[ovirt-users] vlan-tagging on non-tagged network

Ido Barkan ibarkan at redhat.com
Tue Jun 16 02:27:53 EDT 2015


Hey Felix.

IIUC your frames are dropped by the bridge. Ovirt uses Linux Bridges
To connect virtual machines to 'networks'. The guest connects to the bridge
using a tap device which usually is called 'vnet<number>'.

So, just to verify, can you please tcpdump both on the bridge device and on the tap device?
The bridge can be quite noisy so I suggest filtering traffic using the guest's MAC
address. So I am not sure what protocol you use for tunneling but applying
a filter similar to this one should do the job:
         tcpdump -n -i vnet0 -vvv -s 1500 'udp[38:4]=0x001a4aaeec8e'

My guess is that you will observe traffic on the tap device, but not on the bridge.
You didn't specify which centOS version you use but I do remember seeing people
complaining about Linux bridges discarding their tagged frames.
You can -maybe- also observe the 'dropped' counter increases on the bridge by running:
         'ip -s link show dev trunk'

There were a few bugs on rhel6/7 about this, specifically I remember
https://bugzilla.redhat.com/show_bug.cgi?id=1174291
and
https://bugzilla.redhat.com/show_bug.cgi?id=1200275#c20

Also, is the vlan module loaded on your host?
'lsmod |grep 8021q'

Thanks,
Ido

----- Original Message -----
From: "Felix Pepinghege" <pepinghege at ira.uka.de>
To: Users at ovirt.org
Sent: Monday, June 15, 2015 11:33:39 AM
Subject: [ovirt-users] vlan-tagging on non-tagged network

Hi everybody!

I am experiencing a behaviour of ovirt, of which I don't know whether it 
is expected or not. My setup is as follows:
A virtual machine has a logical network attached to it, which is 
configured without vlan-tagging and listens to the name 'trunk'.
The VM is running an openvpn server. It is a patched openvpn version, 
including vlan-tagging. That is, openvpn clients get a vlan tag. This 
should not really be an issue but should satisfy the "why do you want to 
do it in the first place"-questions.
Anyhow, effectively, the VM simply puts vlan-tagged ethernet-frames on 
the virtual network. These frames, however, never make it to the host's 
network bridge, which represents the logical network.
My observations are: According to tcpdump, the vlan-tagged packages 
arrive at the "eth1"-interface inside the VM (which *is* the correct 
interface). Again, according to tcpdump, these packages never arrive at 
the corresponding network-bridge (i.e., the interface 'trunk') on the host.
I know that the setup itself is feasible with KVM---I have it working on 
a proxmox-machine. Therefore, my conclusion is, that ovirt doesn't like 
vlan-tagged ethernet-frames on non-tagged logical networks, and somehow 
filters them out, though I don't really see on what "level" that would 
happen (Handling the ethernet frames should be a concern of 
KVM/QEMU/Linux only, once ovirt has started the VM).
So this problem could be a CentOS issue, but I really don't see why 
CentOS should act differently than debian does (proxmox is debian-based).
Is this a known/wanted/expected behaviour of ovirt, and can I somehow 
prevent or elude it?

Any help is much appreciated! Of course I am happy to provide more 
information if that helps helping me :)

Regards,
Felix
_______________________________________________
Users mailing list
Users at ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


More information about the Users mailing list