[ovirt-users] Can´t use a VM Network VLAN, because the Virtual Machines inside can't reach the Gateway

Julián Tete danteconrad14 at gmail.com
Thu Oct 22 00:36:56 UTC 2015 

Hello Friends of oVirt

I'm glad to get your help. I'm trying to build a community of oVirt in
Colombia.

This is the data requested:

#########HOST########

Software

OS Version: RHEL - 7 - 1.1503.el7.centos.2.8
Kernel Version: 3.10.0 - 229.14.1.el7.x86_64
KVM Version: 3.10.0 - 229.14.1.el7.x86_64
LIBVIRT Version: libvirt-1.2.8-16.el7_1.4
VDSM Version: vdsm-4.17.9-0.el7.centos
SPICE Version: 0.12.4 - 9.el7_1.3
GlusterFS Version: glusterfs-3.7.5-1.el7
CEPH Version: librbd1-0.80.7-2.el7

Hardware

Manufacturer: HP
Family: ProLiant
Product Name: ProLiant BL460c Gen8
Version: [N/A]
UUID: 2197C286-BC9C-4CF3-99CB-......
Serial Number: VCX.....
CPU Model: Intel(R) Xeon(R) CPU E5-2667 v2 @ 3.30GHz
CPU Type: Intel SandyBridge Family
CPU Sockets: 2
CPU Cores per Socket: 8
CPU Threads per Core: 2 (SMT Enabled)

Model name: QMH2572 - PCI-Express Dual Channel 8Gb Fibre Channel Mezzanine
HBA, NFF
Device type: FC
Model name: QMH2572 - PCI-Express Dual Channel 8Gb Fibre Channel Mezzanine
HBA, NFF
Device type: FC

The rest of the data is here:

http://pastebin.com/Snc27Jgn

Thank very much

I love oVirt 3.6, so far so good.

This is the last detail to dump VMware

:)



2015-10-13 2:43 GMT-05:00 Ido Barkan <ibarkan at redhat.com>:

