LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Virtualization and Cloud (https://www.linuxquestions.org/questions/linux-virtualization-and-cloud-90/)
-   -   KVM networking - using VLAN and Bridges on Debian/Ubuntu (https://www.linuxquestions.org/questions/linux-virtualization-and-cloud-90/kvm-networking-using-vlan-and-bridges-on-debian-ubuntu-4175458587/)

nicolasdiogo 04-18-2013 03:04 AM
KVM networking - using VLAN and Bridges on Debian/Ubuntu
 
hello


i have tried to setup an environment using Debian 6 and Ubuntu 12.04 (both x64), using VLAN to manage networks between storage server and host/node servers.

i have used seem this article that describes what i have tried to achieve (option 1).
http://blog.davidvassallo.me/2012/05...to-the-guests/


i have setup:
bond for eth0 and eth1

created VLANs on the bond - bond0.10, bond0.100

then created bridges to enable guests to access the networks - br10, br1000

and a bridge to allow untagged traffic to host - br1


Problem:
guests can not receive any traffic

i have tried checking for traffic on the port connected to br10, and no packets are received.
i am checking this while testing (ping, ssh, nmap, http) to connect to this guest host.


i would really appreciate if somebody could provide a link to some other posts/article on how to get this setup working.

thanks,

acid_kewpie 04-18-2013 04:22 AM
It sounds good to me. Can you post the full output of "ifconfig -a" and "brctl show" on the host. You've checked the port? That's as in inside the vm? What about tcpdumping on the virtual interface on the host side, and also on the bridge, and the bond (when testing from a physically remote machine)

nicolasdiogo 04-18-2013 05:34 AM
hello chris

i have tried to check with tcpdump. but i am receiving a lot of traffic in the host. using like:

tcpdump -i bond.10 -A


which is printing everything
is there a better way of checking it?

however, on the guest that uses the attached bridge (br10) there is no traffic at all.

it is very puzzling for me as i am no network expert.

acid_kewpie 04-18-2013 05:35 AM
Looking for the traffic for a specific VM guest would be a sane way to do that... just add "host a.b.c.d" to the tcpdump command.

Please provide the outputs requsted above first though.

nicolasdiogo 04-18-2013 11:13 AM
i will get those outputs that you asked later today.

this is the network file on one of the hosts/nodes:

Code:
# The loopback network interface
auto lo
iface lo inet loopback

iface bond0 inet manual
        pre-down ethtool -s $IFACE wol g
        bond-slaves eth0 eth1
        bond-primary eth0
        bond-mode 1
        bond-miimon 100
        bond-downdelay 100
        bond-updelay 100

iface bond0.10 inet manual
iface bond0.100 inet manual

auto virbr1
iface virbr1 inet static
        address 192.168.1.3
        broadcast 192.168.1.255
        netmask 255.255.255.0
        gateway 192.168.1.1
        dns-search home.brain
        dns-nameservers 192.168.1.1 8.8.8.8
        bridge_ports bond0
        bridge_stp off      # disable Spanning Tree Protocol
        bridge_waitport 0    # no delay before a port becomes available
        bridge_fd 0          # no forwarding delay
        ## un-tagged packets have to have the same MAC as the bond (NICs)
        ## hwaddress ether 02:01:02:03:04:a1

auto virbr10
iface virbr10 inet static
        address 10.1.10.3
        broadcast 10.1.10.255
        netmask 255.255.255.0
        gateway 10.1.10.254
        dns-search mngt.brain
        dns-nameservers 10.1.10.253
        bridge_ports bond0.10
        bridge_stp off      # disable Spanning Tree Protocol
        bridge_waitport 0    # no delay before a port becomes available
        bridge_fd 0          # no forwarding delay
        hwaddress ether 02:01:02:03:04:a2

auto virbr100
iface virbr100 inet static
        address 10.1.100.3
        netmask 255.255.255.0
        broadcast 10.1.100.254
        network 10.1.100.0
        bridge_ports bond0.100
        bridge_stp off      # disable Spanning Tree Protocol
        bridge_waitport 0    # no delay before a port becomes available
        bridge_fd 0          # no forwarding delay
        hwaddress ether 02:01:02:03:04:a3

i have added the hwaddress ether as there were lots of entries on /var/log/syslog of packets originating with same MAC as detination. this seems to solve this issue.


thanks,

nicolasdiogo 04-19-2013 02:45 AM
hello

apologies but i could not get the output of the system yet.
as it is my own system, i will have to do it later own tonight.

thanks,

nicolasdiogo 04-22-2013 04:30 PM
hello

i have restart the whole setup from scratch and it seems that there is an issue with the bodnding.
i can get all the VLANs and bridges working fine against eth0 or eth1.

but as i add eth0 and eth1 to a bond and then VLANs and bridge against it.
i find errors on the logs and connectivity with guests fail.

so for now i will use eth0; and revisit it in the future.


thanks for taking the time to look into it.

regards,

Nicolas

cbob 02-03-2014 02:53 PM
halp
 
sorry to kick an old topic but did anyone ever find a resloution to this? Im having the exact same problem and i do not wish to settle for unbonded nics because a switch failure will result in the loss of the host which is the exact reason we purchase redundant switches for. i would be absolutely grateful if anyone has any futher information on this

nicolasdiogo 02-05-2014 06:47 AM
hello

i will have a look on this setup; it is a while since i last checked.

and there were a number of packages updates, and other people who looked into this matter.

if there are any changes - i will post back here.

from the top of my head, i recall having somebody who was an expert on Cisco switches changing some settings trying to solve this matter.
thus keep in mind that you may find your switch not playing correctly - do not think the problem is on the box alone.


tchau

cbob 02-05-2014 11:56 AM
re:
 
our problem isnt the cisco switch some of our ceph nodes use lacp bonding and that works, and we can get all of our hypervisor nodes to work on active-backup i.e. pull cables and not lose packets, we can even get to the point where some of the bridges pass traffic. here is what one of our attempts at a conf file looks like (there are many many others) this is for cloudstack btw

auto em1
iface em1 inet manual
bond-master bond0
bond-primary em1

auto em2
iface em2 inet manual
bond-master bond0

auto bond0
iface bond0 inet manual
bond-mode active-backup
bond-miimon 100
bond-slaves em1 em2

# Management
auto bond0.100
iface bond0.100 inet static
address 10.100.0.33
netmask 255.255.255.0
network 10.100.0.0
broadcast 10.100.0.255
gateway 10.100.0.1
dns-nameservers 10.100.0.4
dns-search dcnfargo.ntgcloud

auto cloudbr0
iface cloudbr0 inet manual
bridge_ports bond0
bridge_fd 5
bridge_stp off
bridge_maxwait 1

nicolasdiogo 05-13-2014 02:04 PM
(with shame)

apologies for the time
probably not relevant anymore.

*but* for completeness:

this it the configuration that is working

Code:

# network interface settings
auto lo
iface lo inet loopback

#auto eth0
iface eth0 inet manual

#auto eth1
iface eth1 inet manual

auto bond0
iface bond0 inet manual
        slaves eth0 eth1
        bond_miimon 100
#        bond_mode balance-xor        # sends packets on one or another
        bond_mode broadcast        # sends packets on all interfaces

auto vmbr0
iface vmbr0 inet static
        address  192.168.1.254
        netmask  255.255.255.0
        gateway  192.168.1.1
        bridge_ports bond0
        bridge_stp off
        bridge_fd 0
best regards,


Nicolas


All times are GMT -5. The time now is 08:22 PM.