[Users] Guest to guest multicast
Moti Asayag
masayag at redhat.com
Thu Oct 17 14:13:28 UTC 2013
----- Original Message -----
> From: "Frank Wall" <fw at moov.de>
> To: "Moti Asayag" <masayag at redhat.com>
> Cc: users at ovirt.org
> Sent: Thursday, October 17, 2013 4:33:51 PM
> Subject: Re: [Users] Guest to guest multicast
>
> Hi Moti,
>
> On 17.10.2013 15:08, Moti Asayag wrote:
> > Could you try disabling the filter, restart the vms and re-run the test
> > ?
> > 1. On the ovirt-engine run: engine-config -s
> > EnableMACAntiSpoofingFilterRules=false --cver=3.3
> > (if you're using ovirt-engine 3.2, make sure to specify it in the
> > --cver= option).
> > 2. Restart the ovirt-engine service
> > 3. Restart the vms
> > 4. Re-run the test
>
> YES! This solved the VRRP problem. THANK YOU!
>
> At some point I was already suspecting that ebtables and the
> Anti-Spoofing
> rules would be causing my problem, because I could see them in the XML
> configuration of my VMs, but a "ebtables -L" did not show any rule. So I
> kept on searching...
you should have specify the 'nat' table name and then you'd see the entire rules:
ebtables -t nat -L
>
> My question is: How would I find these Anti-Spoofing rules that
> oVirt applies to each VM? Just want to find out at which point my
> debugging went into the wrong direction ;-)
>
ovirt applies the same rules for all of the vm. A custom nwfilter rule named 'vdsm-no-mac-spoofing'
is being created by vdsm when it starts.
To see it contents requires using 'virsh' on the node:
virsh -r nwfilter-dumpxml vdsm-no-mac-spoofing
<uuid>c05471a7-9dee-6021-32e3-5d70e7617fc5</uuid>
<filterref filter='no-mac-spoofing'/>
<filterref filter='no-arp-mac-spoofing'/>
</filter>
where the 2 rules are predefined by libvirt's nwfilter.
>
> Thanks
> - Frank
>
More information about the Users
mailing list