<html> <head> <style></style></head> <body class='hmmessage'><div dir='ltr'> I solved a part of the problem: running a bridge network (forward mode=network) and starting manually multiple instances of dnsmasq (one for each tag I have) it works...<br>I'm still not able to make it work in a nat network.<br><br>Daniele Milani<br><br><br><br><br><div><div id="SkyDrivePlaceholder"></div><hr id="stopSpelling">From: dano1988@hotmail.it<br>To: aatteka@nicira.com<br>CC: libvir-list@redhat.com; roberto.sassu@polito.it; paolo.smiraglia@polito.it; dev@openvswitch.org; libvirt-users@redhat.com<br>Subject: RE: [libvirt] Problem with Open vSwitch and dnsmasq<br>Date: Mon, 26 Mar 2012 12:41:59 +0200<br><br> <meta http-equiv="Content-Type" content="text/html; charset=unicode"> <meta name="Generator" content="Microsoft SafeHTML"> <style> .ExternalClass .ecxhmmessage P {padding:0px;} .ExternalClass body.ecxhmmessage {font-size:10pt;font-family:Tahoma;} </style> <div dir="ltr"> <br><br><div><div id="ecxSkyDrivePlaceholder"></div><hr id="ecxstopSpelling">Date: Fri, 23 Mar 2012 10:15:31 -0700<br>Subject: Re: [libvirt] Problem with Open vSwitch and dnsmasq<br>From: aatteka@nicira.com<br>To: dano1988@hotmail.it<br>CC: libvir-list@redhat.com; roberto.sassu@polito.it; paolo.smiraglia@polito.it; dev@openvswitch.org; libvirt-users@redhat.com<br><br><br><br><div class="ecxgmail_quote">On Fri, Mar 23, 2012 at 4:14 AM, Daniele Milani <span dir="ltr"><<a href="mailto:dano1988@hotmail.it">dano1988@hotmail.it</a>></span> wrote:<br><blockquote class="ecxgmail_quote" style="border-left:1px #ccc solid;padding-left:1ex"> <div><div dir="ltr"> <br><br><div><div></div><hr>Date: Thu, 22 Mar 2012 11:43:03 -0700<div class="ecxim"><br>Subject: Re: [libvirt] Problem with Open vSwitch and dnsmasq<br>From: <a href="mailto:aatteka@nicira.com">aatteka@nicira.com</a><br> To: <a href="mailto:dano1988@hotmail.it">dano1988@hotmail.it</a><br></div>CC: <a href="mailto:libvir-list@redhat.com">libvir-list@redhat.com</a>; <a href="mailto:roberto.sassu@polito.it">roberto.sassu@polito.it</a>; <a href="mailto:paolo.smiraglia@polito.it">paolo.smiraglia@polito.it</a>; <a href="mailto:dev@openvswitch.org">dev@openvswitch.org</a><br> <br><br><br><div><div class="ecxim">On Thu, Mar 22, 2012 at 11:11 AM, Daniele Milani <span dir="ltr"><<a href="mailto:dano1988@hotmail.it">dano1988@hotmail.it</a>></span> wrote:<br><blockquote style="border-left:1px #ccc solid;padding-left:1ex"> <div><div dir="ltr"> I think I could try the first solution. Can you explain me how do I create the port used by dnsmasq?<br><br>For example, is it correct to execute <br># ovs-vsctl add-port virbr1 port2 tag=2<br>to create a port for the vLan whose tag is 2 named "port2"?<br> </div></div></blockquote><div><br>Try something like this:<br><blockquote style="padding-left:1ex">ovs-vsctl add-port virbr1 port2 tag=2<br> ovs-vsctl set Interface port2 type=internal <br>ifconfig port2 10.0.0.1<br>ifconfig port2 up<br>/usr/sbin/dnsmasq --strict-order --bind-interfaces --except-interface lo --listen-address 10.0.0.1 --dhcp-range 10.0.0.10,10.0.0.20 --dhcp-leasefile=/var/lib/libvirt/dnsmasq/vlan2.leases --dhcp-lease-max=253 --dhcp-no-override<br> </blockquote>Though I have not tested it...<br></div><div><br></div></div><div><pre style="padding-left:0px;padding-right:0px;padding-top:0px;font-size:12px;white-space:pre-wrap!important;margin-bottom:0px;word-wrap:break-word;padding-bottom:0px"><br> I tried the configuration you suggest; and the request is now received by dnsmasq.