> Julian,
> Lets try a more systematic approach (similar to what Donny suggests):
>
> Please disable your arp script, and reproduce the situation where your vm
> cannot connect to the outside.
> It will be also a good idea to have the failing machine be the only
> powered on machine connected to the network (bridge).
>
> * from the machine os run a ping to a pingable destination outside of your
> network (8.8.8.8?)
> * run tcpdump on the hypervisor on several interfaces:
>   * the vm tap device (vnet0? vnet1?)
>   * the vm network bridge device (hosting?), where the tap device is
> attached to. This should be visible via brctl.
>   * the vlan device underneath the bridge (this one should have a name
> like 'eno1.50' where eno1 is the physical nic and 50 is the vlan tag)
>   * the physical device (the ethernet nic)
>
> The tcpdump command requires root privileges and looks like this: "sudo
> tcpdump -n -i <device_name> icmp or arp"
>
> What I assume we will see are only icmp requests (pings) and no icmp
> replies (pongs). There might be also be only arp requests and
> no arp replies.
> What I am interested at is the arp broadcasts, as the vm should broadcast
> an arp request (who-is <my_gateway_ip>).
> My first guess is that is no response or there is one but the vm cannot
> hear it. This is why I used the arp filter in the tcpdump command.
>
> This should shed some light on where the problem is and in which layer.
> find out where the traffic is not forwarded.
>
> Also, when you locate the point of failure, try and wait for the traffic
> to 'suddenly work' as you said and then figure out what was changed.
>
> We would love to see the dumps and coontinue to help.
>
> Thanks,
> Ido
>
>
> On Thu, Oct 8, 2015 at 7:29 PM, Julián Tete <danteconrad14 at gmail.com>
> wrote:
>
>> I found the reason of my Problem: the virtual machines can't write the
>> ARP table ¡¡¿?!!
>>
>> When I manually use the command:
>>
>> arp -s 192.168.XXX.XX 00:09:XX:XX:XX:XX
>>
>> I can reach the gateway
>>
>> I can't reach anything from my net segment but i can reach Internet
>> (Double ¡¡¿?!!)
>>
>> For the moment I wrote a script, but is awful to do this.
>>
>> Any idea ?
>>
>> Thanks in advance :)
>>
>> 2015-07-10 11:26 GMT-05:00 Julián Tete <danteconrad14 at gmail.com>:
>>
>>> Perhaps us are affected by the following error :
>>>
>>> http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04267968
>>>
>>> I will keep you informed
>>>
>>> Thanks Friends
>>>
>>> 2015-07-06 12:06 GMT-05:00 Julián Tete <danteconrad14 at gmail.com>:
>>>
>>>> Hi Friends of oVirt
>>>>
>>>> This the data required:
>>>>
>>>> I have a HP Enclosure with a HP SAN.
>>>> I can't change the net settings in the switch because we have VMware
>>>> Virtual Machines in production in the same enclosure.
>>>> The switch is in Trunk Mode and all the traffic are in Tagged VLAN's
>>>> with ID's: 1,50,90,91 and 100.
>>>> I can play with 6 blades.
>>>> I in the first Blade I installed oVirt in hosted engine mode.
>>>> The only S.O is CentOS 7.1
>>>>
>>>> I used inxi to brig the data for you:
>>>>
>>>> My First Host is the only host until now (SPM) is the first data domain
>>>> (NFS) and contains the hosted engine machine.
>>>> I installed oVirt with ovirtmgmt in VLAN 1, over the interface eno1,
>>>> without any VLAN Tagged configuration.
>>>>
>>>> This the data for my first host:
>>>>
>>>> http://pastebin.com/dfC0XTQM
>>>>
>>>> This the data for the Engine:
>>>>
>>>> http://pastebin.com/JdrMSbj0
>>>>
>>>> This the data for the Virtual Machine created in VLAN 50:
>>>>
>>>> S.O : CentOS 7.1
>>>> SELinux: Permissive
>>>> IP ADDRESS: 192.168.50.8
>>>> PREFIX: 27
>>>> GATEWAY: 192.168.50.1
>>>> Interface: eth0
>>>>
>>>> The Virtual Machine hasn´t any VLAN configuration.
>>>>
>>>> In the 3 S.O, Network Manager is stopped and disabled, connectivity is
>>>> managed by the network daemon.
>>>>
>>>> This is the data for the Networking in the admin interface:
>>>>
>>>> http://postimg.org/image/lbypejxrh/
>>>>
>>>> http://postimg.org/image/jtkyhqs8f/
>>>>
>>>> http://postimg.org/image/7dwf1nb9f/
>>>>
>>>> http://postimg.org/image/6i9t75g33/
>>>>
>>>> http://postimg.org/image/sm8e6lecv/
>>>>
>>>> http://postimg.org/image/cvig7rjuv/
>>>>
>>>> http://postimg.org/image/fxcthsrtl/
>>>>
>>>> http://postimg.org/image/o6xjwwvyz/
>>>>
>>>> http://postimg.org/image/pv5ar5v3j/
>>>>
>>>> http://postimg.org/image/dx8br0gq7/
>>>>
>>>> http://postimg.org/image/baixp4b0j/
>>>>
>>>> This the case
>>>>
>>>> With No IP in the VLAN, and IP in the Virtual Machine, From the Virtual
>>>> Machine can ping myself (192.168.50.8) but I can't reach the gateway, can't
>>>> reach the host, can't reach Internet.
>>>>
>>>> Any help is appreciated
>>>>
>>>> Thanks Friends of oVirt
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> 2015-07-06 7:51 GMT-05:00 Soeren Malchow <soeren.malchow at mcon.net>:
>>>>
>>>>> Hi,
>>>>>
>>>>> To make it easier to understand what the situation is, it would help to
>>>>> see your bridging configuration and your interface configration.
>>>>>
>>>>> Something like:
>>>>>
>>>>> #> ip addr
>>>>>
>>>>> And
>>>>>
>>>>> #> brctl show
>>>>>
>>>>> Regards
>>>>> Soeren
>>>>>
>>>>> On 06/07/15 13:30, "users-bounces at ovirt.org on behalf of Dan
>>>>> Kenigsberg"
>>>>> <users-bounces at ovirt.org on behalf of danken at redhat.com> wrote:
>>>>>
>>>>> >On Tue, Jun 30, 2015 at 03:48:49PM -0500, Julián Tete wrote:
>>>>> >> Hi Friends of oVirt
>>>>> >>
>>>>> >> I'm trying to migrate my company from VMware to oVirt.
>>>>> >
>>>>> >We'd like to help you do this!
>>>>> >
>>>>> >> In my final tests, I set up 2 more VLANs in oVirt, (VM VLANs)
>>>>> >> The Virtual Machines in these VLANs, can be reached from the
>>>>> external
>>>>> >>IPs
>>>>> >> from the net range,
>>>>> >> but from the Virtual machines only can ping the Host with the
>>>>> Bridge and
>>>>> >> itself, can't reach the gateway. ¿?
>>>>> >>
>>>>> >> I configured a IP Forwarding in the Host with the virtual machine,
>>>>> and
>>>>> >> nothing changes...
>>>>> >>
>>>>> >> Any idea ? This is the last duty before embrace oVirt in the
>>>>> company.
>>>>> >>
>>>>> >> Look to the VLAN 100 configuration (My desired VM Network):
>>>>> >>
>>>>> >> http://postimg.org/image/7hrog0a2n/
>>>>> >>
>>>>> >> http://postimg.org/image/68b40i1vr/
>>>>> >>
>>>>> >> http://postimg.org/image/lu6mlshgp/
>>>>> >
>>>>> >I must admit that I don't understand your problem yet. When you ping
>>>>> >from inside your guest, where are your packets dropped?
>>>>> >
>>>>> >I'd like to point that your "Hosting" network, as most VM networks, is
>>>>> >better off left without an IP address. The benefit of this is better
>>>>> >security (host TCP stack is not accessible from VMs) and less chances
>>>>> of
>>>>> >routing collisions from the host.
>>>>> >
>>>>> >So unless you need to use the same network for something other than VM
>>>>> >communication, try to clear its address.
>>>>> >
>>>>> >Regards,
>>>>> >Dan.
>>>>> >_______________________________________________
>>>>> >Users mailing list
>>>>> >Users at ovirt.org
>>>>> >http://lists.ovirt.org/mailman/listinfo/users
>>>>>
>>>>>
>>>>
>>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>>
>>
>
>
> --
> Thanks,
> Ido Barkan
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20151021/89ce07c6/attachment-0001.html>

More information about the Users mailing list