<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=iso-8859-1"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
..shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.EmailStyle18
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle20
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle21
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
..MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:70.85pt 70.85pt 56.7pt 70.85pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link="#0563C1" vlink="#954F72"><div class=WordSection1><p class=MsoNormal><span style='color:#1F497D'>If everything else is working as you mentioned before, I would think that you would only need to set those ports to trunk and allow all vlans to pass through. After that, I would imagine you’d be able to separate VMs on the same VLAN over multiple hosts, and ping between them.<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>That should be all you need to do at this point.<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><div><p class=MsoNormal><span style='color:#1F497D'>Robert Foote<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>bpsNode<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>www.bpsnode.com<o:p></o:p></span></p></div><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b>From:</b> Hüning, Christian [mailto:Christian.Huening@haw-hamburg.de] <br><b>Sent:</b> Thursday, September 04, 2014 9:43 AM<br><b>To:</b> Robert Foote; Users@lists.opennebula.org<br><b>Subject:</b> AW: [one-users] Isolated VMs on different Hosts can't communicate - ONE 4.8, OVS 2.0.1<o:p></o:p></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span style='color:#1F497D'>Thanks for the quick reply!<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>I have verified that all of these ports are set to “untagged”. So this is essentially wrong as I see ;-)<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>Do I need to configure anything else on my hypervisor interfaces or is it just the switch I need to touch?<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>Thanks!<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>Christain<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span lang=DE>Von:</span></b><span lang=DE> Robert Foote [<a href="mailto:rfoote@bpsnode.com">mailto:rfoote@bpsnode.com</a>] <br><b>Gesendet:</b> Donnerstag, 4. September 2014 16:40<br><b>An:</b> Hüning, Christian; <a href="mailto:Users@lists.opennebula.org">Users@lists.opennebula.org</a><br><b>Betreff:</b> RE: [one-users] Isolated VMs on different Hosts can't communicate - ONE 4.8, OVS 2.0.1<o:p></o:p></span></p></div></div><p class=MsoNormal><span lang=DE><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>Your colleague is probably correct. <o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>Have you verified that each of the ports on your physical switch, which the hypervisors are plugged into, have those port settings, set to trunk and allow/forward all VLANs?<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><div><p class=MsoNormal><span style='color:#1F497D'>Robert Foote<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>bpsNode<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><a href="http://www.bpsnode.com">www.bpsnode.com</a><o:p></o:p></span></p></div><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b>From:</b> Users [<a href="mailto:users-bounces@lists.opennebula.org">mailto:users-bounces@lists.opennebula.org</a>] <b>On Behalf Of </b>Hüning, Christian<br><b>Sent:</b> Thursday, September 04, 2014 9:27 AM<br><b>To:</b> <a href="mailto:Users@lists.opennebula.org">Users@lists.opennebula.org</a><br><b>Subject:</b> [one-users] Isolated VMs on different Hosts can't communicate - ONE 4.8, OVS 2.0.1<o:p></o:p></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span lang=DE>Hi there,<o:p></o:p></span></p><p class=MsoNormal><span lang=DE><o:p> </o:p></span></p><p class=MsoNormal>I have a cluster of 5 hosts running with openNebula 4.8 and just recently configured OpenvSwitch on all these nodes.<o:p></o:p></p><p class=MsoNormal>Networking is working just fine. This holds also true for VLAN isolation, but just as long as the VMs belonging to the isolated Virtual Network reside on the same physical host. When I move these VMs to different hosts, they can’t communicate with each other anymore. Non-isolated nodes can communicate to everywhere without problems.