</pre><pre style="padding-left:0px;padding-right:0px;padding-top:0px;font-size:12px;white-space:pre-wrap!important;margin-bottom:0px;word-wrap:break-word;padding-bottom:0px">I executed:</pre><pre style="padding-left:0px;padding-right:0px;padding-top:0px;font-size:12px;white-space:pre-wrap!important;margin-bottom:0px;word-wrap:break-word;padding-bottom:0px">ifconfig port2 192.168.100.128 netmask 255.255.255.0 ifconfig port2 up /usr/sbin/dnsmasq --strict-order --bind-interfaces --except-interface lo --listen-address 192.168.100.128 --dhcp-range 192.168.100.129,192.168.100.139 --dhcp-leasefile=/var/lib/libvirt/dnsmasq/vlan2.leases --dhcp-lease-max=11 --dhcp-no-override --log-queries --log-facilities=/path_to_my_file/my_file tailf /path_to_my_file/my_file obtaining the following output: dnsmasq-dhcp[]: DHCPDISCOVER(port2) 52:94:00:02:a7:1e dnsmasq-dhcp[]: DHCPOFFER(port2) 192.168.100.129 52:94:00:02:a7:1e ... dnsmasq-dhcp[]: DHCPDISCOVER(port2) 52:94:00:02:a7:1e dnsmasq-dhcp[]: DHCPOFFER(port2) 192.168.100.129 52:94:00:02:a7:1e ...</pre><pre style="padding-left:0px;padding-right:0px;padding-top:0px;font-size:12px;white-space:pre-wrap!important;margin-bottom:0px;word-wrap:break-word;padding-bottom:0px">Now I have a different problem: none DHCP Offer is sent by port2. Do someone know why does it happen and what to do about it?</pre></div></div></div></div></div></blockquote><div>Try to run tcpdump/wireshark in VM to see if reply gets back that far.<br><br>Also as per Laine's suggestion - you should execute those commands only<br> on non-libvirt managed networks. This means that you should create OVS<br>bridge yourself and then edit the VM XML configuration so that VM interfaces <br>get added to your bridge directly.<br><br>By the way libvirt 0.9.11 will have support for Open vSwitch and you won't<br> need to have the Linux Bridge compatibility layer anymore.<i><br><br></i><br>This is the current situation:<br><br><i># ovs-vsctl show<br> Bridge "br2"<br> Port "vnet0"<br> tag: 2<br> Interface "vnet0"<br> Port "br2-nic"<br> Interface "br2-nic"<br> Port "port2"<br> tag: 2<br> Interface "port2"<br> type: internal<br> Port "br2"<br> Interface "br2"<br> type: internal<br><br># ps -aux | grep dnsmasq<br>nobody 8327 0.0 0.0 5340 860 ? S 12:14 0:00 /usr/sbin/dnsmasq --strict-order --bind-interfaces --pid-file=/usr/local/var/run/libvirt/network/vlan2.pid --conf-file= --listen-address 192.168.100.128 --dhcp-range 192.168.100.129,192.168.100.139 --dhcp-leasefile=/usr/local/var/lib/libvirt/dnsmasq/net4.leases --dhcp-lease-max=11 --dhcp-no-override --log-dhcp --log-queries --log-facility=/filepath/file<br><br>#ifconfig<br>br2 Link encap:Ethernet HWaddr 02:ef:32:bd:23:4f <br> indirizzo inet:192.168.100.1 Bcast:192.168.100.255 Maschera:255.255.255.0<br> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1<br> RX packets:340 errors:0 dropped:0 overruns:0 frame:0<br> TX packets:313 errors:0 dropped:0 overruns:0 carrier:0<br> collisioni:0 txqueuelen:0 <br> Byte RX:63867 (63.8 KB) Byte TX:19027 (19.0 KB)<br><br>port2 Link encap:Ethernet HWaddr ca:7e:52:18:95:61 <br> indirizzo inet:192.168.100.128 Bcast:192.168.100.255 Maschera:255.255.255.0<br> indirizzo inet6: fe80::c87e:52ff:fe18:9561/64 Scope:Link<br> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1<br> RX packets:40 errors:0 dropped:0 overruns:0 frame:0<br> TX packets:106 errors:0 dropped:0 overruns:0 carrier:0<br> collisioni:0 txqueuelen:0 <br> Byte RX:11416 (11.4 KB) Byte TX:14851 (14.8 KB)<br><br>vnet0 Link encap:Ethernet HWaddr fe:94:00:02:a7:1e <br> indirizzo inet6: fe80::fc94:ff:fe02:a71e/64 Scope:Link<br> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1<br> RX packets:40 errors:0 dropped:0 overruns:0 frame:0<br> TX packets:71 errors:0 dropped:0 overruns:0 carrier:0<br> collisioni:0 txqueuelen:500 <br> Byte RX:11416 (11.4 KB) Byte TX:9935 (9.9 KB)<br><br><br>...