[ovs-discuss] why vm can't ping host eth1
Salman Malik
salmanmk at live.com
Sat May 19 22:42:10 UTC 2012
Thanks a lot Reid. That was one awesome explanation. Few more questions:
1) In the first figure VMs can not communicate with the outside world (except using NAT) ?
2) (Sorry if this is very basic stuff) Do the ports have any addresses (like MAC or IP) in either physical or real bridges/switches ?
3) Robin said that uplink interface (in this case eth1) doesn't need an IP address. Is it true in every scenario or is it specific to this scenario( where IP stack would black hole the traffic if it is directed to eth1)
4) What does it mean for a bridge to be standalone mode and what are the other possible modes?
Thanks,
Salman
From: reid at nicira.com
Date: Sat, 19 May 2012 13:04:17 -0700
Subject: Re: [ovs-discuss] why vm can't ping host eth1
To: salmanmk at live.com
CC: cloudbengo at gmail.com; discuss at openvswitch.org
I drew a little ascii art, does this clarify things?
Hypervisor
+--------------------------------------------------------+ | |
+------ | -- iface <--------------------------------------+ | | | eth0 | |
| | | | {network} | | |
| | v | | | |
+------ | -- iface <-------------------------------> {IP stack} | | eth1 |
| ^ | | bridge br0 | |
| +---+ | | | | | (internal) | |
| | +-- port -- iface -------+ | | | | br0 br0 |
| | | | | | | VM 1 |
| | | +-----+ | | | +-- port -- iface -- | | |
| | | tap1 tap1 +-----+ | | | | |
| | | VM 2 | | | | +-----+ |
| | +-- port -- iface -- | | | | | | tap2 tap2 +-----+ |
| +---+ | | |
+---------------------------------------------------------+
******************************************* user at host$ ovs-vsctl add-port br1 eth1 *
******************************************
Hypervisor
+--------------------------------------------------------+ | |
+------ | -- iface <--------------------------------------+ | | | eth0 | |
| | | | {network} | | |
| | v | | | |
+------ | -- iface <---+ X------------------------> {IP stack} | | eth1 | |
| | ^ | | | bridge br1 | |
| | +---+ | | | v | | (internal) | |
| port --+ +-- port -- iface <------+ | | eth1 | | br1 br1 |
| | | VM 1 | | | | +-----+ |
| | +-- port -- iface -- | | | | | | tap1 tap1 +-----+ |
| | | | | | | VM 2 |
| | | +-----+ | | | +-- port -- iface -- | | |
| | | tap2 tap2 +-----+ | | +---+ |
| | +---------------------------------------------------------+
Non-Effects:IP configuration of eth1 is unchanged
IP configuration of br0 is unchangedRouting table is unchanged
Effects:Traffic routed to eth1 by the IP stack will be blackholed, since it is now attached to port eth1
Traffic routed to br0 by the IP stack has eth1 as a potential egress port
Usual Correction:Move IP configuration of eth1 to br1
Remove IP configuration from eth1
Effects:
If bridge br1 is in 'standalone' mode: - eth1's old IP is reachable from the network
- VM 1 and VM 2 are reachable from the network (and would see eth1's traffic as well)
On Fri, May 18, 2012 at 7:19 AM, Salman Malik <salmanmk at live.com> wrote:
Thanks Robin and Reid. Its still a little fuzzy to me. Can you suggest some pointers which explains the bridge and related interfaces configuration ?
I have worked for some time with ovs and integration bridge (that ovs manages) and I couldn't get my head around the routing mechanism e.g. doing an ifconfig would show all the interfaces like br100 and eth1. So is bridge an interface or an emulation of a real bridge ? (because I could see a HWaddress associated with this bridge/interface... and for some reason I think that each port of real bridge should have a MAC/IP associated with it, but I don't know). And when we add interface eth1 to br100 as a port, I understand that all the VM traffic would now go through eth1 (acting as an uplink, and conveying traffic from bridge to real switch and the VMs themselves can get the IP address in the same subnet as host itself, right?), but I can't visualize the scenario, given the output of ifconfig, brctl show or ovs-vsctl show/ ovs-ofctl show br100.
Any explanation is much appreciated.
Thanks,
Salman
CC: salmanmk at live.com; discuss at openvswitch.org
From: reid at nicira.com
Subject: Re: [ovs-discuss] why vm can't ping host eth1
Date: Thu, 17 May 2012 22:31:08 -0700
To: cloudbengo at gmail.com
One thing I have seen in the past: if ethX has an ip as well as brX, it usually means that routing will try to send traffic out ethX. That traffic will be dropped, since brX is now the one hooked up to the ip stack (not ethX).
On May 17, 2555 BE, at 20:49, Robin Wang <cloudbengo at gmail.com> wrote:
eth1, sorry for typo mistake.
在 2012-5-18 上午11:48,"Robin Wang" <cloudbengo at gmail.com>写道:
Because uplink doesn't need IP address. Here eth0 is used to connect two switches, one virtual, one physical. Thanks.
在 2012-5-18 上午10:49,"Salman Malik" <salmanmk at live.com>写道:
Hi Dongsheng,
Could you please tell me, why do we need to clear up the eth1 IP address? Does it interfere with the bridge ? If yes then how ?
Bridge management is a bit unclear to me so thats why I am asking.
Thanks,
Salman
> From: dongsheng.song at gmail.com
> Date: Fri, 18 May 2012 10:32:23 +0800
> To: heuye.wang at gmail.com
> CC: discuss at openvswitch.org
> Subject: Re: [ovs-discuss] why vm can't ping host eth1
>
> On Thu, May 17, 2012 at 7:12 PM, yue wang <heuye.wang at gmail.com> wrote:
> >
> > i think vm1/vm2/host are connected to each other by OVS, vm and host should communicate with each other.
>
> Sure, please see another thread:
> http://openvswitch.org/pipermail/discuss/2012-May/007201.html
>
> You must clean ALL ip address on eth1, and set the ip address on the
> corresponding bridge device,
> say 'br1', here is a example:
>
> /usr/bin/ovs-vsctl add-br br1
> /usr/bin/ovs-vsctl add-port br1 eth1
>
> /sbin/ip addr add ${IP} dev br1
> /sbin/ip link set br1 up
> /sbin/ip address flush dev eth1
> /sbin/ip route replace default via ${GW} # if you have gateway
> corresponding eth1
> _______________________________________________
> discuss mailing list
> discuss at openvswitch.org
> http://openvswitch.org/mailman/listinfo/discuss
_______________________________________________
discuss mailing list
discuss at openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss
_______________________________________________
discuss mailing list
discuss at openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openvswitch.org/pipermail/ovs-discuss/attachments/20120519/a0f69eeb/attachment.html>
More information about the discuss
mailing list