[libvirt-users] [libvirt] Problem with Open vSwitch and dnsmasq
Daniele Milani
dano1988 at hotmail.it
Mon Mar 26 10:41:59 UTC 2012
Date: Fri, 23 Mar 2012 10:15:31 -0700
Subject: Re: [libvirt] Problem with Open vSwitch and dnsmasq
From: aatteka at nicira.com
To: dano1988 at hotmail.it
CC: libvir-list at redhat.com; roberto.sassu at polito.it; paolo.smiraglia at polito.it; dev at openvswitch.org; libvirt-users at redhat.com
On Fri, Mar 23, 2012 at 4:14 AM, Daniele Milani <dano1988 at hotmail.it> wrote:
Date: Thu, 22 Mar 2012 11:43:03 -0700
Subject: Re: [libvirt] Problem with Open vSwitch and dnsmasq
From: aatteka at nicira.com
To: dano1988 at hotmail.it
CC: libvir-list at redhat.com; roberto.sassu at polito.it; paolo.smiraglia at polito.it; dev at openvswitch.org
On Thu, Mar 22, 2012 at 11:11 AM, Daniele Milani <dano1988 at hotmail.it> wrote:
I think I could try the first solution. Can you explain me how do I create the port used by dnsmasq?
For example, is it correct to execute
# ovs-vsctl add-port virbr1 port2 tag=2
to create a port for the vLan whose tag is 2 named "port2"?
Try something like this:
ovs-vsctl add-port virbr1 port2 tag=2
ovs-vsctl set Interface port2 type=internal
ifconfig port2 10.0.0.1
ifconfig port2 up
/usr/sbin/dnsmasq --strict-order --bind-interfaces --except-interface lo --listen-address 10.0.0.1 --dhcp-range 10.0.0.10,10.0.0.20 --dhcp-leasefile=/var/lib/libvirt/dnsmasq/vlan2.leases --dhcp-lease-max=253 --dhcp-no-override
Though I have not tested it...
I tried the configuration you suggest; and the request is now received by dnsmasq.I executed:ifconfig port2 192.168.100.128 netmask 255.255.255.0
ifconfig port2 up
/usr/sbin/dnsmasq --strict-order --bind-interfaces --except-interface lo
--listen-address 192.168.100.128 --dhcp-range 192.168.100.129,192.168.100.139 --dhcp-leasefile=/var/lib/libvirt/dnsmasq/vlan2.leases --dhcp-lease-max=11 --dhcp-no-override --log-queries --log-facilities=/path_to_my_file/my_file
tailf /path_to_my_file/my_file
obtaining the following output:
dnsmasq-dhcp[]: DHCPDISCOVER(port2) 52:94:00:02:a7:1e
dnsmasq-dhcp[]: DHCPOFFER(port2) 192.168.100.129 52:94:00:02:a7:1e
...
dnsmasq-dhcp[]: DHCPDISCOVER(port2) 52:94:00:02:a7:1e
dnsmasq-dhcp[]: DHCPOFFER(port2) 192.168.100.129 52:94:00:02:a7:1e
...Now I have a different problem: none DHCP Offer is sent by port2.
Do someone know why does it happen and what to do about it?Try to run tcpdump/wireshark in VM to see if reply gets back that far.
Also as per Laine's suggestion - you should execute those commands only
on non-libvirt managed networks. This means that you should create OVS
bridge yourself and then edit the VM XML configuration so that VM interfaces
get added to your bridge directly.
By the way libvirt 0.9.11 will have support for Open vSwitch and you won't
need to have the Linux Bridge compatibility layer anymore.
