<div dir="ltr">Hello Mark,<div><br></div><div>Before pointing you to the problem I think your config has you should also </div><div>check that you have routing enabled in the machine and if you want Internet connectivity for VMs also</div>
<div>NAT vbr0 over eth0. This might not be the case if your router has routes to 10/24 network through your laptop's</div><div>eth0 interface.</div><div><br></div><div>Reading once again your config I see you've inserted eth0 in the vbr0 OvS bridge and that it has an IP</div>
<div>address from the <a href="http://192.168.1.0/24">192.168.1.0/24</a> network. I suspect that is your local network.</div><div><br></div><div>Do you have connectivity between your VMs using this setup? You should from what your setup tells me.</div>
<div class="gmail_extra"><br><div class="gmail_quote">On Thu, Nov 21, 2013 at 12:31 AM, Mark Biggers <span dir="ltr"><<a href="mailto:mbiggers@ine.com" target="_blank">mbiggers@ine.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>Hello ONE team, (RESENT -- dropped
in bad "onevm show NN" data, earlier -- corrected, below!)<br>
<br>
I have "passed" on the ebtables configuration for networking in
4.2 ONE. We'll need OpenVSwitch anyways to manage the VMs VLANS,
so I have moved on.<br>
<br>
I *think* I have an almost working OpenVSwitch configuration.
Must I manually create "flows" for each VM/MAC-addr to enable IP
traffic, across the OVS "vbridge" (vbr0), in this case?<br></div></div></blockquote><div><br></div><div>No, you shouldn't have to manually add flows for IP traffic to flow between your machines and/or Internet.</div>
<div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div bgcolor="#FFFFFF" text="#000000"><div>
<br>
The info on my new (OVS networking) setup, is included, at the end
of this message. Thank you. (The platform is still openSUSE 12.3
on a Thinkpad W530...)<br>
<br>
<br>
On 11/19/2013 05:43 AM, Jaime Melis wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Hi Mark,
<div><br>
</div>
<div>I have the feeling the NAT policies are interfering with
this. Can you try without applying NAT rules?</div>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Wed, Nov 13, 2013 at 9:08 PM, Mark
Biggers <span dir="ltr">
<<a href="mailto:mbiggers@ine.com" target="_blank">mbiggers@ine.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
The subject says it all. I am available on IRC -- see my
signature, and Google chat.<br>
<br>
I can get no "networking across a bridge" working, for the
ONE "ebtables" model.<br>
</blockquote>
</div>
</div>
</blockquote>
<blockquote type="cite">
<div class="gmail_extra">
<div class="gmail_quote">
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<br>
=============== edited out....<br clear="all">
</blockquote>
</div>
<div><br>
</div>
-- <br>
<div dir="ltr">
<div>Jaime Melis<br>
Project Engineer<br>
OpenNebula - Flexible Enterprise Cloud Made Simple<br>
<a href="http://www.OpenNebula.org" target="_blank">www.OpenNebula.org</a> |
<a href="mailto:jmelis@opennebula.org" target="_blank">jmelis@opennebula.org</a></div>
</div>
</div>
</blockquote>
<br>
<font face="monospace">Script started on Wed Nov 20 16:27:05 2013<br>
<br>
<a href="mailto:root@sealion.ine.corp:one" target="_blank">root@sealion.ine.corp:one</a> # netstat -nr<br>
Kernel IP routing table<br>
Destination Gateway Genmask Flags MSS Window
irtt Iface<br>
