Daniele Milani
2012-Mar-23 11:14 UTC
[libvirt-users] [libvirt] Problem with Open vSwitch and dnsmasq
Date: Thu, 22 Mar 2012 11:43:03 -0700 Subject: Re: [libvirt] Problem with Open vSwitch and dnsmasq From: aatteka at nicira.com To: dano1988 at hotmail.it CC: libvir-list at redhat.com; roberto.sassu at polito.it; paolo.smiraglia at polito.it; dev at openvswitch.org On Thu, Mar 22, 2012 at 11:11 AM, Daniele Milani <dano1988 at hotmail.it> wrote: I think I could try the first solution. Can you explain me how do I create the port used by dnsmasq? For example, is it correct to execute # ovs-vsctl add-port virbr1 port2 tag=2 to create a port for the vLan whose tag is 2 named "port2"? Try something like this: ovs-vsctl add-port virbr1 port2 tag=2 ovs-vsctl set Interface port2 type=internal ifconfig port2 10.0.0.1 ifconfig port2 up /usr/sbin/dnsmasq --strict-order --bind-interfaces --except-interface lo --listen-address 10.0.0.1 --dhcp-range 10.0.0.10,10.0.0.20 --dhcp-leasefile=/var/lib/libvirt/dnsmasq/vlan2.leases --dhcp-lease-max=253 --dhcp-no-override Though I have not tested it... I tried the configuration you suggest; and the request is now received by dnsmasq. I executed: ifconfig port2 192.168.100.128 netmask 255.255.255.0 ifconfig port2 up /usr/sbin/dnsmasq --strict-order --bind-interfaces --except-interface lo --listen-address 192.168.100.128 --dhcp-range 192.168.100.129,192.168.100.139 --dhcp-leasefile=/var/lib/libvirt/dnsmasq/vlan2.leases --dhcp-lease-max=11 --dhcp-no-override --log-queries --log-facilities=/path_to_my_file/my_file tailf /path_to_my_file/my_file obtaining the following output: dnsmasq-dhcp[]: DHCPDISCOVER(port2) 52:94:00:02:a7:1e dnsmasq-dhcp[]: DHCPOFFER(port2) 192.168.100.129 52:94:00:02:a7:1e ... dnsmasq-dhcp[]: DHCPDISCOVER(port2) 52:94:00:02:a7:1e dnsmasq-dhcp[]: DHCPOFFER(port2) 192.168.100.129 52:94:00:02:a7:1e ... Now I have a different problem: none DHCP Offer is sent by port2. Do someone know why does it happen and what to do about it? Thanks, Daniele Milani Daniele Milani Date: Thu, 22 Mar 2012 10:54:21 -0700 Subject: Re: [libvirt] Problem with Open vSwitch and dnsmasq From: aatteka at nicira.com To: dano1988 at hotmail.it CC: libvir-list at redhat.com; roberto.sassu at polito.it On Thu, Mar 22, 2012 at 6:10 AM, Daniele Milani <dano1988 at hotmail.it> wrote: Dear all, I have the following situation: -I replaced the standard bridge driver with the Open VSwitch one; -I started a NAT-network on Libvirt (bridge name virbr1); -I started a Virtual Machine (VM1) on Libvirt, and I tagged his interface (vnet0) with tag=2; -if I run "# ovs-vsctl show" I obtain: Bridge "virbr1" Port "vnet0" tag: 2 Interface "vnet0" Port "virbr1-nic" Interface "virb1-nic" Port "virbr1" Interface "virbr1" type: internal -the problem is that it is impossible to assign to VM1 an IP, because the dnsmasq daemon does not accept the tagged DHCP Discover frame. Does someone know if there is a way for dnsmasq to accept tagged frames through "virbr1", and send a tagged DHCP Offer packet back to VM1? I believe you would need to run dedicated dnsmasq process instance per each VLAN that you have. By default I guess dnsmasq runs on virbr1, hence it does not see the tagged traffic that comes from vnet0. You could try to: add another port to that bridge with the same VLAN as VM has. And run a separate instance of dnsmasq there; or change the tag of virb1 port, but this might lead to other issues (e.g. then non-tagged VMs will not get DHCP leases). Perhaps someone else can suggest something easier... Greetings, Daniele Milani -- libvir-list mailing list libvir-list at redhat.com https://www.redhat.com/mailman/listinfo/libvir-list -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20120323/d609a4c3/attachment.htm>
Ansis Atteka
2012-Mar-23 17:15 UTC
[libvirt-users] [libvirt] Problem with Open vSwitch and dnsmasq