This is the current situation:
# ovs-vsctl show
Bridge "br2"
Port "vnet0"
tag: 2
Interface "vnet0"
Port "br2-nic"
Interface "br2-nic"
Port "port2"
tag: 2
Interface "port2"
type: internal
Port "br2"
Interface "br2"
type: internal
# ps -aux | grep dnsmasq
nobody 8327 0.0 0.0 5340 860 ? S 12:14 0:00 /usr/sbin/dnsmasq --strict-order --bind-interfaces --pid-file=/usr/local/var/run/libvirt/network/vlan2.pid --conf-file= --listen-address 192.168.100.128 --dhcp-range 192.168.100.129,192.168.100.139 --dhcp-leasefile=/usr/local/var/lib/libvirt/dnsmasq/net4.leases --dhcp-lease-max=11 --dhcp-no-override --log-dhcp --log-queries --log-facility=/filepath/file
#ifconfig
br2 Link encap:Ethernet HWaddr 02:ef:32:bd:23:4f
indirizzo inet:192.168.100.1 Bcast:192.168.100.255 Maschera:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:340 errors:0 dropped:0 overruns:0 frame:0
TX packets:313 errors:0 dropped:0 overruns:0 carrier:0
collisioni:0 txqueuelen:0
Byte RX:63867 (63.8 KB) Byte TX:19027 (19.0 KB)
port2 Link encap:Ethernet HWaddr ca:7e:52:18:95:61
indirizzo inet:192.168.100.128 Bcast:192.168.100.255 Maschera:255.255.255.0
indirizzo inet6: fe80::c87e:52ff:fe18:9561/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:40 errors:0 dropped:0 overruns:0 frame:0
TX packets:106 errors:0 dropped:0 overruns:0 carrier:0
collisioni:0 txqueuelen:0
Byte RX:11416 (11.4 KB) Byte TX:14851 (14.8 KB)
vnet0 Link encap:Ethernet HWaddr fe:94:00:02:a7:1e
indirizzo inet6: fe80::fc94:ff:fe02:a71e/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:40 errors:0 dropped:0 overruns:0 frame:0
TX packets:71 errors:0 dropped:0 overruns:0 carrier:0
collisioni:0 txqueuelen:500
Byte RX:11416 (11.4 KB) Byte TX:9935 (9.9 KB)
...
I captured the dnsmasq output and I ran tcpdump on port2 and vnet0, obtaining the following result:
dnsmasq
Mar 26 12:18:04 dnsmasq[6948]: started, version 2.57 cachesize 150
Mar 26 12:18:04 dnsmasq[6948]: compile time options: IPv6 GNU-getopt DBus I18N DHCP TFTP IDN
Mar 26 12:18:04 dnsmasq-dhcp[6948]: DHCP, IP range 192.168.100.129 -- 192.168.100.139, lease time 1h
Mar 26 12:18:04 dnsmasq[6948]: reading /etc/resolv.conf
Mar 26 12:18:04 dnsmasq[6948]: using nameserver 130.192.3.24#53
Mar 26 12:18:04 dnsmasq[6948]: using nameserver 130.192.3.103#53
Mar 26 12:18:04 dnsmasq[6948]: using nameserver 130.192.3.21#53
Mar 26 12:18:04 dnsmasq[6948]: read /etc/hosts - 8 addresses
Mar 26 12:18:10 dnsmasq-dhcp[8327]: 2982362915 available DHCP range: 192.168.100.129 -- 192.168.100.139
Mar 26 12:18:10 dnsmasq-dhcp[8327]: 2982362915 vendor class: udhcp 1.19.3
Mar 26 12:18:13 dnsmasq-dhcp[8327]: 2982362915 DHCPDISCOVER(port2) 52:94:00:02:a7:1e
Mar 26 12:18:13 dnsmasq-dhcp[8327]: 2982362915 DHCPOFFER(port2) 192.168.100.132 52:94:00:02:a7:1e
