[libvirt-users] Put virbr0 in promiscusous
Michal Privoznik
mprivozn at redhat.com
Mon Nov 24 10:28:32 UTC 2014
On 12.11.2014 14:55, Sagar Shedge wrote:
> Hi ,
>
>
> I have two virtual machines VM1 and VM2. Then I have added eth0 of my
> VM to 'default' network.
>
> Use case :-
> I want to monitor all traffic on virbr0('default' network).
>
> Steps followed :-
> 1. Add VM1 eth0 to virbr0
> 2. Add VM2 eth1 to virbr0
> 3. brctl setageing ovsbr0 0 ..(To put bridge in promiscuous)
>
> Now I am running tcpdump on eth1 of VM2 and trying to ping google.com
> <http://google.com>(outside world)
>
> In VM2 (tcpdump -i eth1), I can see only ingress(incoming) traffic of
> VM1. I am not able see outgoing traffic of VM1.
>
> If I create another bridge and trying same scenario with 2 VM then VM2
> can see both ingress and outgress traffic.
>
> So want to know what is the issue?
> Is libvirt doing something different with this virtbr0 bridge?
I suspect it's a kernel issue. I mean, kernel takes several shortcuts in
network stack when it comes to virtual NICs and virtual bridges. I've
come across this when implementing QoS. I haven't tried your scenario
out, I'm just guessing. BTW: depending on network type, libvirt may or
may not set up some ip-/eb-tables filters. But I don't think that's the
case.
Michal
More information about the libvirt-users
mailing list