On 08.01.2019 01:35, Robert J Brenneman wrote: > KVM Host bridges require a L2 network interface with the 'bridge_role' > attribute set on the OSA device supporting the bridge. > ref: https://public.dhe.ibm.com/software/dw/linux390/docu/lhs4dd05.pdf > chapter 14, section Layer 2 promiscuous mode on p205. > > But you're not using a L2 Vswitch - the 'q lan' response indicates it's a > L3 : 'PERSISTENT RESTRICTED IP' > if it had been a L2 network it would have said 'PERSISTENT RESTRICTED ETH' > > > But wait - you're not trying to run a KVM Bridge , you're doing MACVTAP > which attaches the whole eth interface to the KVM guest.
Well, not exactly. macvtap does not attach the whole eth, it registers one mac address at that interface (via osa address table) and then passes along the traffic for that mac address to the guest. Now this (as well as bridges and openvswitch) always require a layer 2 interface. If you really HAVE to use a layer3 interface only (e.g. a hipersocket that connects to z/OS) you can do routing in the KVM host. Examples of how to use that can be found in the paper Exploiting HiperSockets in a KVM Environment Using IP Routing with Linux on Z - Results and Findings https://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/WP102746 > If you have the option to create a L2 LAN instead, try that first and see > if it works. > > If you can't create a L2 LAN to use for the MACVTAP interface, I am not > sure whether the L3 LAN you have will work. L3 LAN doesn't do ARPing at > all so I'm not surprised wireshark is showing you no response to the > outgoing ARP. The virtual machine doesn't interact with the MACVTAP using > the qeth driver internally, so you can't really put it in L3 mode to make > it work that way. > > I hope you have the option to create a L2 Guest LAN or vswitch for the KVM > host's interface - the only other option I can think of would be to > dedicate a triplet of OSA devices ( Read/Write/Data ) directly to the KVM > Host's VM Guest. > > On Thu, Jan 3, 2019 at 5:22 PM Alan Haff <[email protected]> wrote: > >> I'm setting up a KVM-hosted guest in a SLES12 VM running under z/VM and >> I'm not able to get networking going in the KVM guest. >> >> Host: z/VM 6.4 >> KVM host: SLES12SP4 >> KVM guest: SLES12SP4 >> >> (The KVM host must run under z/VM; I don't have any control over that.) >> >> The KVM guest's network is defined as: >> >> <interface type='direct'> >> <source dev='eth0' mode='bridge'/> >> <model type='virtio'/> >> </interface> >> >> which, after 'virsh define sles12.xml', becomes: >> >> <interface type='direct'> >> <mac address='52:54:00:93:f4:ce'/> >> <source dev='eth0' mode='bridge'/> >> <target dev='macvtap0'/> >> <model type='virtio'/> >> <alias name='net0'/> >> <address type='ccw' cssid='0xfe' ssid='0x0' devno='0x0000'/> >> </interface> >> >> The macvtap0 device does get created when I start the KVM guest with >> 'virsh start sles12': >> >> 4: macvtap0@eth0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1492 >> qdisc pfifo_fast state UP mode DEFAULT group default qlen 500 >> link/ether 52:54:00:93:f4:ce brd ff:ff:ff:ff:ff:ff >> >> Running WireShark on the KVM host when I try to ping the default gateway >> from within the KVM guest, I can see ARP packets on the macvtap device (and >> the transmit packet count increases) but I never see any ARP replies coming >> back: >> >> macvtap0 Link encap:Ethernet HWaddr 52:54:00:93:F4:CE >> UP BROADCAST RUNNING PROMISC MULTICAST MTU:1492 Metric:1 >> RX packets:0 errors:0 dropped:0 overruns:0 frame:0 >> TX packets:10 errors:0 dropped:0 overruns:0 carrier:0 >> collisions:0 txqueuelen:500 >> RX bytes:0 (0.0 b) TX bytes:420 (420.0 b) >> >> I've confirmed that MACPROTECT is off: >> >> q lan >> 00: LAN SYSTEM LANATTC Type: QDIO Connected: 5 Maxconn: INFINITE >> 00: PERSISTENT RESTRICTED IP Accounting: OFF >> 00: IPTimeout: 5 MAC Protection: OFF >> 00: Isolation Status: OFF VEPA Status: OFF >> q vmlan >> 00: VMLAN maintenance level: >> 00: Latest Service: VM65918 >> 00: VMLAN MAC address assignment: >> 00: System MAC Protection: OFF >> 00: MACADDR Prefix: 02DF02 USER Prefix: 02DF02 >> 00: MACIDRANGE SYSTEM: 000001-FFFFFF >> 00: USER: 000000-000000 >> 00: VMLAN default accounting status: >> 00: SYSTEM Accounting: OFF USER Accounting: OFF >> 00: VMLAN general activity: >> 00: PERSISTENT Limit: INFINITE Current: 20 >> 00: TRANSIENT Limit: INFINITE Current: 0 >> 00: Trace Pages: 8 >> 00: VMLAN Directory Network Authorization: ENABLED >> 00: IVL Domain: None >> >> >> Any ideas about what I could be missing? ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/