Mar 26 12:18:13 dnsmasq-dhcp[8327]: 2982362915 requested options: 1:netmask, 3:router, 6:dns-server, 12:hostname,
Mar 26 12:18:13 dnsmasq-dhcp[8327]: 2982362915 requested options: 15:domain-name, 28:broadcast, 42:ntp-server
Mar 26 12:18:13 dnsmasq-dhcp[8327]: 2982362915 tags: port2
Mar 26 12:18:13 dnsmasq-dhcp[8327]: 2982362915 next server: 192.168.100.128
Mar 26 12:18:13 dnsmasq-dhcp[8327]: 2982362915 sent size: 1 option: 53:message-type 02
Mar 26 12:18:13 dnsmasq-dhcp[8327]: 2982362915 sent size: 4 option: 54:server-identifier 192.168.100.128
Mar 26 12:18:13 dnsmasq-dhcp[8327]: 2982362915 sent size: 4 option: 51:lease-time 00:00:0e:10
Mar 26 12:18:13 dnsmasq-dhcp[8327]: 2982362915 sent size: 4 option: 58:T1 00:00:07:08
Mar 26 12:18:13 dnsmasq-dhcp[8327]: 2982362915 sent size: 4 option: 59:T2 00:00:0c:4e
Mar 26 12:18:13 dnsmasq-dhcp[8327]: 2982362915 sent size: 4 option: 1:netmask 255.255.255.0
Mar 26 12:18:13 dnsmasq-dhcp[8327]: 2982362915 sent size: 4 option: 28:broadcast 192.168.100.255
Mar 26 12:18:13 dnsmasq-dhcp[8327]: 2982362915 sent size: 4 option: 3:router 192.168.100.128
Mar 26 12:18:13 dnsmasq-dhcp[8327]: 2982362915 sent size: 4 option: 6:dns-server 192.168.100.128
Mar 26 12:18:13 dnsmasq-dhcp[8327]: 2982362915 available DHCP range: 192.168.100.129 -- 192.168.100.139
Mar 26 12:18:13 dnsmasq-dhcp[8327]: 2982362915 vendor class: udhcp 1.19.3
Mar 26 12:18:13 dnsmasq-dhcp[8327]: 2982362915 DHCPDISCOVER(port2) 52:94:00:02:a7:1e
Mar 26 12:18:13 dnsmasq-dhcp[8327]: 2982362915 DHCPOFFER(port2) 192.168.100.132 52:94:00:02:a7:1e
Mar 26 12:18:13 dnsmasq-dhcp[8327]: 2982362915 requested options: 1:netmask, 3:router, 6:dns-server, 12:hostname,
Mar 26 12:18:13 dnsmasq-dhcp[8327]: 2982362915 requested options: 15:domain-name, 28:broadcast, 42:ntp-server
Mar 26 12:18:13 dnsmasq-dhcp[8327]: 2982362915 tags: port2
Mar 26 12:18:13 dnsmasq-dhcp[8327]: 2982362915 next server: 192.168.100.128
Mar 26 12:18:13 dnsmasq-dhcp[8327]: 2982362915 sent size: 1 option: 53:message-type 02
Mar 26 12:18:13 dnsmasq-dhcp[8327]: 2982362915 sent size: 4 option: 54:server-identifier 192.168.100.128
Mar 26 12:18:13 dnsmasq-dhcp[8327]: 2982362915 sent size: 4 option: 51:lease-time 00:00:0e:10
Mar 26 12:18:13 dnsmasq-dhcp[8327]: 2982362915 sent size: 4 option: 58:T1 00:00:07:08
Mar 26 12:18:13 dnsmasq-dhcp[8327]: 2982362915 sent size: 4 option: 59:T2 00:00:0c:4e
Mar 26 12:18:13 dnsmasq-dhcp[8327]: 2982362915 sent size: 4 option: 1:netmask 255.255.255.0
Mar 26 12:18:13 dnsmasq-dhcp[8327]: 2982362915 sent size: 4 option: 28:broadcast 192.168.100.255
Mar 26 12:18:13 dnsmasq-dhcp[8327]: 2982362915 sent size: 4 option: 3:router 192.168.100.128
Mar 26 12:18:13 dnsmasq-dhcp[8327]: 2982362915 sent size: 4 option: 6:dns-server 192.168.100.128
...