</i><br><br>I captured the dnsmasq output and I ran tcpdump on port2 and vnet0, obtaining the following result:<br><br><i>dnsmasq<br><br>Mar 26 12:18:04 dnsmasq[6948]: started, version 2.57 cachesize 150<br>Mar 26 12:18:04 dnsmasq[6948]: compile time options: IPv6 GNU-getopt DBus I18N DHCP TFTP IDN<br>Mar 26 12:18:04 dnsmasq-dhcp[6948]: DHCP, IP range 192.168.100.129 -- 192.168.100.139, lease time 1h<br>Mar 26 12:18:04 dnsmasq[6948]: reading /etc/resolv.conf<br>Mar 26 12:18:04 dnsmasq[6948]: using nameserver 130.192.3.24#53<br>Mar 26 12:18:04 dnsmasq[6948]: using nameserver 130.192.3.103#53<br>Mar 26 12:18:04 dnsmasq[6948]: using nameserver 130.192.3.21#53<br>Mar 26 12:18:04 dnsmasq[6948]: read /etc/hosts - 8 addresses<br>Mar 26 12:18:10 dnsmasq-dhcp[8327]: 2982362915 available DHCP range: 192.168.100.129 -- 192.168.100.139<br>Mar 26 12:18:10 dnsmasq-dhcp[8327]: 2982362915 vendor class: udhcp 1.19.3<br>Mar 26 12:18:13 dnsmasq-dhcp[8327]: 2982362915 DHCPDISCOVER(port2) 52:94:00:02:a7:1e <br>Mar 26 12:18:13 dnsmasq-dhcp[8327]: 2982362915 DHCPOFFER(port2) 192.168.100.132 52:94:00:02:a7:1e <br>Mar 26 12:18:13 dnsmasq-dhcp[8327]: 2982362915 requested options: 1:netmask, 3:router, 6:dns-server, 12:hostname, <br>Mar 26 12:18:13 dnsmasq-dhcp[8327]: 2982362915 requested options: 15:domain-name, 28:broadcast, 42:ntp-server<br>Mar 26 12:18:13 dnsmasq-dhcp[8327]: 2982362915 tags: port2<br>Mar 26 12:18:13 dnsmasq-dhcp[8327]: 2982362915 next server: 192.168.100.128<br>Mar 26 12:18:13 dnsmasq-dhcp[8327]: 2982362915 sent size: 1 option: 53:message-type 02<br>Mar 26 12:18:13 dnsmasq-dhcp[8327]: 2982362915 sent size: 4 option: 54:server-identifier 192.168.100.128<br>Mar 26 12:18:13 dnsmasq-dhcp[8327]: 2982362915 sent size: 4 option: 51:lease-time 00:00:0e:10<br>Mar 26 12:18:13 dnsmasq-dhcp[8327]: 2982362915 sent size: 4 option: 58:T1 00:00:07:08<br>Mar 26 12:18:13 dnsmasq-dhcp[8327]: 2982362915 sent size: 4 option: 59:T2 00:00:0c:4e<br>Mar 26 12:18:13 dnsmasq-dhcp[8327]: 2982362915 sent size: 4 option: 1:netmask 255.255.255.0<br>Mar 26 12:18:13 dnsmasq-dhcp[8327]: 2982362915 sent size: 4 option: 28:broadcast 192.168.100.255<br>Mar 26 12:18:13 dnsmasq-dhcp[8327]: 2982362915 sent size: 4 option: 3:router 192.168.100.128<br>Mar 26 12:18:13 dnsmasq-dhcp[8327]: 2982362915 sent size: 4 option: 6:dns-server 192.168.100.128<br>Mar 26 12:18:13 dnsmasq-dhcp[8327]: 2982362915 available DHCP range: 192.168.100.129 -- 192.168.100.139<br>Mar 26 12:18:13 dnsmasq-dhcp[8327]: 2982362915 vendor class: udhcp 1.19.3<br>Mar 26 12:18:13 dnsmasq-dhcp[8327]: 2982362915 DHCPDISCOVER(port2) 52:94:00:02:a7:1e <br>Mar 26 12:18:13 dnsmasq-dhcp[8327]: 2982362915 DHCPOFFER(port2) 192.168.100.132 52:94:00:02:a7:1e <br>Mar 26 12:18:13 dnsmasq-dhcp[8327]: 2982362915 requested options: 1:netmask, 3:router, 6:dns-server, 12:hostname, <br>Mar 26 12:18:13 dnsmasq-dhcp[8327]: 2982362915 requested options: 15:domain-name, 28:broadcast, 42:ntp-server<br>Mar 26 