Public bug reported: ## Host environment - Operating system: (ubuntu 20.04 server) - OS/kernel version: (5.13.0.40 Generic) - Architecture: (64 bit cpu architecture) - QEMU version: (latest using sudo apt install virt-manager)
## Emulated/Virtualized environment - Operating system: (ubuntu 20.04 server) - OS/kernel version: ( 5.13.0.40 Generic) - Architecture: (64 bit cpu architecture) ## Description of problem <!-- Describe the problem, including any error/crash messages seen. --> Hi, Inside openstack i have an instance of Ubuntu 20.04 and i have installed KVM ( using virt-manager ) to setup a Virtual Machine ... i have done that and i created a VM of ubuntu 20.04 inside the Openstack Instance but there are networking issue while i set the default parameter as setting up the VM ( i mean the networking is as default to NAT ) , So when the VM is up and running the PING to 8.8.8.8 is available and also ping to google.com is also valid which shows that the DNS is correctly working ... but there is not connectivity with packages while i do sudo apt update, it will not get any package update and also the wget to google.com is shows that its connected to it but it wont able to download!!! the same happen with curl to any other websites... I'm confirming that the openstack instance has full access to the internet including ping and wget , .... but the VM is not working correctly! P.S. I have set the ip forwarding, Iptables , ... also disabled firewals but notting changed!! Would you please fix this ? ## Steps to reproduce 1. creating an openstack instance from ubuntu 20.04 server image 2. updating and upgrading packages setting ip forwarding to 1 ( Enabled), firewall 3. and kernel to 5.13.0.40 and installing virt-manager then reboot 3. creating a VM with default KVM networking ( NAT ) using ubuntu 20.04 server image 4. trying ping, wget, curl , ... These are my commands after creating an instance with 8VCPU, 16VRAM, 100VDisk, ubuntu cloud 20.04 image: sudo apt update && sudo apt full-upgrade -y && sudo apt install linux-image-5.13.0-40-generic linux-headers-5.13.0-40-generic -y && sudo reboot sudo apt update && sudo uname -a Linux test 5.13.0-40-generic #45~20.04.1-Ubuntu SMP Mon Apr 4 09:38:31 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux sudo apt install virt-manager -y && sudo reboot sudo systemctl status libvirtd Its running IP range 192.168.122.2 sudo usermod -a -G libvirt ubuntu then download ubuntu server 20.04 image from https://releases.ubuntu.com/20.04/ubuntu-20.04.4-live-server-amd64.iso and create a new VM using KVM by virt-manager as shown bellow: https://gitlab.com/qemu-project/qemu/uploads/8bd4c7381a60832b3a5fcd9dbd3665de/image.png qemu-system-x86_64 --version QEMU emulator version 4.2.1 (Debian 1:4.2-3ubuntu6.21) Copyright (c) 2003-2019 Fabrice Bellard and the QEMU Project developers Here is my networking : ``` 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1442 qdisc fq_codel state UP group default qlen 1000 link/ether fa:16:3e:10:60:0e brd ff:ff:ff:ff:ff:ff altname enp0s3 inet 10.20.30.52/24 brd 10.20.30.255 scope global dynamic ens3 valid_lft 34758sec preferred_lft 34758sec inet6 fe80::f816:3eff:fe10:600e/64 scope link valid_lft forever preferred_lft forever 3: virbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether 52:54:00:98:07:1a brd ff:ff:ff:ff:ff:ff inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0 valid_lft forever preferred_lft forever 4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc fq_codel master virbr0 state DOWN group default qlen 1000 link/ether 52:54:00:98:07:1a brd ff:ff:ff:ff:ff:ff 5: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master virbr0 state UNKNOWN group default qlen 1000 link/ether fe:54:00:f9:5d:4d brd ff:ff:ff:ff:ff:ff inet6 fe80::fc54:ff:fef9:5d4d/64 scope link valid_lft forever preferred_lft forever ``` And this is my Iptable ``` iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination LIBVIRT_INP all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination LIBVIRT_FWX all -- anywhere anywhere LIBVIRT_FWI all -- anywhere anywhere LIBVIRT_FWO all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination LIBVIRT_OUT all -- anywhere anywhere Chain LIBVIRT_FWI (1 references) target prot opt source destination ACCEPT all -- anywhere 192.168.122.0/24 ctstate