[one-users] Help! with ebtables networking, for ONE 4.2 on openSUSE 12.3

Jaime Melis jmelis at opennebula.org
Tue Nov 19 02:42:41 PST 2013 

Hi Mark,

I have the feeling the NAT policies are interfering with this. Can you try
without applying NAT rules?


On Wed, Nov 13, 2013 at 9:08 PM, Mark Biggers <mbiggers at ine.com> wrote:

> The subject says it all.  I am available on IRC -- see my signature, and
> Google chat.
>
> I can get no "networking across a bridge" working, for the ONE "ebtables"
> model.
>
> The platform is openSUSE 12.3 on a Thinkpad W530, plenty of memory & disk
> space.    Here's the info.   ** Thank you in advance. **
> (An aside:   am quite concerned, that I will *not* get the ONE Virtual
> Router going in the future, since docs on that seem very thin.  And I need
> to be able to *drop* contextualization; some VMs we will be running can't
> be modified for that).
>
> Mark Biggers
> INE, Inc.
> Durham, NC
> Internets:  Freenode.net IRC:  markb1, #trizpug #trilug #opennebula
> ..          Google chat:  mbiggers.01 at gmail.com
>
> ================ Script started on Wed Nov 13 14:36:39 2013
>
> root at sealion:.../one > netstat -nr
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags   MSS Window  irtt
> Iface
> 0.0.0.0         192.168.1.1     0.0.0.0         UG        0 0          0
> br0
> 127.0.0.0       0.0.0.0         255.255.255.0   U         0 0          0 lo
> 127.0.0.0       0.0.0.0         255.0.0.0       U         0 0          0 lo
> 192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0
> br0
> 192.168.122.0   192.168.1.250   255.255.255.0   UG        0 0          0
> br0
>
> root at sealion:.../one > ip addr  ## EDITED
> 1: lo:
>
> 2: eth0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc
> pfifo_fast master br0 state UP qlen 1000
>     link/ether 3c:97:0e:ab:0a:de brd ff:ff:ff:ff:ff:ff
>
> 3: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN qlen 1000
>
> 4: vboxnet0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
>     link/ether 0a:00:27:00:00:00 brd ff:ff:ff:ff:ff:ff
>
> 13: tun0: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN qlen
> 500
>     link/ether 4a:2a:6d:26:0c:91 brd ff:ff:ff:ff:ff:ff
>
> 23: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
>     link/ether 3c:97:0e:ab:0a:de brd ff:ff:ff:ff:ff:ff
>     inet 192.168.1.250/24 brd 192.168.1.255 scope global br0
>
> 27: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
> master br0 state UNKNOWN qlen 500
>     link/ether fe:00:c0:a8:7a:02 brd ff:ff:ff:ff:ff:ff
>
> 29: vnet1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
> master br0 state UNKNOWN qlen 500
>     link/ether fe:00:c0:a8:7a:03 brd ff:ff:ff:ff:ff:ff
>
>
> root at sealion:.../one > brctl show
> bridge name     bridge id               STP enabled     interfaces
> br0             8000.3c970eab0ade       no              eth0
>                                                         vnet0
>                                                         vnet1
> root at sealion:.../one > ebtables -t nat -L
> Bridge table: nat
>
> Bridge chain: PREROUTING, entries: 2, policy: ACCEPT
> -p IPv4 -i eth0 --ip-dst 192.168.122.2 -j dnat --to-dst 2:0:c0:a8:7a:2
> --dnat-target ACCEPT
> -p ARP -i eth0 --arp-ip-dst 192.168.122.2 -j dnat --to-dst 2:0:c0:a8:7a:2
