FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu Server Development

 
 
LinkBack Thread Tools
 
Old 06-08-2010, 10:31 PM
Soren Hansen
 
Default KVM Networking Hell

On Tue, Jun 08, 2010 at 10:49:04PM +0100, Jamie McDonald wrote:
> #### START /etc/network/interfaces on HOST ####
>
> auto eth0
> iface eth0 inet manual
>
> auto br0
> iface br0 inet static
> address 88.208.249.44
> network 88.208.249.0
> netmask 255.255.252.0
> gateway 88.208.248.1

I probably doesn't matter, but that address with that netmask doesn't
give that network.

> auto eth0
> iface eth0 inet static
> address 88.208.249.45
> netmask 255.255.252.0
> network 88.208.248.0
> broadcast 88.208.251.255
> gateway 88.208.248.1

This adds up, though

> Symptoms
> ----------------
> I can now ssh from the host into the guest (from the host) and from the
> guest to the host, however try as I might I cannot get the guest to access
> the outside world or the host to pass packets to the guest.

It is not the job of the host to do any of this, really.

> As you can see, the bridge is working and when I start the VM from
> virsh# the vnet0 adapter is created, however no tap0 is being created.

vnet0 is the tap device. This is the expected behaviour.

> As far as I am aware you should not need ipv4 forwarding enabled in
> the Kernel for bridged networks

That's correct.

> If any of you could shed any light on this issue (since I can't seem
> to find anyone else with the issue) it would be most appreciated.

Off the top of my (arguably quite tired) head, it looks good. Can I see
the routing table in the guest?


--
Soren Hansen
Ubuntu Developer
http://www.ubuntu.com/
--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 06-09-2010, 07:49 AM
Jamie McDonald
 
Default KVM Networking Hell

Soren,

Thanks for your response and well spotted with the network mask, must have got tired staying up playing with this so late!!

I have updated the network address on the host the /etc/network/interfaces file now reads


## START /etc/network/interfaces file on HOST ##

auto eth0
iface eth0 inet manual

auto br0
iface br0 inet static
******* address 88.208.249.44
******* network 88.208.248.0
******* netmask 255.255.252.0

******* gateway 88.208.248.1
******* bridge_ports eth0
******* bridge_stp off
******* bridge_fd 0
******* bridge_maxwait 0

## END /etc/network/interfaces file on HOST ##

These changes have been enabled and I can still ssh between both the host and the guest, but still no external conectivity for the guest.


The routing table on the guest is as follows

## START routing table ##

Kernel IP routing table
Destination**** Gateway******** Genmask******** Flags Metric Ref*** Use Iface
88.208.248.0*** 0.0.0.0******** 255.255.252.0** U**** 0***** 0******* 0 eth0

0.0.0.0******** 88.208.248.1*** 0.0.0.0******** UG*** 100*** 0******* 0 eth0

## END routing table ##

Any more ideas?

Kind Regards,
Jamie.


On Tue, Jun 8, 2010 at 11:31 PM, Soren Hansen <soren@ubuntu.com> wrote:

On Tue, Jun 08, 2010 at 10:49:04PM +0100, Jamie McDonald wrote:

> #### START /etc/network/interfaces on HOST ####

>

> auto eth0

> iface eth0 inet manual

>

> auto br0

> iface br0 inet static

> * * * * address 88.208.249.44

> * * * * network 88.208.249.0

> * * * * netmask 255.255.252.0

> * * * * gateway 88.208.248.1



I probably doesn't matter, but that address with that netmask doesn't

give that network.



> auto eth0

> iface eth0 inet static

> * * address 88.208.249.45

> * * netmask 255.255.252.0

> * * network 88.208.248.0

> * * broadcast 88.208.251.255

> * * gateway 88.208.248.1



This adds up, though



> Symptoms

> ----------------

> I can now ssh from the host into the guest (from the host) and from the

> guest to the host, however try as I might I cannot get the guest to access

> the outside world or the host to pass packets to the guest.



It is not the job of the host to do any of this, really.



> As you can see, the bridge is working and when I start the VM from

> virsh# the vnet0 adapter is created, however no tap0 is being created.



vnet0 is the tap device. This is the expected behaviour.



> As far as I am aware you should not need ipv4 forwarding enabled in

> the Kernel for bridged networks



That's correct.



> If any of you could shed any light on this issue (since I can't seem

> to find anyone else with the issue) it would be most appreciated.