12:18:13 dnsmasq-dhcp[8327]: 2982362915 tags: port2<br>Mar 26 12:18:13 dnsmasq-dhcp[8327]: 2982362915 next server: 192.168.100.128<br>Mar 26 12:18:13 dnsmasq-dhcp[8327]: 2982362915 sent size: 1 option: 53:message-type 02<br>Mar 26 12:18:13 dnsmasq-dhcp[8327]: 2982362915 sent size: 4 option: 54:server-identifier 192.168.100.128<br>Mar 26 12:18:13 dnsmasq-dhcp[8327]: 2982362915 sent size: 4 option: 51:lease-time 00:00:0e:10<br>Mar 26 12:18:13 dnsmasq-dhcp[8327]: 2982362915 sent size: 4 option: 58:T1 00:00:07:08<br>Mar 26 12:18:13 dnsmasq-dhcp[8327]: 2982362915 sent size: 4 option: 59:T2 00:00:0c:4e<br>Mar 26 12:18:13 dnsmasq-dhcp[8327]: 2982362915 sent size: 4 option: 1:netmask 255.255.255.0<br>Mar 26 12:18:13 dnsmasq-dhcp[8327]: 2982362915 sent size: 4 option: 28:broadcast 192.168.100.255<br>Mar 26 12:18:13 dnsmasq-dhcp[8327]: 2982362915 sent size: 4 option: 3:router 192.168.100.128<br>Mar 26 12:18:13 dnsmasq-dhcp[8327]: 2982362915 sent size: 4 option: 6:dns-server 192.168.100.128<br><br>...<br><br>tcpdump-vnet0<br>12:18:10.503450 IP (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 308)<br> 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 52:94:00:02:a7:1e (oui Unknown), length 280, xid 0xb1c33f23, Flags [none]<br> Client-Ethernet-Address 52:94:00:02:a7:1e (oui Unknown)<br> Vendor-rfc1048 Extensions<br> Magic Cookie 0x63825363<br> DHCP-Message Option 53, length 1: Discover<br> Client-ID Option 61, length 7: ether 52:94:00:02:a7:1e<br> MSZ Option 57, length 2: 576<br> Parameter-Request Option 55, length 7: <br> Subnet-Mask, Default-Gateway, Domain-Name-Server, Hostname<br> Domain-Name, BR, NTP<br> Vendor-Class Option 60, length 12: "udhcp 1.19.3"<br>12:18:13.511408 IP (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 308)<br> 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 52:94:00:02:a7:1e (oui Unknown), length 280, xid 0xb1c33f23, secs 3, Flags [none]<br> Client-Ethernet-Address 52:94:00:02:a7:1e (oui Unknown)<br> Vendor-rfc1048 Extensions<br> Magic Cookie 0x63825363<br> DHCP-Message Option 53, length 1: Discover<br> Client-ID Option 61, length 7: ether 52:94:00:02:a7:1e<br> MSZ Option 57, length 2: 576<br> Parameter-Request Option 55, length 7: <br> Subnet-Mask, Default-Gateway, Domain-Name-Server, Hostname<br> Domain-Name, BR, NTP<br> Vendor-Class Option 60, length 12: "udhcp 1.19.3"<br>...<br><br>tcpdump-port2<br>12:18:13.692635 IP (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 308)<br> 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 52:94:00:02:a7:1e (oui Unknown), length 280, xid 0x7fb62b28, secs 668, Flags [none]<br> Client-Ethernet-Address 52:94:00:02:a7:1e (oui Unknown)<br> Vendor-rfc1048 Extensions<br> Magic Cookie 0x63825363<br> DHCP-Message Option 53, length 1: Discover<br> Client-ID Option 61, length 7: ether 52:94:00:02:a7:1e<br> MSZ Option 57, length 2: 576<br> Parameter-Request Option 55, length 7: <br> Subnet-Mask, Default-Gateway, Domain-Name-Server, Hostname<br> Domain-Name, BR, NTP<br> Vendor-Class Option 60, length 12: "udhcp 1.19.3"<br>12:18:13.603662 IP (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 308)<br> 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 52:94:00:02:a7:1e (oui Unknown), length 280, xid 0x7fb62b28, secs 671, Flags [none]<br> Client-Ethernet-Address 52:94:00:02:a7:1e (oui Unknown)<br> Vendor-rfc1048 Extensions<br> Magic Cookie 0x63825363<br> DHCP-Message Option 53, length 1: Discover<br> Client-ID Option 