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Is that intentional? I chose OpenVswitch because the ONE docs say it requires no support from the switch hardware (or more specifically it says 802.1Q would require support).<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>A colleague suggested it might have to do with the switch not forwarding the tagged packets from Open vSwitch. Can that be the cause? Does OVS even tag the packets?<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Here’s my environment:<o:p></o:p></p><p class=MsoNormal>OpenNebula 4.8<o:p></o:p></p><p class=MsoNormal>Open vSwitch 2.0.1<o:p></o:p></p><p class=MsoNormal>Cisco Switch<o:p></o:p></p><p class=MsoNormal>Host OS: Ubuntu Server 14.04 LTS (latest patches)<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Output from ‘ovs-vsctl show’:<o:p></o:p></p><p class=MsoNormal> Bridge "br0"<o:p></o:p></p><p class=MsoNormal> Port "vnet3"<o:p></o:p></p><p class=MsoNormal> Interface "vnet3"<o:p></o:p></p><p class=MsoNormal> Port "bond0"<o:p></o:p></p><p class=MsoNormal> Interface "bond0"<o:p></o:p></p><p class=MsoNormal> Port "vnet1"<o:p></o:p></p><p class=MsoNormal> Interface "vnet1"<o:p></o:p></p><p class=MsoNormal> Port "vnet2"<o:p></o:p></p><p class=MsoNormal> Interface "vnet2"<o:p></o:p></p><p class=MsoNormal> Port "vnet5"<o:p></o:p></p><p class=MsoNormal> Interface "vnet5"<o:p></o:p></p><p class=MsoNormal> Port "br0"<o:p></o:p></p><p class=MsoNormal> Interface "br0"<o:p></o:p></p><p class=MsoNormal> type: internal<o:p></o:p></p><p class=MsoNormal> Port "vnet0"<o:p></o:p></p><p class=MsoNormal> Interface "vnet0"<o:p></o:p></p><p class=MsoNormal> Port "vnet4"<o:p></o:p></p><p class=MsoNormal> Interface "vnet4"<o:p></o:p></p><p class=MsoNormal> ovs_version: "2.0.1"<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Where “br0” is my ovs bridge interface which has the external ‘real’ IP address configured and “bond0” is a link aggregated dual Gbit interface which is the port for “br0”<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>I would greatly appreciate some suggestions or ideas on this, since I am a bit lost.<o:p></o:p></p><p class=MsoNormal>Cheers,<o:p></o:p></p><p class=MsoNormal>Christian<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span lang=DE>-----------------------------------------------<o:p></o:p></span></p><p class=MsoNormal><span lang=DE>Christian Hüning, BSc.<o:p></o:p></span></p><p class=MsoNormal><span lang=DE>Fakultät Technik und Informatik, Department Informatik<o:p></o:p></span></p><p class=MsoNormal>Berliner Tor 7<o:p></o:p></p><p class=MsoNormal>20099 Hamburg<o:p></o:p></p><p class=MsoNormal>Web: <a href="http://www.mars-group.org">http://www.mars-group.org</a><o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span lang=DE><o:p> </o:p></span></p><p class=MsoNormal style='margin-bottom:12.0pt'><span style='font-size:12.0pt;font-family:"Times New Roman","serif"'><o:p> </o:p></span></p><div class=MsoNormal align=center style='text-align:center'><span style='font-size:12.0pt;font-family:"Times New Roman","serif"'><hr size=1 width="99%" noshade style='color:#909090' align=center></span></div><table class=MsoNormalTable border=0 cellspacing=0 cellpadding=0 style='border-collapse:collapse'><tr><td style='padding:0in 11.25pt 0in 6.0pt'><p class=MsoNormal><span style='font-size:12.0pt;font-family:"Times New Roman","serif"'><a href="http://www.avast.com/"><span style='text-decoration:none'><img border=0 id="_x0000_i1026" src="http://static.avast.com/emails/avast-mail-stamp.png"></span></a><o:p></o:p></span></p></td><td style='padding:.75pt .75pt .75pt ..75pt'><p><span style='font-family:"Calibri","sans-serif";color:#3D4D5A'>This email is free from viruses and malware because <a href="http://www.avast.com/">avast! Antivirus</a> protection is active. <o:p></o:p></span></p></td></tr></table><p class=MsoNormal><span style='font-size:12.0pt;font-family:"Times New Roman","serif"'><o:p> </o:p></span></p></div>
<br /><br />
<hr style='border:none; color:#909090; background-color:#B0B0B0; height: 1px; width: 99%;' />
<table style='border-collapse:collapse;border:none;'>
<tr>
<td style='border:none;padding:0px 15px 0px 8px'>
<a href="http://www.avast.com/">
<img border=0 src="http://static.avast.com/emails/avast-mail-stamp.png" />
</a>
</td>
<td>
<p style='color:#3d4d5a; font-family:"Calibri","Verdana","Arial","Helvetica"; font-size:12pt;'>
This email is free from viruses and malware because <a href="http://www.avast.com/">avast! Antivirus</a> protection is active.
</p>
</td>
</tr>
</table>
<br />
</body></html>