[ovirt-users] virt-in-virt problem: DHCP failing for a container in a oVirt VM
Simone Tiraboschi
stirabos at redhat.com
Mon May 9 07:53:53 UTC 2016
On Sat, May 7, 2016 at 11:06 AM, Yaniv Kaul <ykaul at redhat.com> wrote:
>
>
> On Fri, May 6, 2016 at 11:07 PM, Will Dennis <wdennis at nec-labs.com> wrote:
>>
>> That’s in iptables, right? I have iptables disabled on my oVirt nodes...
>
>
> No, it's a L2 filter libvirt sets up, I believe using ebtables.
> Y.
There is also a specific VDSM hook to address this configuration:
https://github.com/oVirt/vdsm/tree/master/vdsm_hooks/macspoof
>>
>>
>>
>> From: Yaniv Kaul [mailto:ykaul at redhat.com]
>> Sent: Friday, May 06, 2016 3:50 PM
>> To: Will Dennis
>> Subject: Re: [ovirt-users] virt-in-virt problem: DHCP failing for a
>> container in a oVirt VM
>>
>>
>>
>> Long shot - you need to disable the EnableMACAntiSpoofingFilterRules .
>>
>> Y.
>>
>>
>>
>> On Fri, May 6, 2016 at 8:27 PM, Will Dennis <wdennis at nec-labs.com> wrote:
>>
>> Hi all,
>>
>>
>>
>> Have an interesting problem – I am running a VM in oVirt that is running
>> Proxmox VE 4.1 OS, which I have spun up a container on. The container is
>> set for DHCP, and I have verified that it is sending Discover packets as
>> normal, and that these packets are making it out of the Proxmox VM to the
>> oVirt bridge (which is attached to a VLAN sub-interface of a bond
>> interface.) However, these packets do NOT make it past the oVirt bridge. The
>> interesting thing is that the Proxmox VM (as well as any other VM I spin up
>> on oVirt) works fine with DHCP. (I also have other oVirt VMs instantiated
>> which are using LXD to spin up containers, and I have the same problem with
>> those as well.) I checked a bunch of stuff, and the only clue I could find
>> is that it seems that the oVirt bridge is not learning the MAC for the
>> container on the VM, even though it does learn the VM’s MAC, but I can
>> capture DHCP traffic coming from the container off the ‘vnet0’ interface
>> which is joined to that bridge...
>>
>>
>>
>> Info:
>>
>>
>>
>> ===== off Proxmox VM =====
>>
>>
>>
>> Container's MAC address: 32:62:65:61:65:33
>>
>>
>>
>> root at proxmox-02:~# ip link sh
>>
>> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode
>> DEFAULT group default
>>
>> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>>
>> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
>> master vmbr0 state UP mode DEFAULT group default qlen 1000
>>
>> link/ether 00:1a:4a:16:01:57 brd ff:ff:ff:ff:ff:ff
>>
>> 3: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state
>> UP mode DEFAULT group default
>>
>> link/ether 00:1a:4a:16:01:57 brd ff:ff:ff:ff:ff:ff
>>
>> 7: veth100i0 at if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
>> pfifo_fast master vmbr0 state UP mode DEFAULT group default qlen 1000
>>
>> link/ether fe:50:4f:3c:bd:b8 brd ff:ff:ff:ff:ff:ff link-netnsid 0
>> <<< veth connection to container
>>
>>
>>
>> root at proxmox-02:~# brctl showmacs vmbr0
>>
>> port no mac addr is local? ageing timer
>>
>> 1 00:12:3f:24:a4:54 no 112.88
>>
>> 1 00:1a:4a:16:01:56 no 0.02
>>
>> 1 00:1a:4a:16:01:57 yes 0.00
>>
>> 1 00:1a:4a:16:01:57 yes 0.00
>>
>> 1 00:24:50:dd:a2:05 no 1.37
>>
>> 1 18:03:73:e3:be:5a no 21.04
>>
>> 1 18:03:73:e3:ca:24 no 4.23
>>
>> 1 18:03:73:e3:cb:5b no 48.41
>>
>> 1 18:03:73:e3:cc:e5 no 91.93
>>
>> 1 18:03:73:e3:cd:b8 no 151.04
>>
>> 1 18:03:73:e3:ce:43 no 0.80
>>
>> 1 18:03:73:e3:d0:a4 no 290.74
>>
>> 1 18:03:73:e3:d4:26 no 34.06
>>
>> 1 18:03:73:e3:d5:3d no 6.36
>>
>> 1 18:03:73:e4:23:08 no 88.76
>>
>> 1 18:03:73:e4:25:92 no 111.86
>>
>> 1 18:03:73:e4:26:2f no 9.54
>>
>> 1 18:03:73:e4:2b:4c no 114.86
>>
>> 1 18:03:73:e4:31:15 no 263.91
>>
>> 1 18:03:73:e4:6c:19 no 6.36
>>
>> 1 18:03:73:e4:7e:0a no 103.06
>>
>> 1 18:03:73:e8:16:e0 no 23.21
>>
>> 2 32:62:65:61:65:33 no 5.08 <<< container’s
>> MAC learned on Proxmox bridge
>>
>> 1 34:17:eb:9b:e0:29 no 265.22
>>
>> 1 34:17:eb:9b:f8:ea no 114.86
>>
>> 1 44:d3:ca:7e:3c:ff no 0.00
>>
>> 1 78:2b:cb:3b:ca:b9 no 284.70
>>
>> 1 78:2b:cb:92:cb:cb no 279.70
>>
>> 1 78:2b:cb:93:08:a8 no 287.05
>>
>> 1 b8:ca:3a:7a:70:63 no 4.83
>>
>> 1 f8:bc:12:69:bb:a3 no 121.82
>>
>> 2 fe:50:4f:3c:bd:b8 yes 0.00
