[ovirt-users] Networking issues with oVirt Guest VM.

Yevgeny Zaspitsky yzaspits at redhat.com
Mon Jul 4 12:41:38 UTC 2016 

Adding mailing list back...

On Mon, Jul 4, 2016 at 3:38 PM, Yevgeny Zaspitsky <yzaspits at redhat.com>
wrote:

> Clint,
>
> Sorry, I missed that you already tried that.
>
> Here are my thoughts (some more shooting in the dark) after reading your
> description again:
>
>    - You have quite complicate setup. IIUC, ovirt-engine and its host are
>    vSphere VMs. Then, a kind of no-macspoof should be applied from the vSphere
>    side. BTW, are both of them on the same vShepre host? Is DHCP server
>    another VM on that host?
>    - Where/how did you "turn on Port Mirroring"?
>    - I'd start the troubleshooting by using tcpdump utility in order to
>    pinpoint the component that blocks the traffic.
>    - Did you try assigning a static IP instead of DHCP and then check
>    connectivity? If that works, then the problem is on the DHCP sever side
>    probably.
>    - If you do not see any requests in the DHCP server log, then I guess,
>    "dhclient -B" wouldn't help.
>    - Please turn iptables/firewalld off.
>
>
> Regards,
> Yevgeny
>
> On Sun, Jul 3, 2016 at 9:06 PM, Yevgeny Zaspitsky <yzaspits at redhat.com>
> wrote:
>
>> Hello,
>>
>> IIUC using vdsm macspoof hook would help - reading [1] should help you
>> configuring that.
>>
>> [1] https://github.com/oVirt/vdsm/blob/master/vdsm_hooks/macspoof/README
>>
>> Hope that helps,
>> Yevgeny
>>
>> On Thu, Jun 30, 2016 at 6:11 AM, Clint Smith <clint.smith.maui at gmail.com>
>> wrote:
>>
>>> Hello,
>>>
>>> I have been experimenting with oVirt for the last couple of weeks and I
>>> must say it has a lot of nice features.  I really like it, however, I am
>>> having a heck of a time getting the guest networking all set up correctly.
>>> I am hoping that someone can give me a little guidance in figuring this
>>> out.  I apologize in advance if some of my terminology is off,  I am new.
>>>
>>> Here is a brief intro to my setup:
>>> I created a Centos 7 VM within a vSphere/ESXI environment and then
>>> installed ovirt-engine on it.  I also created another Centos 7 VM and set
>>> it up as a host.  I have configured the Cluster and Host via the oVirt
>>> Administration Portal.  For simplicity, I am using the default ovirtmgmt
>>> network as my only logical network, however I have tried several different
>>> schemes with no luck.  I have a DHCP server and a DNS server that are
>>> siblings to the oVirt host and the engine.  Both the engine and the host
>>> have been upgraded to version 4.0.
>>>
>>> The problem:
>>> My thought was that I would have the guest VMs on the oVirt host use my
>>> existing DHCP server to get their IP addresses, at least at first.  The
>>> problem I am having is that the DHCPACK is not making it back across the
>>> ovirtmgmt bridge and on to the guest.  If I tell dhclient(from the guest)
>>> to force a Broadcast (by using the –B option) on the DHCP server, it will
>>> work.  This is not a solution, just a clue.  Another clue is that ARP
>>> replies from the gateway don’t make it back to the machine, preventing
>>> pings even when I force the IP.  Lastly, If I turn on Port Mirroring,
>>> everything works fine, but it’s my understanding that this is only for
>>> debugging purposes.
>>>
>>> What I have tried (in no particular order):
>>>
>>>    - Reading the docs
>>>    - Turning on VLAN tagging.
>>>    - Installing the mac-spoofing hook, making the configuration changes
>>>    to the engine, and then turning it on in the VM config.  I also verified
>>>    that the ‘filterref’ tag was removed using virsh.
>>>    - Setting up a second logical network on a different subnet, and
>>>    connecting it to an additional network interface that I added to the host.
>>>    On the host, I setup dnsmasq as a DNS and DHCP server.  I got this working
>>>    up to the point of having the same issues that I was having using the
>>>    existing DHCP and DNS servers on the ovirtmgmt network.
>>>    - I have tried various changes to iptables as well as the original
>>>    settings as well as verified that ebtables is not blocking any traffic.  I
>>>    did configure iptables for logging and noticed it was dropping some traffic
>>>    related to DHCP, however it seemed like it was DISCOVER or REQUEST traffic
>>>    due to the IN, OUT, SRC, and DST variables in the log.  I have viewed the
>>>    DHCP server logs multiple times and I can see that it is receiving the
>>>    DISCOVER and the REQUEST from my guests MAC and sending the OFFER and ACK
>>>    consistently.
>>>    - Setting SELinux to Permissive
>>>    - Setting ip_forward to 1
>>>    - Turning STP ON on the bridge
>>>    - Changing the bridge delay
>>>    - Setting up a dhcrelay using dnsmasq (not sure I implemented this
>>>    right though)
>>>
>>> I am really shooting in the dark when it comes to networking because I
>>> am learning a lot of this on the fly.   I feel like I must have a
>>> misconception about how networking should work with oVirt.  Is my entire
>>> approach naïve? Any help/guidance that someone could offer would be much
>>> appreciated.
>>>
>>> Thanks,
>>> Clint
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at ovirt.org
>>> http://lists.ovirt.org/mailman/listinfo/users
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20160704/131d2f0c/attachment-0001.html>

More information about the Users mailing list