61, length 7: ether 52:94:00:02:a7:1e<br> MSZ Option 57, length 2: 576<br> Parameter-Request Option 55, length 7: <br> Subnet-Mask, Default-Gateway, Domain-Name-Server, Hostname<br> Domain-Name, BR, NTP<br> Vendor-Class Option 60, length 12: "udhcp 1.19.3"</i><br><br>So, my opinion the problem is that something is wrong in the configuration of port2 and due to that it can't send packet; does someone have any idea of what can be wrong? <br><br>Thanks,<br>Daniele<b><br></b><br><br><br><br></div><blockquote class="ecxgmail_quote" style="padding-left:1ex"><div><div dir="ltr"><div><div><div> <pre style="padding:0px;font-size:12px;white-space:pre-wrap!important;margin-bottom:0px;word-wrap:break-word">Thanks, Daniele Milani</pre></div><blockquote style="padding-left:1ex"><div><div dir="ltr"><br>Daniele Milani<br><br><br><div><div class="h5"> <div>Date: Thu, 22 Mar 2012 10:54:21 -0700<br>Subject: Re: [libvirt] Problem with Open vSwitch and dnsmasq<br>From: <a href="mailto:aatteka@nicira.com">aatteka@nicira.com</a><br>To: <a href="mailto:dano1988@hotmail.it">dano1988@hotmail.it</a><br> CC: <a href="mailto:libvir-list@redhat.com">libvir-list@redhat.com</a>; <a href="mailto:roberto.sassu@polito.it">roberto.sassu@polito.it</a><div><div><br><br><br><br><div>On Thu, Mar 22, 2012 at 6:10 AM, Daniele Milani <span dir="ltr"><<a href="mailto:dano1988@hotmail.it">dano1988@hotmail.it</a>></span> wrote:<br> <blockquote style="border-left:1px #ccc solid;padding-left:1ex"> <div><div> <div><div dir="ltr"> Dear all,<br>I have the following situation:<br>-I replaced the standard bridge driver with the Open VSwitch one;<br>-I started a NAT-network on Libvirt (bridge name virbr1);<br>-I started a Virtual Machine (VM1) on Libvirt, and I tagged his interface (vnet0) with tag=2;<br> -if I run "# ovs-vsctl show" I obtain:<br><br>Bridge "virbr1"<br> Port "vnet0"<br> tag: 2<br> Interface "vnet0"<br> Port "virbr1-nic"<br> Interface "virb1-nic"<br> Port "virbr1"<br> Interface "virbr1"<br> type: internal<br><br>-the problem is that it is impossible to assign to VM1 an IP, because the dnsmasq daemon does not accept the tagged DHCP Discover frame.<br> <br>Does someone know if there is a way for dnsmasq to accept tagged frames through "virbr1", and send a tagged DHCP Offer packet back to VM1?<br><br></div></div></div></div></blockquote><div>I believe you would need to run dedicated dnsmasq process instance per each VLAN that you have. By<br> default I guess dnsmasq runs on virbr1, hence it does not see the tagged traffic that comes from vnet0.<br><br>You could try to:<br><ol><li>add another port to that bridge with the same VLAN as VM has. And run a separate instance of dnsmasq there; or</li> </ol><br><br><br>change the tag of virb1 port, but this might lead to other issues (e.g. then non-tagged VMs will not get DHCP leases).<br>Perhaps someone else can suggest something easier...<br><br></div><blockquote style="padding-left:1ex"> <div><div><div><div dir="ltr">Greetings,<br>Daniele Milani<br><br> </div></div> </div></div><br>--<br> libvir-list mailing list<br> <a href="mailto:libvir-list@redhat.com">libvir-list@redhat.com</a><br> <a href="https://www.redhat.com/mailman/listinfo/libvir-list" target="_blank">https://www.redhat.com/mailman/listinfo/libvir-list</a><br></blockquote></div><br></div></div></div> </div></div></div></div> </blockquote></div><br></div> </div></div> </blockquote></div><br></div> </div></div> </div></body> </html>