>>
>> 2 fe:50:4f:3c:bd:b8 yes 0.00
>>
>>
>>
>> ===== off oVirt node that has Proxmox VM ====
>>
>>
>>
>> (relevant lines from ‘ip link show’)
>>
>> 2: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue
>> state UP mode DEFAULT
>>
>> 3: enp4s0f0: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc
>> pfifo_fast master bond0 state UP mode DEFAULT qlen 1000
>>
>> 4: enp4s0f1: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc
>> pfifo_fast master bond0 state UP mode DEFAULT qlen 1000
>>
>> 8: bond0.169 at bond0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
>> noqueue master 169-net state UP mode DEFAULT
>>
>> 10: bond0.180 at bond0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
>> noqueue master 180-net state UP mode DEFAULT
>>
>> 12: bond0.207 at bond0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
>> noqueue master 207-net state UP mode DEFAULT
>>
>> 13: 207-net: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
>> state UP mode DEFAULT
>>
>> 30: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
>> master 207-net state UNKNOWN mode DEFAULT qlen 500 <<< veth connection to
>> Proxmox VM
>>
>> 31: vnet1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
>> master 207-net state UNKNOWN mode DEFAULT qlen 500
>>
>>
>>
>> [root at ovirt-node-03 ~]# brctl show
>>
>> bridge name bridge id STP enabled interfaces
>>
>> 169-net 8000.0015177be9da no bond0.169
>>
>> 180-net 8000.0015177be9da no bond0.180
>>
>> 207-net 8000.0015177be9da no bond0.207
>>
>> vnet0
>>
>> vnet1
>>
>> ;vdsmdummy; 8000.000000000000 no
>>
>> ovirtmgmt 8000.00218535086a no enp12s0f0
>>
>>
>>
>>
>>
>> [root at ovirt-node-03 ~]# tcpdump -i vnet0 -vvv -s 1500 '(port 67 or port
>> 68)'
>>
>> tcpdump: WARNING: vnet0: no IPv4 address assigned
>>
>> tcpdump: listening on vnet0, link-type EN10MB (Ethernet), capture size
>> 1500 bytes
>>
>> 12:52:07.628571 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto
>> UDP (17), length 328)
>>
>> 0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP,
>> Request from 32:62:65:61:65:33 (oui Unknown), length 300, xid 0x9efc4849,
>> secs 94, Flags [none] (0x0000)
>>
>> Client-Ethernet-Address 32:62:65:61:65:33 (oui Unknown)
>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>>
>> Vendor-rfc1048 Extensions
>>
>> Magic Cookie 0x63825363
>>
>> DHCP-Message Option 53, length 1: Discover
>>
>> Hostname Option 12, length 5: "test1"
>>
>> Parameter-Request Option 55, length 13:
>>
>> Subnet-Mask, BR, Time-Zone, Default-Gateway
>>
>> Domain-Name, Domain-Name-Server, Option 119, Hostname
>>
>> Netbios-Name-Server, Netbios-Scope, MTU,
>> Classless-Static-Route
>>
>> NTP
>>
>> END Option 255, length 0
>>
>> PAD Option 0, length 0, occurs 34
>>
>>
>>
>>
>>
>> [root at ovirt-node-03 ~]# brctl showmacs 207-net
>>
>> port no mac addr is local? ageing timer
>>
>> 1 00:15:17:7b:e9:da yes 0.00
>>
>> 1 00:15:17:7b:e9:da yes 0.00
>>
>> 3 00:1a:4a:16:01:56 no 0.11
>>
>> 2 00:1a:4a:16:01:57 no 0.13 << Proxmox VM's
>> eth0 MAC learned
>>
>> 1 00:24:50:dd:a2:05 no 1.05
>>
>> 1 18:03:73:e3:be:5a no 198.87
>>
>> 1 18:03:73:e3:ca:24 no 60.01
>>
>> 1 18:03:73:e3:cb:5b no 68.26
>>
>> 1 18:03:73:e3:cd:b8 no 41.39
>>
>> 1 18:03:73:e3:d4:26 no 57.25
>>
>> 1 18:03:73:e3:d5:3d no 133.53
>>
>> 1 18:03:73:e4:23:08 no 34.28
>>
>> 1 18:03:73:e4:26:2f no 20.10
>>
>> 1 18:03:73:e4:2b:4c no 22.49
>>
>> 1 18:03:73:e4:6c:19 no 14.87
>>
>> 1 18:03:73:e4:7e:0a no 54.46
>>
>> 1 18:03:73:e8:16:e0 no 28.71
>>
>> 1 34:17:eb:9b:f8:ea no 22.49
>>
>> 1 44:d3:ca:7e:3c:ff no 0.60
>>
>> 1 78:2b:cb:3b:ca:b9 no 217.66
>>
>> 1 78:2b:cb:92:cb:cb no 194.18
>>
>> 1 78:2b:cb:93:08:a8 no 102.49
>>
>> 1 b8:ca:3a:7a:70:63 no 4.19
>>
>> 1 f8:bc:12:69:bb:a3 no 110.52
>>
>> 3 fe:1a:4a:16:01:56 yes 0.00 <<< veth
>> connection to Proxmox VM (veth0)
>>
>> 3 fe:1a:4a:16:01:56 yes 0.00
>>
>> 2 fe:1a:4a:16:01:57 yes 0.00
>>
>> 2 fe:1a:4a:16:01:57 yes 0.00
>>
>> (notice no other entries for port 3 – should be learning MAC
>> 32:62:65:61:65:33 from incoming traffic on vnet0)
>>
>>
>>
>> =====
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>>
>>
>
>
>
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
More information about the Users
mailing list