg/max/mdev = 7.475/7.901/8.424/0.420 ms [root@ovirt3 ~]#
The VM only has its public IP.
--Jim
Very strange, all looks good to me.
I can try to help you debug using tcpdump, just send me the details for remote connection on private. It will also help if you join the vdsm or ovir IRC channels.
On Jan 1, 2017 01:26, "Edward Haas" <ehaas@redhat.com> wrote:
On Sun, Jan 1, 2017 at 10:50 AM, Jim Kusznir <jim@palousetech.com> wrote:
I currently only have two IPs assigned to me...I can try and take another, but that may not route out of the rack. I've got the VM on one of the IPs and the host on the other currently.
The switch is a "web-managed" basic 8-port switch (thrown in for testing while the "real" switch is in transit). It has the 3 ports the hosts are plugged in configured with vlan 1 untagged, set as PVID, and vlan 2 tagged. Another port on the switch is untagged on vlan 1 connected to the router for the ovirtmgmt network (protected by a VPN, but not "burning" public IPs for mgmt purposes), another couple ports are untagged on vlan 2. One of those ports goes out of the rack, another goes to the router's internet port. Router gets to the internet just fine.
VM: kusznir@FusionPBX:~$ ip address 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:1a:4a:16:01:51 brd ff:ff:ff:ff:ff:ff inet 162.248.147.31/24 brd 162.248.147.255 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::21a:4aff:fe16:151/64 scope link valid_lft forever preferred_lft forever kusznir@FusionPBX:~$ ip route default via 162.248.147.1 dev eth0 162.248.147.0/24 dev eth0 proto kernel scope link src 162.248.147.31 kusznir@FusionPBX:~$
Host: [root@ovirt3 ~]# ip address 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: em1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master ovirtmgmt state UP qlen 1000 link/ether 00:21:9b:98:2f:44 brd ff:ff:ff:ff:ff:ff 3: em2: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN qlen 1000 link/ether 00:21:9b:98:2f:46 brd ff:ff:ff:ff:ff:ff 4: em3: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN qlen 1000 link/ether 00:21:9b:98:2f:48 brd ff:ff:ff:ff:ff:ff 5: em4: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN qlen 1000 link/ether 00:21:9b:98:2f:4a brd ff:ff:ff:ff:ff:ff 6: ;vdsmdummy;: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN link/ether 8e:1b:51:60:87:55 brd ff:ff:ff:ff:ff:ff 7: ovirtmgmt: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP link/ether 00:21:9b:98:2f:44 brd ff:ff:ff:ff:ff:ff inet 192.168.8.13/24 brd 192.168.8.255 scope global dynamic ovirtmgmt valid_lft 54830sec preferred_lft 54830sec 11: em1.2@em1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master Public_Cable state UP link/ether 00:21:9b:98:2f:44 brd ff:ff:ff:ff:ff:ff 12: Public_Cable: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP link/ether 00:21:9b:98:2f:44 brd ff:ff:ff:ff:ff:ff inet 162.248.147.33/24 brd 162.248.147.255 scope global Public_Cable valid_lft forever preferred_lft forever 14: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovirtmgmt state UNKNOWN qlen 500 link/ether fe:1a:4a:16:01:54 brd ff:ff:ff:ff:ff:ff inet6 fe80::fc1a:4aff:fe16:154/64 scope link valid_lft forever preferred_lft forever 15: vnet1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovirtmgmt state UNKNOWN qlen 500 link/ether fe:1a:4a:16:01:52 brd ff:ff:ff:ff:ff:ff inet6 fe80::fc1a:4aff:fe16:152/64 scope link valid_lft forever preferred_lft forever 16: vnet2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovirtmgmt state UNKNOWN qlen 500 link/ether fe:1a:4a:16:01:53 brd ff:ff:ff:ff:ff:ff inet6 fe80::fc1a:4aff:fe16:153/64 scope link valid_lft forever preferred_lft forever 17: vnet3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master Public_Cable state UNKNOWN qlen 500 link/ether fe:1a:4a:16:01:51 brd ff:ff:ff:ff:ff:ff inet6 fe80::fc1a:4aff:fe16:151/64 scope link valid_lft forever preferred_lft forever [root@ovirt3 ~]# ip route default via 192.168.8.1 dev ovirtmgmt 162.248.147.0/24 dev Public_Cable proto kernel scope link src 162.248.147.33 169.254.0.0/16 dev ovirtmgmt scope link metric 1007 169.254.0.0/16 dev Public_Cable scope link metric 1012 192.168.8.0/24 dev ovirtmgmt proto kernel scope link src 192.168.8.13 [root@ovirt3 ~]# brctl show bridge name bridge id STP enabled interfaces ;vdsmdummy; 8000.000000000000 no Public_Cable 8000.00219b982f44 no em1.2 vnet3 ovirtmgmt 8000.00219b982f44 no em1 vnet0 vnet1 vnet2 [root@ovirt3 ~]#
I did see that the cluster settings has a switch type setting; currently at the default "LEGACY", it also has "OVS" as an option. Not sure if that matters or not.
I configured another VM on the network, and static'ed an IP, and could ping the other VM as well as the host, but not the internet. The host can still ping the internet.
--Jim
What address are you pinging the internet? For the successful ping, can you use ping -I (capital i) to choose the source address you exit the host with?
participants (2)
-
Edward Haas -
Jim Kusznir