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0
0 vbr0<br>
67.139.46.149 192.168.1.1 255.255.255.255 UGH 0 0
0 vbr0<br>
127.0.0.0 0.0.0.0 255.255.255.0 U 0 0
0 lo<br>
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo<br>
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0
0 vbr0<br>
<br>
<a href="mailto:root@sealion.ine.corp:one" target="_blank">root@sealion.ine.corp:one</a> # ip addr<br>
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state
UNKNOWN<br>
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00<br>
inet <a href="http://127.0.0.1/8" target="_blank">127.0.0.1/8</a> brd 127.255.255.255 scope host lo<br>
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
pfifo_fast state UP qlen 1000<br>
link/ether 3c:97:0e:ab:0a:de brd ff:ff:ff:ff:ff:ff<br>
3: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state
DOWN qlen 1000<br>
link/ether 6c:88:14:da:0b:44 brd ff:ff:ff:ff:ff:ff<br>
4: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
state DOWN<br>
link/ether 0a:0e:fd:bb:5a:8a brd ff:ff:ff:ff:ff:ff<br>
7: vbr0: <BROADCAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc
noqueue state UNKNOWN<br>
link/ether 3c:97:0e:ab:0a:de brd ff:ff:ff:ff:ff:ff<br>
inet <a href="http://192.168.1.250/24" target="_blank">192.168.1.250/24</a> scope global vbr0<br>
12: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
pfifo_fast state UNKNOWN qlen 500<br>
link/ether fe:00:0a:00:00:03 brd ff:ff:ff:ff:ff:ff<br>
13: vnet1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
pfifo_fast state UNKNOWN qlen 500<br>
link/ether fe:00:0a:00:00:04 brd ff:ff:ff:ff:ff:ff<br>
<br>
<a href="mailto:root@sealion.ine.corp:one" target="_blank">root@sealion.ine.corp:one</a> # BRIDGE_DEV=vbr0<br>
<a href="mailto:root@sealion.ine.corp:one" target="_blank">root@sealion.ine.corp:one</a> # sudo ovs-ofctl dump-desc $BRIDGE_DEV<br>
OFPST_DESC reply (xid=0x2):<br>
Manufacturer: Nicira, Inc.<br>
Hardware: Open vSwitch<br>
Software: 1.11.0<br>
Serial Num: None<br>
DP Description: None<br>
<br>
<a href="mailto:root@sealion.ine.corp:one" target="_blank">root@sealion.ine.corp:one</a> # sudo ovs-vsctl show<br>
001119d6-32d7-4db8-8015-229b271cca6a<br>
Bridge "vbr0"<br>
Controller "ptcp:"<br>
fail_mode: standalone<br>
Port "vnet0"<br>
tag: 0<br>
Interface "vnet0"<br>
Port "vnet1"<br>
tag: 0<br>
Interface "vnet1"<br>
Port "eth0"<br>
Interface "eth0"<br>
Port "vbr0"<br>
Interface "vbr0"<br>
type: internal<br>
ovs_version: "1.11.0"<br></font></div></blockquote><div><br></div><div>Open vSwitch is a multilayer switch meaning that each VLAN has to have a Layer 3 interface with IP address from the </div><div>network you plan to use in order to connect to other networks.</div>
<div><br></div><div>Your VLAN 0 doesn't have such an interface. </div><div><br></div><div><div> Port "vbr0"</div><div> *tag: 0*</div><div> Interface "vbr0"</div><div> type: internal</div>
</div><div><br></div><div>Also vbr0 should have an IP address from 10/24 network, .1 to be exact so your VMs can have Internet connectivity.</div><div><br></div><div>Another thing I would like to point out is the use of VLAN 0. That is a special kind of VLAN, accepts and processes tagged</div>
<div>and un-tagged traffic. I would advise you to use another VLAN and keep the eth0 interface out of that bridge.</div><div><br></div><div>In that case your machine would act as a router between 10/24 and the Internet via eth0.</div>