Off the top of my (arguably quite tired) head, it looks good. Can I see

the routing table in the guest?





--

Soren Hansen

Ubuntu Developer

http://www.ubuntu.com/


-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.10 (GNU/Linux)



iEYEARECAAYFAkwOxKQACgkQonjfXui9pOMD8gCgq/662euFJg8kaSDnpKvHYU5T

EcoAn1FaO6+SO0RSai276jVq84ab/IQr

=Cayb

-----END PGP SIGNATURE-----




--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 06-09-2010, 09:06 AM
Serge van Ginderachter
 
Default KVM Networking Hell

On 9 June 2010 09:49, Jamie McDonald <jmack@iclebyte.com> wrote:


These changes have been enabled and I can still ssh between both the host and the guest, but still no external conectivity for the guest.
Did you run a traceroute? Also Consider running tcotraceroute over a port you know for sure to be open.


--
* * Met cordiale groet,

* * Serge van Ginderachter

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 06-09-2010, 11:26 AM
Soren Hansen
 
Default KVM Networking Hell

On Wed, Jun 09, 2010 at 08:49:10AM +0100, Jamie McDonald wrote:
> These changes have been enabled and I can still ssh between both the
> host and the guest, but still no external conectivity for the guest.

Just to be clear, you can't even ping e.g. 88.208.248.1, right?

Can you provide the output of "brctl show" on the host, please?

I assume you haven't played with brtables or anything like that?

--
Soren Hansen
Ubuntu Developer
http://www.ubuntu.com/
--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 06-09-2010, 01:57 PM
Jamie McDonald
 
Default KVM Networking Hell

Soren,

You are correct, I cannot ping the gateway from the guest - however I can from the host.

The output of 'brctl show' on the host is as follows

## START brctl output ###

$brctl show

bridge name**** bridge id************** STP enabled**** interfaces
br0************ 8000.001999705a61****** no************ * ** eth0
************************************************** *** * * * * * * * * * ** vnet0

## END brctl output ##

From looking at this it looks like I should have my guest configured to use the vnet0 interface instead of br0?
Why when the testbox.xml VM configuration file is configured to use br0 is vnet0 being created when I start the VM via virsh?


brtables has not been modified in any way.

Serge, thanks for your input but I can't really do a traceroute easily because I can't connect this guest to the internet to download any packages or dependancies for the tcptraceroute program.


It's really strange, the host and the guest communicate fine.

Any more ideas?

Kind Regards,
Jamie.


On Wed, Jun 9, 2010 at 12:26 PM, Soren Hansen <soren@ubuntu.com> wrote:

On Wed, Jun 09, 2010 at 08:49:10AM +0100, Jamie McDonald wrote:

> These changes have been enabled and I can still ssh between both the

> host and the guest, but still no external conectivity for the guest.



Just to be clear, you can't even ping e.g. 88.208.248.1, right?



Can you provide the output of "brctl show" on the host, please?



I assume you haven't played with brtables or anything like that?



--

Soren Hansen

Ubuntu Developer

http://www.ubuntu.com/


-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.10 (GNU/Linux)



iEYEARECAAYFAkwPen4ACgkQonjfXui9pOMnsACeMqfOJ/09n/UmegCtvvkYhAQf

Fe0AniysDF8qAxKhwS8e6CqPt/GgwxgI

=Tw8I

-----END PGP SIGNATURE-----




--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 06-09-2010, 02:54 PM
Alex Muntada
 
Default KVM Networking Hell

+ Jamie McDonald <jmack@iclebyte.com>:

> You are correct, I cannot ping the gateway from the guest -
> however I can from the host.

Maybe the host is blocking traffic from the guest interface
with iptables? I used to add -i eth0 on every iptables rule
before trying kvm. If that's the case, you should remove
them or replace eth0 by br0.

On the other side, sniffing traffic on the host side should
help determining at least if packets arrive from the guest.
You can use tcpdump, wireshark, etc.

--
Alex Muntada <alexm@alexm.org>
http://alexm.org/

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 06-09-2010, 09:24 PM
Soren Hansen
 
Default KVM Networking Hell

On Wed, Jun 09, 2010 at 02:57:45PM +0100, Jamie McDonald wrote:
> The output of 'brctl show' on the host is as follows
>
> ## START brctl output ###
>
> $brctl show
> bridge name bridge id STP enabled interfaces
> br0 8000.001999705a61 no eth0
>
> vnet0
> ## END brctl output ##

I'm not sure if this output got linebroken somewhere. Can you perhaps
make sure the terminal you're using is large enough to hold the output
and put it on a pastebin so we can be sure noone's e-mail application is
messing with the formatting?