> --dnat-target ACCEPT
>
> Bridge chain: OUTPUT, entries: 0, policy: ACCEPT
>
> Bridge chain: POSTROUTING, entries: 1, policy: ACCEPT
> -o eth0 -j snat --to-src 3c:97:e:ab:a:de --snat-arp --snat-target ACCEPT
>
> Bridge chain: libvirt-I-vnet0, entries: 0, policy: ACCEPT
>
> Bridge chain: libvirt-O-vnet0, entries: 0, policy: ACCEPT
>
> Bridge chain: I-vnet0-mac, entries: 0, policy: ACCEPT
>
> Bridge chain: I-vnet0-ipv4-ip, entries: 0, policy: ACCEPT
>
> Bridge chain: O-vnet0-ipv4, entries: 0, policy: ACCEPT
>
> Bridge chain: I-vnet0-arp-mac, entries: 0, policy: ACCEPT
>
> Bridge chain: I-vnet0-arp-ip, entries: 0, policy: ACCEPT
>
> Bridge chain: I-vnet0-rarp, entries: 0, policy: ACCEPT
>
> Bridge chain: O-vnet0-rarp, entries: 0, policy: ACCEPT
>
> Bridge chain: libvirt-I-vnet1, entries: 0, policy: ACCEPT
>
> Bridge chain: libvirt-O-vnet1, entries: 0, policy: ACCEPT
>
> Bridge chain: I-vnet1-mac, entries: 0, policy: ACCEPT
>
> Bridge chain: I-vnet1-ipv4-ip, entries: 0, policy: ACCEPT
>
> Bridge chain: O-vnet1-ipv4, entries: 0, policy: ACCEPT
>
> Bridge chain: I-vnet1-arp-mac, entries: 0, policy: ACCEPT
>
> Bridge chain: I-vnet1-arp-ip, entries: 0, policy: ACCEPT
>
> Bridge chain: I-vnet1-rarp, entries: 0, policy: ACCEPT
>
> Bridge chain: O-vnet1-rarp, entries: 0, policy: ACCEPT
>
>
> root at sealion.ine.corp:one # ebtables -t broute -L
> Bridge table: broute
>
> Bridge chain: BROUTING, entries: 0, policy: ACCEPT
>
> root at sealion:.../one > ebtables -t filter -L
> Bridge table: filter
>
> Bridge chain: INPUT, entries: 0, policy: ACCEPT
>
> Bridge chain: FORWARD, entries: 4, policy: ACCEPT
> -s ! 2:0:c0:a8:7a:0/ff:ff:ff:ff:ff:0 -o vnet0 -j DROP
> -s ! 2:0:c0:a8:7a:2 -i vnet0 -j DROP
> -s ! 2:0:c0:a8:7a:0/ff:ff:ff:ff:ff:0 -o vnet1 -j DROP
> -s ! 2:0:c0:a8:7a:3 -i vnet1 -j DROP
>
> Bridge chain: OUTPUT, entries: 0, policy: ACCEPT
>
>
> root at sealion:.../one > iptables -L
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination
>
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination
> TCPMSS     tcp  --  anywhere             anywhere             tcp
> flags:SYN,RST/SYN TCPMSS clamp to PMTU
>
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
>
>
> root at sealion:.../one > traceroute -nr 192.168.122.2
> traceroute to 192.168.122.2 (192.168.122.2), 30 hops max, 40 byte packets
> using UDP
> Unable to connect to 192.168.122.2: Network is unreachable
>
> root at sealion:.../one > traceroute -nr 192.168.122.3
> traceroute to 192.168.122.3 (192.168.122.3), 30 hops max, 40 byte packets
> using UDP
> Unable to connect to 192.168.122.3: Network is unreachable
>
> root at sealion:.../one > traceroute -nr 192.168.122.1
> traceroute to 192.168.122.1 (192.168.122.1), 30 hops max, 40 byte packets
> using UDP
> Unable to connect to 192.168.122.1: Network is unreachable
>
> root at sealion:.../one > ping 192.168.122.1
> PING 192.168.122.1 (192.168.122.1) 56(84) bytes of data.
> 64 bytes from 192.168.122.1: icmp_seq=1 ttl=64 time=0.372 ms
> 64 bytes from 192.168.122.1: icmp_seq=2 ttl=64 time=0.232 ms
> ^C
> --- 192.168.122.1 ping statistics ---
> 2 packets transmitted, 2 received, 0% packet loss, time 999ms
> rtt min/avg/max/mdev = 0.232/0.302/0.372/0.070 ms
>
> root at sealion:.../one > ping 192.168.122.2
> PING 192.168.122.2 (192.168.122.2) 56(84) bytes of data.