<div><br></div><div>I don't know if it works but you could also try to add another internal interface to your bridge and assign it</div><div><a href="http://10.0.0.1/24">10.0.0.1/24</a> and tag 0. Then you'd have to MASQUERADE over vbr0 interface.</div>
<div><br></div><div> The following set of commands would get your OvS networks up and running.</div><div><br></div><div># ovs-vsctl del-port vbr0 eth0</div><div><br></div><div># dhclient eth0 ( or set its IP address manually)</div>
<div><br></div><div># ovs-vsctl set Port vbr0 tag=0</div><div><br></div><div># ip addr add <a href="http://10.0.0.1/24">10.0.0.1/24</a> dev vbr0</div><div><br></div><div># iptables -A INPUT -o eth0 -j MASQUERADE</div><div>
<br></div><div>You should also have a running resolver if you want your machines to resolve DNS names because</div><div>you've passed 10.0.0.1 as DNS in the network defined inside OpenNebula.</div><div><br></div><div>
I hop the above makes sense and helps you to some extent.</div><div><br></div><div>Cheers and Goodwill,</div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"><font face="monospace">
<br>
<a href="mailto:root@sealion.ine.corp:one" target="_blank">root@sealion.ine.corp:one</a> # sudo ovs-ofctl show $BRIDGE_DEV<br>
OFPT_FEATURES_REPLY (xid=0x2): dpid:00003c970eab0ade<br>
n_tables:254, n_buffers:256<br>
capabilities: FLOW_STATS TABLE_STATS PORT_STATS QUEUE_STATS
ARP_MATCH_IP<br>
actions: OUTPUT SET_VLAN_VID SET_VLAN_PCP STRIP_VLAN SET_DL_SRC
SET_DL_DST SET_NW_SRC SET_NW_DST SET_NW_TOS SET_TP_SRC SET_TP_DST
ENQUEUE<br>
1(eth0): addr:3c:97:0e:ab:0a:de<br>
config: 0<br>
state: STP_FORWARD<br>
current: 1GB-FD COPPER AUTO_NEG<br>
advertised: 10MB-HD 10MB-FD 100MB-HD 100MB-FD 1GB-FD COPPER
AUTO_NEG<br>
supported: 10MB-HD 10MB-FD 100MB-HD 100MB-FD 1GB-FD
COPPER AUTO_NEG<br>
speed: 1000 Mbps now, 1000 Mbps max<br>
2(vnet0): addr:fe:00:0a:00:00:03<br>
config: 0<br>
state: 0<br>
current: 10MB-FD COPPER<br>
speed: 10 Mbps now, 0 Mbps max<br>
3(vnet1): addr:fe:00:0a:00:00:04<br>
config: 0<br>
state: 0<br>
current: 10MB-FD COPPER<br>
speed: 10 Mbps now, 0 Mbps max<br>
LOCAL(vbr0): addr:3c:97:0e:ab:0a:de<br>
config: 0<br>
state: 0<br>
speed: 0 Mbps now, 0 Mbps max<br>
OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0<br>
<br>
<a href="mailto:root@sealion.ine.corp:one" target="_blank">root@sealion.ine.corp:one</a> # sudo ovs-ofctl dump-flows $BRIDGE_DEV<br>
NXST_FLOW reply (xid=0x4):<br>
cookie=0x0, duration=8382.092s, table=0, n_packets=4,
n_bytes=240, idle_age=8381,
priority=40000,in_port=2,dl_src=02:00:0a:00:00:03 actions=NORMAL<br>
cookie=0x0, duration=6882.175s, table=0, n_packets=4,
n_bytes=240, idle_age=6881,
priority=40000,in_port=3,dl_src=02:00:0a:00:00:04 actions=NORMAL<br>
cookie=0x0, duration=6882.159s, table=0, n_packets=0, n_bytes=0,
idle_age=6882, priority=39000,in_port=3 actions=drop<br>
cookie=0x0, duration=8382.072s, table=0, n_packets=0, n_bytes=0,
idle_age=8382, priority=39000,in_port=2 actions=drop<br>
cookie=0x0, duration=13024.731s, table=0, n_packets=157158,
n_bytes=44610731, idle_age=0, priority=0 actions=NORMAL<br>
<br>
<a href="mailto:root@sealion.ine.corp:one" target="_blank">root@sealion.ine.corp:one</a> # sudo -u oneadmin onehost show 7<br>
HOST 7 INFORMATION <br>
ID : 7<br>
NAME : sealion.ine.corp<br>
CLUSTER : -<br>
STATE : MONITORED<br>
IM_MAD : kvm<br>
VM_MAD : kvm<br>
