[ovirt-users] IP forwarding... Cannot access guest IP

richard.seguin at marisec.ca richard.seguin at marisec.ca
Tue Apr 29 20:34:29 UTC 2014


You have no idea how much I wanted this to work...  

macspoof = true  

nothing changed... 

-----Original Message-----
From: "Alexander Wels" <awels at redhat.com>
Sent: Tuesday, April 29, 2014 8:47am
To: users at ovirt.org
Cc: "Dan Kenigsberg" <danken at redhat.com>, richard.seguin at marisec.ca
Subject: Re: [ovirt-users] IP forwarding... Cannot access guest IP

On Tuesday, April 29, 2014 01:35:08 PM Dan Kenigsberg wrote:
> On Tue, Apr 29, 2014 at 06:33:14AM -0400, richard.seguin at marisec.ca wrote:
> > Hi Dan,
> > 
> > Yes I am an ovirt user.  Basically, I am running into an issue running xen
> > inside of kvm.  Our scenario is that this is lab environment, and we
> > enjoy the luxury of spinning up kvm instances (as opposed to installing
> > on bare metal each time we need something). Our product uses Xen, and we
> > are pretty much stuck with it for the time being.
> > 
> > I think what I am running into is a double bridge issue... Xen has a
> > bridge, and so does kvm obviously.  I am able to ping dom0 (which is just
> > the bridge itself) on Xen from the outside world, but I am not able to
> > ping udom... and... udom doesn't have access out either.   When I was
> > using vmware, I enabled promisc mode on the virtual switch, and this
> > solution worked fine...
> > 
> > If we ignore the types of technology that I am using,  and just focus on
> > the networking, what would I be looking at as possibilities?  Or... a
> > better question would be, does ovirt have a promiscuous flag somewhere
> > that I can set?
> I cannot say that I understand your setup, but if you have nested
> virtuallization (such as a Xen udom) you may experience ovirt's
> no-mac-spoofing rule: by default we disallow our VMs to emit traffic
> that has different mac address from the one assigned by oVirt.
> 
> To avoid this, follow http://www.ovirt.org/Vdsm_Hooks#Installing_a_hook
> and report if that's the issue.

If the mac address is the issue wouldn't it be easier for him to just edit the 
VM and in custom properties set macspoof to true?

> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users






More information about the Users mailing list