vrouter run on Xen host, is ok. or run kvm host without ovs ,working too
2013/8/27 Daan Hoogland <daan.hoogl...@gmail.com>: > That would seem to be a bug. Can you migrate the router to a xen host > to see it working again? > > On Tue, Aug 27, 2013 at 4:57 PM, 不坏阿峰 <onlydeb...@gmail.com> wrote: >> this is different. >> >> i have configed the Engress rules, so that vm(run on KVM+OVS host) >> can access external&internet when vrouter run on Xen. >> but when vrouter run on KVM+OVS host , vm(run on KVM+OVS host) can >> not access external network. >> >> >> 2013/8/27 Daan Hoogland <daan.hoogl...@gmail.com>: >>> Feng, >>> >>> Did you solve this mail along with the other one you send? It seems >>> like the same question. >>> >>> regards, >>> Daan >>> >>> On Tue, Aug 27, 2013 at 4:26 PM, 不坏阿峰 <onlydeb...@gmail.com> wrote: >>>> wish some expert come to help me.~~` >>>> >>>> 2013/8/24 不坏阿峰 <onlydeb...@gmail.com>: >>>>> can someone help? >>>>> >>>>> 2013/8/23 不坏阿峰 <onlydeb...@gmail.com>: >>>>>> i did it. Guestvlan300 Isolated 192.168.31.0/24 ,Egress rule, >>>>>> 0.0.0.0/0 all. >>>>>> and when i initail vrouter on Xen host, guest host can access >>>>>> internet. but vroute on kvm+openvswitch Host can not. >>>>>> >>>>>> 2013/8/23 Ahmad Emneina <aemne...@gmail.com>: >>>>>>> I believe you have to create an egress networking rule to allow for >>>>>>> vm's to >>>>>>> reach the internet. >>>>>>> >>>>>>> >>>>>>> On Thu, Aug 22, 2013 at 7:53 PM, 不坏阿峰 <onlydeb...@gmail.com> wrote: >>>>>>> >>>>>>>> vm with openvswitch+KVM can not access extranal network, can ping >>>>>>>> gateway >>>>>>>> >>>>>>>> Cloudstack4.1.1 >>>>>>>> A: one kvm host ubuntu12.04 with openvswitch, >>>>>>>> B: xen server6.0, >>>>>>>> C: one kvm host centos with openvswitch >>>>>>>> >>>>>>>> in cloudstack have two network. >>>>>>>> Guestvlan301 Isolated 192.168.31.0/24 ,Egress rule, 0.0.0.0/0 all >>>>>>>> Guestvlan300 Isolated 192.168.31.0/24 ,Egress rule, 0.0.0.0/0 all >>>>>>>> >>>>>>>> >>>>>>>> ①:vrouter301 run on Xen, Public IP Address 192.168.240.54 Guest IP >>>>>>>> Address 192.168.31.1 >>>>>>>> vm in vlan301 ,can ping gateway 192.168.31.1 and can access >>>>>>>> internet. vm can run on kvm or xen, both ok. >>>>>>>> >>>>>>>> ②:vronter300 run on Kvm with openvswitch, Public IP Address >>>>>>>> 192.168.240.53 Guest IP Address 192.168.30.1 >>>>>>>> vm in vlan300 ,can ping gateway 192.168.30.1, but can not access >>>>>>>> internet. vrouter can access internet. >>>>>>>> >>>>>>>> how to make vm under kvm+openvswitch to access outside network and >>>>>>>> internet >>>>>>>> >>>>>>>> >>>>>>>> [root@centos-kvm01 libvirt]# ovs-vsctl show >>>>>>>> 7cb5f505-7ac1-4403-9f9d-101882ed7bad >>>>>>>> Bridge kvmmgt >>>>>>>> Port kvmmgt >>>>>>>> Interface kvmmgt >>>>>>>> type: internal >>>>>>>> Port "eth0" >>>>>>>> Interface "eth0" >>>>>>>> Bridge "cloudbr0" >>>>>>>> Port "cloudbr0" >>>>>>>> Interface "cloudbr0" >>>>>>>> type: internal >>>>>>>> Port "eth1" >>>>>>>> Interface "eth1" ## Eth1 uplink port is Esxi >>>>>>>> vswitch in promiscuous mode, Xen server Eth1 uplink this too, can >>>>>>>> work fine ; Kvm use native bridge work fine too. >>>>>>>> Port "vnet3" >>>>>>>> tag: 240 >>>>>>>> Interface "vnet3" >>>>>>>> Port "vnet0" >>>>>>>> tag: 301 >>>>>>>> Interface "vnet0" >>>>>>>> Port "vnet1" >>>>>>>> tag: 300 >>>>>>>> Interface "vnet1" >>>>>>>> Port "vnet4" >>>>>>>> tag: 240 >>>>>>>> Interface "vnet4" >>>>>>>> Bridge "cloud0" >>>>>>>> Port "cloud0" >>>>>>>> Interface "cloud0" >>>>>>>> type: internal >>>>>>>> Port "vnet2" >>>>>>>> Interface "vnet2" >>>>>>>> Bridge storage >>>>>>>> Port "eth2" >>>>>>>> Interface "eth2" >>>>>>>> Port storage >>>>>>>> Interface storage >>>>>>>> type: internal >>>>>>>> ovs_version: "1.10.0" >>>>>>>> >>>>>>>> >>>>>>>> i do the test, >>>>>>>> one VM 192.168.30.90 run ping 192.168.123.1 >>>>>>>> vrouter 192.168.30.1(outside IP 192.168.240.53 vlan 240) run ping >>>>>>>> www.google.com >>>>>>>> >>>>>>>> [root@centos-kvm01 ~]# ovs-dpctl dump-flows |grep 30.90 >>>>>>>> >>>>>>>> >>>>>>>> in_port(9),eth(src=02:00:07:94:00:09,dst=02:00:3c:30:00:06),eth_type(0x0806),arp(sip=192.168.30.1,tip=192.168.30.90,op=2,sha=02:00:07:94:00:09,tha=02:00:3c:30:00:06), >>>>>>>> packets:0, bytes:0, used:never, actions:push_vlan(vid=300,pcp=0),5 >>>>>>>> >>>>>>>> in_port(11),eth(src=06:28:b6:00:01:20,dst=00:50:56:97:5c:55),eth_type(0x0800),ipv4(src=192.168.30.90,dst=192.168.123.1,proto=1,tos=0,ttl=63,frag=no),icmp(type=8,code=0), >>>>>>>> packets:5855, bytes:573790, used:0.810s, >>>>>>>> actions:push_vlan(vid=240,pcp=0),5 >>>>>>>> >>>>>>>> in_port(5),eth(src=02:00:3c:30:00:06,dst=02:00:07:94:00:09),eth_type(0x8100),vlan(vid=300,pcp=0),encap(eth_type(0x0806),arp(sip=192.168.30.90,tip=192.168.30.1,op=1,sha=02:00:3c:30:00:06,tha=00:00:00:00:00:00)), >>>>>>>> packets:0, bytes:0, used:never, actions:pop_vlan,9 >>>>>>>> >>>>>>>> in_port(5),eth(src=02:00:3c:30:00:06,dst=02:00:07:94:00:09),eth_type(0x8100),vlan(vid=300,pcp=0),encap(eth_type(0x0800),ipv4(src=192.168.30.90,dst=192.168.123.1,proto=1,tos=0,ttl=64,frag=no),icmp(type=8,code=0)), >>>>>>>> packets:5855, bytes:597210, used:0.809s, actions:pop_vlan,9 >>>>>>>> >>>>>>>> ###### actions:push_vlan(vid=240,pcp=0),5 , this is maybe have >>>>>>>> some problem !!!!!!! is it?? >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> [root@centos-kvm01 ~]# ovs-dpctl dump-flows |grep 240.53 >>>>>>>> >>>>>>>> in_port(11),eth(src=06:28:b6:00:01:20,dst=00:50:56:97:5c:55),eth_type(0x0800),ipv4(src=192.168.240.53,dst=74.125.128.105,proto=1,tos=0,ttl=64,frag=no),icmp(type=8,code=0), >>>>>>>> packets:6167, bytes:604366, used:0.486s, >>>>>>>> actions:push_vlan(vid=240,pcp=0),5 >>>>>>>> >>>>>>>> in_port(5),eth(src=00:50:56:97:5c:55,dst=06:28:b6:00:01:20),eth_type(0x8100),vlan(vid=240,pcp=0),encap(eth_type(0x0806),arp(sip=192.168.240.1,tip=192.168.240.53,op=1,sha=00:50:56:97:5c:55,tha=00:00:00:00:00:00)), >>>>>>>> packets:0, bytes:0, used:never, actions:pop_vlan,11 >>>>>>>> >>>>>>>> in_port(5),eth(src=00:50:56:97:5c:55,dst=06:28:b6:00:01:20),eth_type(0x8100),vlan(vid=240,pcp=0),encap(eth_type(0x0800),ipv4(src=74.125.128.105,dst=192.168.240.53,proto=1,tos=0,ttl=49,frag=no),icmp(type=0,code=0)), >>>>>>>> packets:6059, bytes:618018, used:0.450s, actions:pop_vlan,11 >>>>>>>> >>>>>>>> in_port(11),eth(src=06:28:b6:00:01:20,dst=00:50:56:97:5c:55),eth_type(0x0806),arp(sip=192.168.240.53,tip=192.168.240.1,op=2,sha=06:28:b6:00:01:20,tha=00:50:56:97:5c:55), >>>>>>>> packets:0, bytes:0, used:never, actions:push_vlan(vid=240,pcp=0),5 >>>>>>>>