On Fri, Mar 23, 2012 at 4:14 AM, Daniele Milani <dano1988 at hotmail.it> wrote:> > > ------------------------------ > Date: Thu, 22 Mar 2012 11:43:03 -0700 > > Subject: Re: [libvirt] Problem with Open vSwitch and dnsmasq > From: aatteka at nicira.com > To: dano1988 at hotmail.it > CC: libvir-list at redhat.com; roberto.sassu at polito.it; > paolo.smiraglia at polito.it; dev at openvswitch.org > > > > On Thu, Mar 22, 2012 at 11:11 AM, Daniele Milani <dano1988 at hotmail.it>wrote: > > I think I could try the first solution. Can you explain me how do I > create the port used by dnsmasq? > > For example, is it correct to execute > # ovs-vsctl add-port virbr1 port2 tag=2 > to create a port for the vLan whose tag is 2 named "port2"? > > > Try something like this: > > ovs-vsctl add-port virbr1 port2 tag=2 > ovs-vsctl set Interface port2 type=internal > ifconfig port2 10.0.0.1 > ifconfig port2 up > /usr/sbin/dnsmasq --strict-order --bind-interfaces --except-interface lo > --listen-address 10.0.0.1 --dhcp-range 10.0.0.10,10.0.0.20 > --dhcp-leasefile=/var/lib/libvirt/dnsmasq/vlan2.leases --dhcp-lease-max=253 > --dhcp-no-override > > Though I have not tested it... > > > > I tried the configuration you suggest; and the request is now received by dnsmasq. > > I executed: > > ifconfig port2 192.168.100.128 netmask 255.255.255.0 > ifconfig port2 up > /usr/sbin/dnsmasq --strict-order --bind-interfaces --except-interface lo > --listen-address 192.168.100.128 --dhcp-range 192.168.100.129,192.168.100.139 --dhcp-leasefile=/var/lib/libvirt/dnsmasq/vlan2.leases --dhcp-lease-max=11 --dhcp-no-override --log-queries --log-facilities=/path_to_my_file/my_file > tailf /path_to_my_file/my_file > > obtaining the following output: > dnsmasq-dhcp[]: DHCPDISCOVER(port2) 52:94:00:02:a7:1e > dnsmasq-dhcp[]: DHCPOFFER(port2) 192.168.100.129 52:94:00:02:a7:1e > ... > dnsmasq-dhcp[]: DHCPDISCOVER(port2) 52:94:00:02:a7:1e > dnsmasq-dhcp[]: DHCPOFFER(port2) 192.168.100.129 52:94:00:02:a7:1e > ... > > Now I have a different problem: none DHCP Offer is sent by port2. > > Do someone know why does it happen and what to do about it? > > Try to run tcpdump/wireshark in VM to see if reply gets back that far.Also as per Laine's suggestion - you should execute those commands only on non-libvirt managed networks. This means that you should create OVS bridge yourself and then edit the VM XML configuration so that VM interfaces get added to your bridge directly. By the way libvirt 0.9.11 will have support for Open vSwitch and you won't need to have the Linux Bridge compatibility layer anymore.> > Thanks, > Daniele Milani > > > Daniele Milani > > > Date: Thu, 22 Mar 2012 10:54:21 -0700 > Subject: Re: [libvirt] Problem with Open vSwitch and dnsmasq > From: aatteka at nicira.com > To: dano1988 at hotmail.it > CC: libvir-list at redhat.com; roberto.sassu at polito.it > > > > > On Thu, Mar 22, 2012 at 6:10 AM, Daniele Milani <dano1988 at hotmail.it>wrote: > > Dear all, > I have the following situation: > -I replaced the standard bridge driver with the Open VSwitch one; > -I started a NAT-network on Libvirt (bridge name virbr1); > -I started a Virtual Machine (VM1) on Libvirt, and I tagged his interface > (vnet0) with tag=2; > -if I run "# ovs-vsctl show" I obtain: > > Bridge "virbr1" > Port "vnet0" > tag: 2 > Interface "vnet0" > Port "virbr1-nic" > Interface "virb1-nic" > Port "virbr1" > Interface "virbr1" > type: internal > > -the problem is that it is impossible to assign to VM1 an IP, because the > dnsmasq daemon does not accept the tagged DHCP Discover frame. > > Does someone know if there is a way for dnsmasq to accept tagged frames > through "virbr1", and send a tagged DHCP Offer packet back to VM1? > > I believe you would need to run dedicated dnsmasq process instance per > each VLAN that you have. By > default I guess dnsmasq runs on virbr1, hence it does not see the tagged > traffic that comes from vnet0. > > You could try to: > > 1. add another port to that bridge with the same VLAN as VM has. And > run a separate instance of dnsmasq there; or > > > > > change the tag of virb1 port, but this might lead to other issues (e.g. > then non-tagged VMs will not get DHCP leases). > Perhaps someone else can suggest something easier... > > Greetings, > Daniele Milani > > > -- > libvir-list mailing list > libvir-list at redhat.com > https://www.redhat.com/mailman/listinfo/libvir-list > > > >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20120323/ea6323c7/attachment.htm>