> From looking at this it looks like I should have my guest configured
> to use the vnet0 interface instead of br0?

No. vnet0 /is/ your guest. The virtual machines use tap devices for
networking. Think of vnet0 as the host end of the virtual network cable
between the guets and the host. It is meant to be connected to br0 such
that eth0 and vnet0 both are "connected".

> brtables has not been modified in any way.

Ok. And you haven't used Eucalyptus? It's the only thing I know of that
might fiddle with brtables behind the scenes.

What is eth0 on the host, by the way? What kind of NIC?

--
Soren Hansen
Ubuntu Developer
http://www.ubuntu.com/
--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 06-09-2010, 10:09 PM
Jamie McDonald
 
Default KVM Networking Hell

Soren,

Good timing! I was just about to write another email as I've been playing with this all evening - alas still no joy.

On Wed, Jun 9, 2010 at 10:24 PM, Soren Hansen <soren@ubuntu.com> wrote:

On Wed, Jun 09, 2010 at 02:57:45PM +0100, Jamie McDonald wrote:

> The output of 'brctl show' on the host is as follows

>

> ## START brctl output ###

>

> $brctl show

> bridge name * * bridge id * * * * * * * STP enabled * * interfaces

> br0 * * * * * * 8000.001999705a61 * * * no * * * * * * * * *eth0

>

> vnet0

> ## END brctl output ##



I'm not sure if this output got linebroken somewhere. Can you perhaps

make sure the terminal you're using is large enough to hold the output

and put it on a pastebin so we can be sure noone's e-mail application is

messing with the formatting?

*I have pasted a new copy here: http://pastebin.org/322148
*




> From looking at this it looks like I should have my guest configured

> to use the vnet0 interface instead of br0?



No. vnet0 /is/ your guest. The virtual machines use tap devices for

networking. Think of vnet0 as the host end of the virtual network cable

between the guets and the host. It is meant to be connected to br0 such

that eth0 and vnet0 both are "connected".


Thanks for your explanation - this makes more sense. Based on what you
have said then the VM is having the vnet0 tap interface created and
successfully attached to the br0 interface along with eth0 as per the pastebin mentioned above.




> brtables has not been modified in any way.



Ok. And you haven't used Eucalyptus? It's the only thing I know of that

might fiddle with brtables behind the scenes.

No I have not used Eucalyptus - this is a standard 9.10 build of Ubuntu server from Fasthosts.




What is eth0 on the host, by the way? What kind of NIC?


# dmesg | grep eth0
[*** 3.694657] 0000:00:19.0: eth0: (PCI Express:2.5GB/s:Width x1) 00:19:99:70:5a:61
[*** 3.694659] 0000:00:19.0: eth0: Intel(R) PRO/1000 Network Connection

[*** 3.694812] 0000:00:19.0: eth0: MAC: 7, PHY: 8, PBA No: ffffff-0ff
[*** 9.403673] device eth0 entered promiscuous mode
[*** 9.476752] ADDRCONF(NETDEV_UP): eth0: link is not ready
[** 11.045806] 0000:00:19.0: eth0: Link is Up 100 Mbps Full Duplex, Flow Control: None

[** 11.045808] 0000:00:19.0: eth0: 10/100 speed: disabling TSO
[** 11.046300] ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
[** 11.046373] br0: port 1(eth0) entering forwarding state
[** 21.972047] eth0: no IPv6 routers present

*
During my experiments this afternoon I have actually become more confused.
I have removed all firewall rules from the host in order to test as suggested by Alex (thankyou for your input kind sir). IP Forwarding is enabled (even though it should make no difference) and the following rules were added (although again I really don't think I should need them).


/sbin/iptables -A FORWARD -d 88.208.249.45 -j ACCEPT
/sbin/iptables -A FORWARD -s 88.208.249.45 -j ACCEPT


On the host machine I started listening for guest traffic on the eth0 interface using the following: tcpdump -i eth0 'host 88.208.249.45'

From the VM I then executed 'ping 88.208.248.1'. The TCP dump of eth0 on the host shows the ARP's being received by the host, however no response is ever sent - this always results in a 'destination host unreachable' message on the VM. This is obviously the same for any IP address on the internet.


