[libvirt-users] bridge / ubuntu / no arp reply

Thu Feb 27 20:20:41 UTC 2014

2014-02-26 21:36 GMT+01:00 François Chenais <francois.chenais at gmail.com>:
>
>
>
>
> 2014-02-26 15:10 GMT+01:00 Laine Stump <laine at laine.org>:
>
>> On 02/26/2014 02:56 PM, Michal Privoznik wrote:
>> > On 25.02.2014 22:45, François Chenais wrote:
>> >> Hello
>> >>
>> >> I'm trying to setup a bridged guest on an ubuntu 13.10 but it doesn't
>> >> work.
>> >>
>> >> (Everything is ok with NAT)
>> >>
>> >> Network sniffing shows that arp replies don't come back to the guest.
>> >>
>> >>
>> >> Test 1
>> >> ------
>> >>
>> >> Guest : ping host_bridge_ip   (ok)
>> >>
>> >>
>> >>
>> >> Test 2
>> >> ------
>> >>
>> >> Guest: ping other_lan_host (KO)
>> >>
>> >>       other_lan_host
>> >>
>> >>              - receives arp who-is request
>> >>              - sends arp reply
>> >>              - arp -a   shows the guest macaddr
>> >>
>> >>
>> >>       => Guest doesn't receive reply
>> >>
>> >>
>> >> Test 3
>> >> ------
>> >>
>> >> other_lan_host ping the Guest   (KO)
>> >>
>> >>     - arp -a shows "incomplete" addr
>> >>     - Guest receives nothing
>> >>
>> >>
>> >> On Host
>> >> -------
>> >>
>> >> network tcpdump on bridge or vnet interfaces shows request but no
>> >> reply ...
>> >>
>> >>
>> >> Thanks in advance for help or ideas
>> >>
>> >>
>> >>      François
>> >>
>> >
>> > I suspect firewall. By my experience 99% of network issues is caused
>> > by firewall. Try flushing all tables and see if that helps.
>>
>> ..except that firewall problems usually prevent passing IP traffic, but
>> not ARP requests and responses.
>>
>
> ... and tcpdump get IP traffic before FW .. and I have disable the FW ...
>
>
>>
>> Can the guest ping the host?
>
>
> Yes : see  Test 1
>
>>
>> If not, then you may have something setup
>> incorrectly with the bridge. Send "ifconfig br0; ifconfig eth0; brctl
>> show" (replacing "br0" with whatever bridge device you have, and "eth0"
>> with the host physical ethernet that is attached to the bridge). The
>> guest's vnetX (tap device) and the "eth0" should be attached to br0 (the
>> bridge device), and br0 should have an IP address, but eth0 should *not*
>> have an IP address.
>>
>
> That's OK
>
>
>
>>
>> Is this host plugged into a switch port that is locked down to a
>> particular MAC address? You may need to get the guest's MAC address
>> enabled at the switch by your IT department.
>>
>
> I'm the IT department, I'm doing those tests at home :)
>
>
> It's works well at work on CentOS ...
>
>
>>
>>
>> Another thing to check is whether or not the ARP request is ever making
>> it out to the physical network device on the host - try running tcpdump
>> there as well. I've never encountered a Linux system that rejected
>> outgoing arp requests for any reason, but this sysctl makes me wonder
>> how that might get screwed up:
>>
>>   root at vlap /home/laine>sysctl -a | grep bridge
>>   net.bridge.bridge-nf-call-arptables = 1
>>   [...]
>>
>>
> I got 0 there ...
>
>
> I've tried with an DSL box but, because I don't see reply on host,
> I suspect a special configuration.  So I used  an alternate switch,
> a netgear switch (GS608) but it fails to...
>
>
> I just tried with a direct cable link between the host and other_computer
> and ...  ** it's working ... **
>
> It seems the 2 switches don't support multiple mac on the same port !!! :/
>
>
> I didn't expect this but it's not so surprising with low price hardware ...
>

>
> Thanks all !!
>
>

>
>    François
>
> PS: do I have to change the subject with RESOLVE ?
>

Not at all ...

I've just tried using macvlan (type bridge), which set new mac addr and  ...
     it's working .... !!!?:/

     ___
    |     |
    |    0
    |   /|\
    |   /\
    |
-------------

As Michal suggests, it's perhaps a bad FW configuration or maybe
  I forgot something in my tests or the error is SO BIG that I don't
  see it 8-|

I'll make some new tests to understand this error

    Thanks a lot ...