[libvirt-users] bridge / ubuntu / no arp reply

François Chenais francois.chenais at gmail.com
Wed Feb 26 20:36:39 UTC 2014 

2014-02-26 15:10 GMT+01:00 Laine Stump <laine at laine.org>:

> On 02/26/2014 02:56 PM, Michal Privoznik wrote:
> > On 25.02.2014 22:45, François Chenais wrote:
> >> Hello
> >>
> >> I'm trying to setup a bridged guest on an ubuntu 13.10 but it doesn't
> >> work.
> >>
> >> (Everything is ok with NAT)
> >>
> >> Network sniffing shows that arp replies don't come back to the guest.
> >>
> >>
> >> Test 1
> >> ------
> >>
> >> Guest : ping host_bridge_ip   (ok)
> >>
> >>
> >>
> >> Test 2
> >> ------
> >>
> >> Guest: ping other_lan_host (KO)
> >>
> >>       other_lan_host
> >>
> >>              - receives arp who-is request
> >>              - sends arp reply
> >>              - arp -a   shows the guest macaddr
> >>
> >>
> >>       => Guest doesn't receive reply
> >>
> >>
> >> Test 3
> >> ------
> >>
> >> other_lan_host ping the Guest   (KO)
> >>
> >>     - arp -a shows "incomplete" addr
> >>     - Guest receives nothing
> >>
> >>
> >> On Host
> >> -------
> >>
> >> network tcpdump on bridge or vnet interfaces shows request but no
> >> reply ...
> >>
> >>
> >> Thanks in advance for help or ideas
> >>
> >>
> >>      François
> >>
> >
> > I suspect firewall. By my experience 99% of network issues is caused
> > by firewall. Try flushing all tables and see if that helps.
>
> ..except that firewall problems usually prevent passing IP traffic, but
> not ARP requests and responses.
>
>
... and tcpdump get IP traffic before FW .. and I have disable the FW ...



> Can the guest ping the host?


Yes : see  Test 1


> If not, then you may have something setup
> incorrectly with the bridge. Send "ifconfig br0; ifconfig eth0; brctl
> show" (replacing "br0" with whatever bridge device you have, and "eth0"
> with the host physical ethernet that is attached to the bridge). The
> guest's vnetX (tap device) and the "eth0" should be attached to br0 (the
> bridge device), and br0 should have an IP address, but eth0 should *not*
> have an IP address.
>
>
That's OK




> Is this host plugged into a switch port that is locked down to a
> particular MAC address? You may need to get the guest's MAC address
> enabled at the switch by your IT department.
>
>
I'm the IT department, I'm doing those tests at home :)


It's works well at work on CentOS ...



>
> Another thing to check is whether or not the ARP request is ever making
> it out to the physical network device on the host - try running tcpdump
> there as well. I've never encountered a Linux system that rejected
> outgoing arp requests for any reason, but this sysctl makes me wonder
> how that might get screwed up:
>
>   root at vlap /home/laine>sysctl -a | grep bridge
>   net.bridge.bridge-nf-call-arptables = 1
>   [...]
>
>
> I got 0 there ...


I've tried with an DSL box but, because I don't see reply on host,
I suspect a special configuration.  So I used  an alternate switch,
a netgear switch (GS608) but it fails to...


I just tried with a direct cable link between the host and other_computer
and ...  ** it's working ... **

It seems the 2 switches don't support multiple mac on the same port !!! :/


I didn't expect this but it's not so surprising with low price hardware ...

Thanks all !!


   François

PS: do I have to change the subject with RESOLVE ?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20140226/ceda5e72/attachment.htm>

More information about the libvirt-users mailing list