# tcpdump -i eth0 'host 88.208.249.45'
tcpdump: WARNING: eth0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes

23:04:33.961261 arp who-has server88-208-248-1.live-servers.net tell server88-208-249-45.live-servers.net

23:04:34.961244 arp who-has server88-208-248-1.live-servers.net tell server88-208-249-45.live-servers.net

23:04:35.961234 arp who-has server88-208-248-1.live-servers.net tell server88-208-249-45.live-servers.net

23:04:36.971239 arp who-has server88-208-248-1.live-servers.net tell server88-208-249-45.live-servers.net

23:04:37.971239 arp who-has server88-208-248-1.live-servers.net tell server88-208-249-45.live-servers.net

23:04:38.971240 arp who-has server88-208-248-1.live-servers.net tell server88-208-249-45.live-servers.net



Any other suggestions I could try? Is there anything which Fasthosts could have in place which could inhibit a bridged network from operating correctly?

Kind Regards
- An increasingly insane Jamie.


*

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 06-10-2010, 01:06 AM
Douglas Stanley
 
Default KVM Networking Hell

Just to chime in here, yes, fasthosts may be causing you trouble. Your
VM has a different MAC, so if they're doing anything with smart
switches which only allow certain mac addresses on certain ports. They
could be blocking you. It might be worth while to call them and ask if
you need to let them know if more than one mac is coming from your one
port.

Doug

On Wed, Jun 9, 2010 at 6:09 PM, Jamie McDonald <jmack@iclebyte.com> wrote:
> Soren,
>
> Good timing! I was just about to write another email as I've been playing
> with this all evening - alas still no joy.
>
> On Wed, Jun 9, 2010 at 10:24 PM, Soren Hansen <soren@ubuntu.com> wrote:
>>
>> On Wed, Jun 09, 2010 at 02:57:45PM +0100, Jamie McDonald wrote:
>> > The output of 'brctl show' on the host is as follows
>> >
>> > ## START brctl output ###
>> >
>> > $brctl show
>> > bridge name * * bridge id * * * * * * * STP enabled * * interfaces
>> > br0 * * * * * * 8000.001999705a61 * * * no * * * * * * * * *eth0
>> >
>> > vnet0
>> > ## END brctl output ##
>>
>> I'm not sure if this output got linebroken somewhere. Can you perhaps
>> make sure the terminal you're using is large enough to hold the output
>> and put it on a pastebin so we can be sure noone's e-mail application is
>> messing with the formatting?
>
> *I have pasted a new copy here: http://pastebin.org/322148
>
>>
>> > From looking at this it looks like I should have my guest configured
>> > to use the vnet0 interface instead of br0?
>>
>> No. vnet0 /is/ your guest. The virtual machines use tap devices for
>> networking. Think of vnet0 as the host end of the virtual network cable
>> between the guets and the host. It is meant to be connected to br0 such
>> that eth0 and vnet0 both are "connected".
>
> Thanks for your explanation - this makes more sense. Based on what you have
> said then the VM is having the vnet0 tap interface created and successfully
> attached to the br0 interface along with eth0 as per the pastebin mentioned
> above.
>>
>> > brtables has not been modified in any way.
>>
>> Ok. And you haven't used Eucalyptus? It's the only thing I know of that
>> might fiddle with brtables behind the scenes.
>
> No I have not used Eucalyptus - this is a standard 9.10 build of Ubuntu
> server from Fasthosts.
>>
>> What is eth0 on the host, by the way? What kind of NIC?
>>
> # dmesg | grep eth0
> [*** 3.694657] 0000:00:19.0: eth0: (PCI Express:2.5GB/s:Width x1)
> 00:19:99:70:5a:61
> [*** 3.694659] 0000:00:19.0: eth0: Intel(R) PRO/1000 Network Connection
> [*** 3.694812] 0000:00:19.0: eth0: MAC: 7, PHY: 8, PBA No: ffffff-0ff
> [*** 9.403673] device eth0 entered promiscuous mode
> [*** 9.476752] ADDRCONF(NETDEV_UP): eth0: link is not ready
> [** 11.045806] 0000:00:19.0: eth0: Link is Up 100 Mbps Full Duplex, Flow
> Control: None
> [** 11.045808] 0000:00:19.0: eth0: 10/100 speed: disabling TSO
> [** 11.046300] ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
> [** 11.046373] br0: port 1(eth0) entering forwarding state
> [** 21.972047] eth0: no IPv6 routers present
>
> During my experiments this afternoon I have actually become more confused.
> I have removed all firewall rules from the host in order to test as
> suggested by Alex (thankyou for your input kind sir). IP Forwarding is
> enabled (even though it should make no difference) and the following rules
> were added (although again I really don't think I should need them).
>
> /sbin/iptables -A FORWARD -d 88.208.249.45 -j ACCEPT
> /sbin/iptables -A FORWARD -s 88.208.249.45 -j ACCEPT
>
>
> On the host machine I started listening for guest traffic on the eth0
> interface using the following: tcpdump -i eth0 'host 88.208.249.45'
> From the VM I then executed 'ping 88.208.248.1'. The TCP dump of eth0 on the
> host shows the ARP's being received by the host, however no response is ever
> sent - this always results in a 'destination host unreachable' message on
> the VM. This is obviously the same for any IP address on the internet.
>
> # tcpdump -i eth0 'host 88.208.249.45'
> tcpdump: WARNING: eth0: no IPv4 address assigned
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
> 23:04:33.961261 arp who-has server88-208-248-1.live-servers.net tell
> server88-208-249-45.live-servers.net
> 23:04:34.961244 arp who-has server88-208-248-1.live-servers.net tell
> server88-208-249-45.live-servers.net
> 23:04:35.961234 arp who-has server88-208-248-1.live-servers.net tell
> server88-208-249-45.live-servers.net
> 23:04:36.971239 arp who-has server88-208-248-1.live-servers.net tell
> server88-208-249-45.live-servers.net
> 23:04:37.971239 arp who-has server88-208-248-1.live-servers.net tell
> server88-208-249-45.live-servers.net
> 23:04:38.971240 arp who-has server88-208-248-1.live-servers.net tell
> server88-208-249-45.live-servers.net
>
>
> Any other suggestions I could try? Is there anything which Fasthosts could
> have in place which could inhibit a bridged network from operating
> correctly?
>
> Kind Regards
> - An increasingly insane Jamie.
>
>
>
> --
> ubuntu-server mailing list
> ubuntu-server@lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
> More info: https://wiki.ubuntu.com/ServerTeam
>