> ^C
> --- 192.168.122.2 ping statistics ---
> 3 packets transmitted, 0 received, 100% packet loss, time 1999ms
>
> root at sealion:.../one > exit
> exit
>
> Script done on Wed Nov 13 14:41:06 2013
>
>
> neadmin at sealion:~ > onevm show 27 >> netw-email.info
>
> VIRTUAL MACHINE 27 INFORMATION
> ID                  : 27
> NAME                : vyatta-router
> USER                : oneadmin
> GROUP               : oneadmin
> STATE               : ACTIVE
> LCM_STATE           : RUNNING
> RESCHED             : No
> HOST                : host01
> START TIME          : 11/13 11:02:20
> END TIME            : -
> DEPLOY ID           : one-27
>
> VIRTUAL MACHINE MONITORING
> USED MEMORY         : 1024M
> USED CPU            : 0
> NET_TX              : 3K
> NET_RX              : 157K
>
> PERMISSIONS
> OWNER               : um-
> GROUP               : ---
> OTHER               : ---
>
> VM DISKS
>  ID TARGET IMAGE                               TYPE SAVE SAVE_AS
>   0 vda    Vyatta Core 6.5R1 - kvm             file   NO       -
>
> VM NICS
>  ID NETWORK              VLAN BRIDGE       IP              MAC
>   0 cloud                 yes br0          192.168.122.2
> 02:00:c0:a8:7a:02
>                                            fe80::400:c0ff:fea8:7a02
>
> VIRTUAL MACHINE HISTORY
> SEQ HOST            ACTION           REAS           START        TIME
> PROLOG
>   0 host01          none             none  11/13 11:02:30   0d 03h43m
> 0h00m21s
>
> VIRTUAL MACHINE TEMPLATE
> CONTEXT=[
>   DISK_ID="1",
>   ETH0_DNS="192.168.1.1",
>   ETH0_GATEWAY="192.168.122.1",
>   ETH0_IP="192.168.122.2",
>   ETH0_MASK="255.255.255.0",
>   ETH0_NETWORK="192.168.122.0/24",
>   NETWORK="YES",
>   TARGET="vdb" ]
> CPU="1"
> GRAPHICS=[
>   LISTEN="0.0.0.0",
>   PORT="5927",
>   TYPE="VNC" ]
> MEMORY="1024"
> OS=[
>   ARCH="i686",
>   BOOT="hd" ]
> TEMPLATE_ID="25"
> VMID="27"
>
> oneadmin at sealion:~ > onehost show 5 >> netw-email.info
>
> HOST 5 INFORMATION
> ID                    : 5
> NAME                  : host01
> CLUSTER               : -
> STATE                 : MONITORED
> IM_MAD                : kvm
> VM_MAD                : kvm
> VN_MAD                : ebtables
> LAST MONITORING TIME  : 11/13 14:47:30
>
> HOST SHARES
> TOTAL MEM             : 31G
> USED MEM (REAL)       : 1.9G
> USED MEM (ALLOCATED)  : 1024M
> TOTAL CPU             : 800
> USED CPU (REAL)       : 112
> USED CPU (ALLOCATED)  : 100
> RUNNING VMS           : 1
>
> MONITORING INFORMATION
> ARCH="x86_64"
> CPUSPEED="3000"
> FREECPU="688.0"
> FREEMEMORY="30515816"
> HOSTNAME="sealion.ine.corp"
> HYPERVISOR="kvm"
> MODELNAME="Intel(R) Core(TM) i7-3940XM CPU @ 3.00GHz"
> NETRX="0"
> NETTX="0"
> TOTALCPU="800"
> TOTALMEMORY="32557228"
> USEDCPU="112.0"
> USEDMEMORY="2041412"
>
> VIRTUAL MACHINES
>
>     ID USER     GROUP    NAME            STAT UCPU    UMEM HOST
>   TIME
>     27 oneadmin oneadmin vyatta-router   runn    0   1024M host01       0d
> 03h47
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>



-- 
Jaime Melis
Project Engineer
OpenNebula - Flexible Enterprise Cloud Made Simple
www.OpenNebula.org | jmelis at opennebula.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20131119/add2dce8/attachment-0002.htm>

More information about the Users mailing list