[ovirt-users] Can´t use a VM Network VLAN, because the Virtual Machines inside can't reach the Gateway
Ido Barkan
ibarkan at redhat.com
Tue Oct 13 07:43:02 UTC 2015
Julian,
Lets try a more systematic approach (similar to what Donny suggests):
Please disable your arp script, and reproduce the situation where your vm
cannot connect to the outside.
It will be also a good idea to have the failing machine be the only powered
on machine connected to the network (bridge).
* from the machine os run a ping to a pingable destination outside of your
network (8.8.8.8?)
* run tcpdump on the hypervisor on several interfaces:
* the vm tap device (vnet0? vnet1?)
* the vm network bridge device (hosting?), where the tap device is
attached to. This should be visible via brctl.
* the vlan device underneath the bridge (this one should have a name like
'eno1.50' where eno1 is the physical nic and 50 is the vlan tag)
* the physical device (the ethernet nic)
The tcpdump command requires root privileges and looks like this: "sudo
tcpdump -n -i <device_name> icmp or arp"
What I assume we will see are only icmp requests (pings) and no icmp
replies (pongs). There might be also be only arp requests and
no arp replies.
What I am interested at is the arp broadcasts, as the vm should broadcast
an arp request (who-is <my_gateway_ip>).
My first guess is that is no response or there is one but the vm cannot
hear it. This is why I used the arp filter in the tcpdump command.
This should shed some light on where the problem is and in which layer.
find out where the traffic is not forwarded.
Also, when you locate the point of failure, try and wait for the traffic to
'suddenly work' as you said and then figure out what was changed.
We would love to see the dumps and coontinue to help.
Thanks,
Ido
On Thu, Oct 8, 2015 at 7:29 PM, Julián Tete <danteconrad14 at gmail.com> wrote:
> I found the reason of my Problem: the virtual machines can't write the ARP
> table ¡¡¿?!!
>
> When I manually use the command:
>
> arp -s 192.168.XXX.XX 00:09:XX:XX:XX:XX
>
> I can reach the gateway
>
> I can't reach anything from my net segment but i can reach Internet
> (Double ¡¡¿?!!)
>
> For the moment I wrote a script, but is awful to do this.
>
> Any idea ?
>
> Thanks in advance :)
>
> 2015-07-10 11:26 GMT-05:00 Julián Tete <danteconrad14 at gmail.com>:
>
>> Perhaps us are affected by the following error :
>>
>> http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04267968
>>
>> I will keep you informed
>>
>> Thanks Friends
>>
>> 2015-07-06 12:06 GMT-05:00 Julián Tete <danteconrad14 at gmail.com>:
>>
>>> Hi Friends of oVirt
>>>
>>> This the data required:
>>>
>>> I have a HP Enclosure with a HP SAN.
>>> I can't change the net settings in the switch because we have VMware
>>> Virtual Machines in production in the same enclosure.
>>> The switch is in Trunk Mode and all the traffic are in Tagged VLAN's
>>> with ID's: 1,50,90,91 and 100.
>>> I can play with 6 blades.
>>> I in the first Blade I installed oVirt in hosted engine mode.
>>> The only S.O is CentOS 7.1
>>>
>>> I used inxi to brig the data for you:
>>>
>>> My First Host is the only host until now (SPM) is the first data domain
>>> (NFS) and contains the hosted engine machine.
>>> I installed oVirt with ovirtmgmt in VLAN 1, over the interface eno1,
>>> without any VLAN Tagged configuration.
>>>
>>> This the data for my first host:
>>>
>>> http://pastebin.com/dfC0XTQM
>>>
>>> This the data for the Engine:
>>>
>>> http://pastebin.com/JdrMSbj0
>>>
>>> This the data for the Virtual Machine created in VLAN 50:
>>>
>>> S.O : CentOS 7.1
>>> SELinux: Permissive
>>> IP ADDRESS: 192.168.50.8
>>> PREFIX: 27
>>> GATEWAY: 192.168.50.1
>>> Interface: eth0
>>>
>>> The Virtual Machine hasn´t any VLAN configuration.