--
Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 06-10-2010, 08:16 AM
Soren Hansen
 
Default KVM Networking Hell

On Wed, Jun 09, 2010 at 11:09:48PM +0100, Jamie McDonald wrote:
>> I'm not sure if this output got linebroken somewhere. Can you perhaps
>> make sure the terminal you're using is large enough to hold the
>> output and put it on a pastebin so we can be sure noone's e-mail
>> application is messing with the formatting?
> I have pasted a new copy here: http://pastebin.org/322148

I still think it looks kind of weird. I was expecting vnet0 to be
directly underneath eth0, but meh. It's probably fine.

>> Ok. And you haven't used Eucalyptus? It's the only thing I know of
>> that might fiddle with brtables behind the scenes.
> No I have not used Eucalyptus - this is a standard 9.10 build of
> Ubuntu server from Fasthosts.

Oh. So this is running in a hosted environment?

> During my experiments this afternoon I have actually become more
> confused. I have removed all firewall rules from the host in order to
> test as suggested by Alex (thankyou for your input kind sir). IP
> Forwarding is enabled (even though it should make no difference) and
> the following rules were added (although again I really don't think I
> should need them).
>
> /sbin/iptables -A FORWARD -d 88.208.249.45 -j ACCEPT
> /sbin/iptables -A FORWARD -s 88.208.249.45 -j ACCEPT

Right, your host does /not/ act as a router or gateway of any kind for
the guest, so iptables and routing and whatnot does not factor into it
at all.

> Any other suggestions I could try? Is there anything which Fasthosts
> could have in place which could inhibit a bridged network from
> operating correctly?

Certainly. I hadn't considered that this might be running in a hosted
environment. Perhaps the port you're connected to only allows one
specific MAC (your host's, of course) in an effort to prevent MAC
spoofing on the network. This is a problem because your VM has its own
MAC address which is seen on the network (since the host does not act as
a router for it).

I'm assuming you got assigned multiple IP's. Are they expecting you to
route those IP's or something?

--
Soren Hansen
Ubuntu Developer
http://www.ubuntu.com/
--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 

Thread Tools




All times are GMT. The time now is 10:21 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org