VN_MAD : ovswitch<br>
LAST MONITORING TIME : 11/20 16:39:02<br>
<br>
HOST SHARES <br>
TOTAL MEM : 31G<br>
USED MEM (REAL) : 1.6G<br>
USED MEM (ALLOCATED) : 1.5G<br>
TOTAL CPU : 800<br>
USED CPU (REAL) : 7<br>
USED CPU (ALLOCATED) : 200<br>
RUNNING VMS : 2<br>
<br>
MONITORING INFORMATION <br>
ARCH="x86_64"<br>
CPUSPEED="3000"<br>
FREECPU="792.8"<br>
FREEMEMORY="30893828"<br>
HOSTNAME="sealion.ine.corp"<br>
HYPERVISOR="kvm"<br>
MODELNAME="Intel(R) Core(TM) i7-3940XM CPU @ 3.00GHz"<br>
NETRX="0"<br>
NETTX="0"<br>
TOTALCPU="800"<br>
TOTALMEMORY="32557228"<br>
USEDCPU="7.2000000000000455"<br>
USEDMEMORY="1663400"<br>
<br>
VIRTUAL MACHINES<br>
<br>
ID USER GROUP NAME STAT UCPU UMEM
HOST TIME<br>
42 oneadmin oneadmin vyatta-router 32mrunn 0 768M
<a href="http://sealion.in" target="_blank">sealion.in</a> 0d 16h48<br>
43 oneadmin oneadmin vyatta-router-0 32mrunn 0 768M
<a href="http://sealion.in" target="_blank">sealion.in</a> 0d 16h48<br>
<br>
<br>
oneadmin@sealion:~ > onevm list<br>
ID USER GROUP NAME STAT UCPU UMEM
HOST TIME<br>
41 oneadmin oneadmin one-vr42 stop 1
768M 6d 00h24<br>
42 oneadmin oneadmin vyatta-router runn 0 768M
<a href="http://sealion.in" target="_blank">sealion.in</a> 0d 16h48<br>
43 oneadmin oneadmin vyatta-router-0 runn 0 768M
<a href="http://sealion.in" target="_blank">sealion.in</a> 0d 16h48<br>
<br>
oneadmin@sealion:~ > onevnet show 9<br>
VIRTUAL NETWORK 9
INFORMATION <br>
ID : 9 <br>
NAME : ovsnet_0_0 <br>
USER : oneadmin <br>
GROUP : oneadmin <br>
CLUSTER : - <br>
TYPE : RANGED <br>
BRIDGE : vbr0 <br>
VLAN : Yes <br>
VLAN ID : 0 <br>
USED LEASES : 3 <br>
<br>
PERMISSIONS
<br>
OWNER : um- <br>
GROUP : --- <br>
OTHER : --- <br>
<br>
VIRTUAL NETWORK
TEMPLATE <br>
DNS="10.0.0.1"<br>
GATEWAY="10.0.0.1"<br>
NETWORK_ADDRESS="<a href="http://10.0.0.0/24" target="_blank">10.0.0.0/24</a>"<br>
NETWORK_MASK="255.255.255.0"<br>
<br>
RANGE
<br>
IP_START : 10.0.0.1 <br>
IP_END : 10.0.0.254 <br>
<br>
USED
LEASES
<br>
LEASE=[ MAC="02:00:0a:00:00:02", IP="10.0.0.2",
IP6_LINK="fe80::400:aff:fe00:2", USED="1", VID="41" ]<br>
LEASE=[ MAC="02:00:0a:00:00:03", IP="10.0.0.3",
IP6_LINK="fe80::400:aff:fe00:3", USED="1", VID="42" ]<br>
LEASE=[ MAC="02:00:0a:00:00:04", IP="10.0.0.4",
IP6_LINK="fe80::400:aff:fe00:4", USED="1", VID="43" ]<br>
<br>
VIRTUAL MACHINES<br>
<br>
ID USER GROUP NAME STAT UCPU UMEM
HOST TIME<br>
41 oneadmin oneadmin one-vr42 stop 1
768M 6d 00h26<br>
42 oneadmin oneadmin vyatta-router runn 0 768M
<a href="http://sealion.in" target="_blank">sealion.in</a> 0d 16h48<br>
43 oneadmin oneadmin vyatta-router-0 runn 0 768M
<a href="http://sealion.in" target="_blank">sealion.in</a> 0d 16h48<br>
<br>
Script done on Wed 20 Nov 2013 04:59:17 PM EST<br>
Script started on Wed 20 Nov 2013 05:23:22 PM EST<br>
<br>
oneadmin@sealion:~ > onevm show 42<br>
VIRTUAL MACHINE 42
INFORMATION <br>
ID : 42 <br>
NAME : vyatta-router <br>
USER : oneadmin <br>
GROUP : oneadmin <br>
STATE : ACTIVE <br>
LCM_STATE : RUNNING <br>
RESCHED : No <br>
HOST : sealion.ine.corp <br>
START TIME : 11/14 16:55:09 <br>
END TIME : 11/15 09:43:24 <br>
DEPLOY ID : one-42 <br>
<br>
VIRTUAL MACHINE
MONITORING <br>
USED MEMORY : 768M <br>
USED CPU : 0 <br>
NET_TX : 0K <br>
NET_RX : 533K <br>
<br>
PERMISSIONS
<br>
OWNER : um- <br>
GROUP : --- <br>
OTHER : --- <br>
<br>
VM
DISKS
<br>
ID TARGET IMAGE TYPE SAVE SAVE_AS<br>
0 vda Vyatta Core 6.5R1 - kvm file NO -<br>
<br>
VM