>>>
>>> In the 3 S.O, Network Manager is stopped and disabled, connectivity is
>>> managed by the network daemon.
>>>
>>> This is the data for the Networking in the admin interface:
>>>
>>> http://postimg.org/image/lbypejxrh/
>>>
>>> http://postimg.org/image/jtkyhqs8f/
>>>
>>> http://postimg.org/image/7dwf1nb9f/
>>>
>>> http://postimg.org/image/6i9t75g33/
>>>
>>> http://postimg.org/image/sm8e6lecv/
>>>
>>> http://postimg.org/image/cvig7rjuv/
>>>
>>> http://postimg.org/image/fxcthsrtl/
>>>
>>> http://postimg.org/image/o6xjwwvyz/
>>>
>>> http://postimg.org/image/pv5ar5v3j/
>>>
>>> http://postimg.org/image/dx8br0gq7/
>>>
>>> http://postimg.org/image/baixp4b0j/
>>>
>>> This the case
>>>
>>> With No IP in the VLAN, and IP in the Virtual Machine, From the Virtual
>>> Machine can ping myself (192.168.50.8) but I can't reach the gateway, can't
>>> reach the host, can't reach Internet.
>>>
>>> Any help is appreciated
>>>
>>> Thanks Friends of oVirt
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> 2015-07-06 7:51 GMT-05:00 Soeren Malchow <soeren.malchow at mcon.net>:
>>>
>>>> Hi,
>>>>
>>>> To make it easier to understand what the situation is, it would help to
>>>> see your bridging configuration and your interface configration.
>>>>
>>>> Something like:
>>>>
>>>> #> ip addr
>>>>
>>>> And
>>>>
>>>> #> brctl show
>>>>
>>>> Regards
>>>> Soeren
>>>>
>>>> On 06/07/15 13:30, "users-bounces at ovirt.org on behalf of Dan
>>>> Kenigsberg"
>>>> <users-bounces at ovirt.org on behalf of danken at redhat.com> wrote:
>>>>
>>>> >On Tue, Jun 30, 2015 at 03:48:49PM -0500, Julián Tete wrote:
>>>> >> Hi Friends of oVirt
>>>> >>
>>>> >> I'm trying to migrate my company from VMware to oVirt.
>>>> >
>>>> >We'd like to help you do this!
>>>> >
>>>> >> In my final tests, I set up 2 more VLANs in oVirt, (VM VLANs)
>>>> >> The Virtual Machines in these VLANs, can be reached from the external
>>>> >>IPs
>>>> >> from the net range,
>>>> >> but from the Virtual machines only can ping the Host with the Bridge
>>>> and
>>>> >> itself, can't reach the gateway. ¿?
>>>> >>
>>>> >> I configured a IP Forwarding in the Host with the virtual machine,
>>>> and
>>>> >> nothing changes...
>>>> >>
>>>> >> Any idea ? This is the last duty before embrace oVirt in the company.
>>>> >>
>>>> >> Look to the VLAN 100 configuration (My desired VM Network):
>>>> >>
>>>> >> http://postimg.org/image/7hrog0a2n/
>>>> >>
>>>> >> http://postimg.org/image/68b40i1vr/
>>>> >>
>>>> >> http://postimg.org/image/lu6mlshgp/
>>>> >
>>>> >I must admit that I don't understand your problem yet. When you ping
>>>> >from inside your guest, where are your packets dropped?
>>>> >
>>>> >I'd like to point that your "Hosting" network, as most VM networks, is
>>>> >better off left without an IP address. The benefit of this is better
>>>> >security (host TCP stack is not accessible from VMs) and less chances
>>>> of
>>>> >routing collisions from the host.
>>>> >
>>>> >So unless you need to use the same network for something other than VM
>>>> >communication, try to clear its address.
>>>> >
>>>> >Regards,
>>>> >Dan.
>>>> >_______________________________________________
>>>> >Users mailing list
>>>> >Users at ovirt.org
>>>> >http://lists.ovirt.org/mailman/listinfo/users
>>>>
>>>>
>>>
>>
>
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
>
--
Thanks,
Ido Barkan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20151013/a9adfc2f/attachment-0001.html>
More information about the Users
mailing list