tcpdump-vnet0
12:18:10.503450 IP (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 308)
0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 52:94:00:02:a7:1e (oui Unknown), length 280, xid 0xb1c33f23, Flags [none]
Client-Ethernet-Address 52:94:00:02:a7:1e (oui Unknown)
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Discover
Client-ID Option 61, length 7: ether 52:94:00:02:a7:1e
MSZ Option 57, length 2: 576
Parameter-Request Option 55, length 7:
Subnet-Mask, Default-Gateway, Domain-Name-Server, Hostname
Domain-Name, BR, NTP
Vendor-Class Option 60, length 12: "udhcp 1.19.3"
12:18:13.511408 IP (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 308)
0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 52:94:00:02:a7:1e (oui Unknown), length 280, xid 0xb1c33f23, secs 3, Flags [none]
Client-Ethernet-Address 52:94:00:02:a7:1e (oui Unknown)
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Discover
Client-ID Option 61, length 7: ether 52:94:00:02:a7:1e
MSZ Option 57, length 2: 576
Parameter-Request Option 55, length 7:
Subnet-Mask, Default-Gateway, Domain-Name-Server, Hostname
Domain-Name, BR, NTP
Vendor-Class Option 60, length 12: "udhcp 1.19.3"
...
tcpdump-port2
12:18:13.692635 IP (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 308)
0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 52:94:00:02:a7:1e (oui Unknown), length 280, xid 0x7fb62b28, secs 668, Flags [none]
Client-Ethernet-Address 52:94:00:02:a7:1e (oui Unknown)
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Discover
Client-ID Option 61, length 7: ether 52:94:00:02:a7:1e
MSZ Option 57, length 2: 576
Parameter-Request Option 55, length 7:
Subnet-Mask, Default-Gateway, Domain-Name-Server, Hostname
Domain-Name, BR, NTP
Vendor-Class Option 60, length 12: "udhcp 1.19.3"
12:18:13.603662 IP (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 308)
0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 52:94:00:02:a7:1e (oui Unknown), length 280, xid 0x7fb62b28, secs 671, Flags [none]
Client-Ethernet-Address 52:94:00:02:a7:1e (oui Unknown)
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Discover
Client-ID Option 61, length 7: ether 52:94:00:02:a7:1e
MSZ Option 57, length 2: 576
Parameter-Request Option 55, length 7:
Subnet-Mask, Default-Gateway, Domain-Name-Server, Hostname
Domain-Name, BR, NTP
Vendor-Class Option 60, length 12: "udhcp 1.19.3"
So, my opinion the problem is that something is wrong in the configuration of port2 and due to that it can't send packet; does someone have any idea of what can be wrong?
Thanks,
Daniele
Thanks,
Daniele Milani
Daniele Milani
Date: Thu, 22 Mar 2012 10:54:21 -0700
Subject: Re: [libvirt] Problem with Open vSwitch and dnsmasq
From: aatteka at nicira.com
To: dano1988 at hotmail.it
CC: libvir-list at redhat.com; roberto.sassu at polito.it
On Thu, Mar 22, 2012 at 6:10 AM, Daniele Milani <dano1988 at hotmail.it> wrote:
Dear all,
I have the following situation:
-I replaced the standard bridge driver with the Open VSwitch one;
-I started a NAT-network on Libvirt (bridge name virbr1);
-I started a Virtual Machine (VM1) on Libvirt, and I tagged his interface (vnet0) with tag=2;
-if I run "# ovs-vsctl show" I obtain:
Bridge "virbr1"
Port "vnet0"
tag: 2
Interface "vnet0"
Port "virbr1-nic"
Interface "virb1-nic"
Port "virbr1"
Interface "virbr1"
type: internal
-the problem is that it is impossible to assign to VM1 an IP, because the dnsmasq daemon does not accept the tagged DHCP Discover frame.
Does someone know if there is a way for dnsmasq to accept tagged frames through "virbr1", and send a tagged DHCP Offer packet back to VM1?
I believe you would need to run dedicated dnsmasq process instance per each VLAN that you have. By
default I guess dnsmasq runs on virbr1, hence it does not see the tagged traffic that comes from vnet0.
You could try to:
add another port to that bridge with the same VLAN as VM has. And run a separate instance of dnsmasq there; or
change the tag of virb1 port, but this might lead to other issues (e.g. then non-tagged VMs will not get DHCP leases).
Perhaps someone else can suggest something easier...
Greetings,
Daniele Milani
--
libvir-list mailing list
libvir-list at redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20120326/0e4b3cf5/attachment.htm>
More information about the libvirt-users
mailing list