[ovirt-users] vlan-tagging on non-tagged network
Ido Barkan
ibarkan at redhat.com
Tue Jun 16 02:27:53 EDT 2015
Hey Felix.
IIUC your frames are dropped by the bridge. Ovirt uses Linux Bridges
To connect virtual machines to 'networks'. The guest connects to the bridge
using a tap device which usually is called 'vnet<number>'.
So, just to verify, can you please tcpdump both on the bridge device and on the tap device?
The bridge can be quite noisy so I suggest filtering traffic using the guest's MAC
address. So I am not sure what protocol you use for tunneling but applying
a filter similar to this one should do the job:
tcpdump -n -i vnet0 -vvv -s 1500 'udp[38:4]=0x001a4aaeec8e'
My guess is that you will observe traffic on the tap device, but not on the bridge.
You didn't specify which centOS version you use but I do remember seeing people
complaining about Linux bridges discarding their tagged frames.
You can -maybe- also observe the 'dropped' counter increases on the bridge by running:
'ip -s link show dev trunk'
There were a few bugs on rhel6/7 about this, specifically I remember
https://bugzilla.redhat.com/show_bug.cgi?id=1174291
and
https://bugzilla.redhat.com/show_bug.cgi?id=1200275#c20
Also, is the vlan module loaded on your host?
'lsmod |grep 8021q'
Thanks,
Ido
----- Original Message -----
From: "Felix Pepinghege" <pepinghege at ira.uka.de>
To: Users at ovirt.org
Sent: Monday, June 15, 2015 11:33:39 AM
Subject: [ovirt-users] vlan-tagging on non-tagged network
Hi everybody!
I am experiencing a behaviour of ovirt, of which I don't know whether it
is expected or not. My setup is as follows:
A virtual machine has a logical network attached to it, which is
configured without vlan-tagging and listens to the name 'trunk'.
The VM is running an openvpn server. It is a patched openvpn version,
including vlan-tagging. That is, openvpn clients get a vlan tag. This
should not really be an issue but should satisfy the "why do you want to
do it in the first place"-questions.
Anyhow, effectively, the VM simply puts vlan-tagged ethernet-frames on
the virtual network. These frames, however, never make it to the host's
network bridge, which represents the logical network.
My observations are: According to tcpdump, the vlan-tagged packages
arrive at the "eth1"-interface inside the VM (which *is* the correct
interface). Again, according to tcpdump, these packages never arrive at
the corresponding network-bridge (i.e., the interface 'trunk') on the host.
I know that the setup itself is feasible with KVM---I have it working on
a proxmox-machine. Therefore, my conclusion is, that ovirt doesn't like
vlan-tagged ethernet-frames on non-tagged logical networks, and somehow
filters them out, though I don't really see on what "level" that would
happen (Handling the ethernet frames should be a concern of
KVM/QEMU/Linux only, once ovirt has started the VM).
So this problem could be a CentOS issue, but I really don't see why
CentOS should act differently than debian does (proxmox is debian-based).
Is this a known/wanted/expected behaviour of ovirt, and can I somehow
prevent or elude it?
Any help is much appreciated! Of course I am happy to provide more
information if that helps helping me :)
Regards,
Felix
_______________________________________________
Users mailing list
Users at ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
More information about the Users
mailing list