NICS
<br>
ID NETWORK VLAN BRIDGE IP
MAC <br>
0 ovsnet_0_0 yes vbr0 10.0.0.3
02:00:0a:00:00:03<br>
fe80::400:aff:fe00:3<br>
<br>
VIRTUAL MACHINE
HISTORY <br>
SEQ HOST ACTION REAS START
TIME PROLOG<br>
0 sealion.ine.cor stop user 11/14 16:55:10 0d
00h14m 0h00m23s<br>
1 sealion.ine.cor none erro 11/15 09:37:31 0d
00h00m 0h00m00s<br>
2 sealion.ine.cor none erro 11/15 09:43:01 0d
00h00m 0h00m23s<br>
3 sealion.ine.cor stop user 11/15 14:16:01 0d
03h15m 0h00m22s<br>
4 sealion.ine.cor stop user 11/20 11:27:59 0d
02h40m 0h00m00s<br>
5 sealion.ine.cor none none 11/20 14:08:59 0d
03h14m 0h00m00s<br>
<br>
USER
TEMPLATE
<br>
ERROR="Fri Nov 15 09:43:24 2013 : Error executing image transfer
script: Error creating ISO symbolic link"<br>
<br>
VIRTUAL MACHINE
TEMPLATE <br>
CONTEXT=[<br>
DISK_ID="1",<br>
HOSTNAME="MAINHOST",<br>
IMAGE_UNAME="oneadmin",<br>
IP_GEN="192.168.122.42",<br>
TARGET="vdb" ]<br>
CPU="1"<br>
GRAPHICS=[<br>
LISTEN="0.0.0.0",<br>
PORT="5942",<br>
TYPE="vnc" ]<br>
MEMORY="768"<br>
OS=[<br>
ARCH="i686" ]<br>
TEMPLATE_ID="44"<br>
VMID="42"<br>
<br>
oneadmin@sealion:~ > onevm show 43<br>
VIRTUAL MACHINE 43
INFORMATION <br>
ID : 43 <br>
NAME : vyatta-router-02 <br>
USER : oneadmin <br>
GROUP : oneadmin <br>
STATE : ACTIVE <br>
LCM_STATE : RUNNING <br>
RESCHED : No <br>
HOST : sealion.ine.corp <br>
START TIME : 11/14 16:55:54 <br>
END TIME : 11/15 09:43:54 <br>
DEPLOY ID : one-43 <br>
<br>
VIRTUAL MACHINE
MONITORING <br>
USED MEMORY : 768M <br>
USED CPU : 0 <br>
NET_TX : 0K <br>
NET_RX : 464K <br>
<br>
PERMISSIONS
<br>
OWNER : um- <br>
GROUP : --- <br>
OTHER : --- <br>
<br>
VM
DISKS
<br>
ID TARGET IMAGE TYPE SAVE SAVE_AS<br>
0 vda Vyatta Core 6.5R1 - kvm file NO -<br>
<br>
VM
NICS
<br>
ID NETWORK VLAN BRIDGE IP
MAC <br>
0 ovsnet_0_0 yes vbr0 10.0.0.4
02:00:0a:00:00:04<br>
fe80::400:aff:fe00:4<br>
<br>
VIRTUAL MACHINE
HISTORY <br>
SEQ HOST ACTION REAS START
TIME PROLOG<br>
0 sealion.ine.cor stop user 11/14 16:56:10 0d
00h14m 0h00m21s<br>
1 sealion.ine.cor none erro 11/15 09:38:01 0d
00h00m 0h00m00s<br>
2 sealion.ine.cor none erro 11/15 09:43:31 0d
00h00m 0h00m22s<br>
3 sealion.ine.cor stop user 11/15 14:17:01 0d
03h14m 0h00m24s<br>
4 sealion.ine.cor stop user 11/20 11:28:29 0d
02h39m 0h00m00s<br>
5 sealion.ine.cor none none 11/20 14:33:59 0d
02h49m 0h00m00s<br>
<br>
USER
TEMPLATE
<br>
ERROR="Fri Nov 15 09:43:53 2013 : Error executing image transfer
script: Error creating ISO symbolic link"<br>
<br>
VIRTUAL MACHINE
TEMPLATE <br>
CONTEXT=[<br>
DISK_ID="1",<br>
HOSTNAME="MAINHOST",<br>
IMAGE_UNAME="oneadmin",<br>
IP_GEN="192.168.122.43",<br>
TARGET="vdb" ]<br>
CPU="1"<br>
GRAPHICS=[<br>
LISTEN="0.0.0.0",<br>
PORT="5943",<br>
TYPE="vnc" ]<br>
MEMORY="768"<br>
OS=[<br>
ARCH="i686" ]<br>
TEMPLATE_ID="44"<br>
VMID="43"<br>
<br>
oneadmin@sealion:~ > exit<br>
exit<br>
<br>
Script done on Wed 20 Nov 2013 05:23:33 PM EST<br>
1</font><br>
</div>
<br>_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opennebula.org">Users@lists.opennebula.org</a><br>
<a href="http://lists.opennebula.org/listinfo.cgi/users-opennebula.org" target="_blank">http://lists.opennebula.org/listinfo.cgi/users-opennebula.org</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr">Valentin Bud<div><a href="http://databus.pro" target="_blank">http://databus.pro</a> | <a href="mailto:valentin@databus.pro" target="_blank">valentin@databus.pro</a></div>
</div>
</div></div>