RELATED,ESTABLISHED REJECT all -- anywhere anywhere reject-with icmp-port-unreachable Chain LIBVIRT_FWO (1 references) target prot opt source destination ACCEPT all -- 192.168.122.0/24 anywhere REJECT all -- anywhere anywhere reject-with icmp-port-unreachable Chain LIBVIRT_FWX (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere Chain LIBVIRT_INP (1 references) target prot opt source destination ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT udp -- anywhere anywhere udp dpt:bootps ACCEPT tcp -- anywhere anywhere tcp dpt:67 Chain LIBVIRT_OUT (1 references) target prot opt source destination ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT udp -- anywhere anywhere udp dpt:bootpc ACCEPT tcp -- anywhere anywhere tcp dpt:68 ``` I think this is a bug because i have configured the same ssttings on baremetal system and it was completely OK ... but here when i use the OPENSTACK Instance the problem occures! ( Actually i think this problem happen in Nested KVM situation!) I would be glad to hear about hint on how to solve this issue! Thanks Best regards ** Affects: neutron Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1971050 Title: Nested KVM Networking Issue Status in neutron: New Bug description: ## Host environment - Operating system: (ubuntu 20.04 server) - OS/kernel version: (5.13.0.40 Generic) - Architecture: (64 bit cpu architecture) - QEMU version: (latest using sudo apt install virt-manager) ## Emulated/Virtualized environment - Operating system: (ubuntu 20.04 server) - OS/kernel version: ( 5.13.0.40 Generic) - Architecture: (64 bit cpu architecture) ## Description of problem <!-- Describe the problem, including any error/crash messages seen. --> Hi, Inside openstack i have an instance of Ubuntu 20.04 and i have installed KVM ( using virt-manager ) to setup a Virtual Machine ... i have done that and i created a VM of ubuntu 20.04 inside the Openstack Instance but there are networking issue while i set the default parameter as setting up the VM ( i mean the networking is as default to NAT ) , So when the VM is up and running the PING to 8.8.8.8 is available and also ping to google.com is also valid which shows that the DNS is correctly working ... but there is not connectivity with packages while i do sudo apt update, it will not get any package update and also the wget to google.com is shows that its connected to it but it wont able to download!!! the same happen with curl to any other websites... I'm confirming that the openstack instance has full access to the internet including ping and wget , .... but the VM is not working correctly! P.S. I have set the ip forwarding, Iptables , ... also disabled firewals but notting changed!! Would you please fix this ? ## Steps to reproduce 1. creating an openstack instance from ubuntu 20.04 server image 2. updating and upgrading packages setting ip forwarding to 1 ( Enabled), firewall 3. and kernel to 5.13.0.40 and installing virt-manager then reboot 3. creating a VM with default KVM networking ( NAT ) using ubuntu 20.04 server image 4. trying ping, wget, curl , ... These are my commands after creating an instance with 8VCPU, 16VRAM, 100VDisk, ubuntu cloud 20.04 image: sudo apt update && sudo apt full-upgrade -y && sudo apt install linux-image-5.13.0-40-generic linux-headers-5.13.0-40-generic -y && sudo reboot sudo apt update && sudo uname -a Linux test 5.13.0-40-generic #45~20.04.1-Ubuntu SMP Mon Apr 4 09:38:31 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux sudo apt install virt-manager -y && sudo reboot sudo systemctl status libvirtd Its running IP range 192.168.122.2 sudo usermod -a -G libvirt ubuntu then download ubuntu server 20.04 image from https://releases.ubuntu.com/20.04/ubuntu-20.04.4-live-server-amd64.iso and create a new VM using KVM by virt-manager as shown bellow: https://gitlab.com/qemu-project/qemu/uploads/8bd4c7381a60832b3a5fcd9dbd3665de/image.png qemu-system-x86_64 --version QEMU emulator version 4.2.1 (Debian 1:4.2-3ubuntu6.21) Copyright (c) 2003-2019 Fabrice Bellard and the QEMU Project developers Here is my networking : ``` 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1442 qdisc fq_codel state UP group default qlen 1000 link/ether fa:16:3e:10:60:0e brd ff:ff:ff:ff:ff:ff altname enp0s3 inet 10.20.30.52/24 brd 10.20.30.255 scope global dynamic ens3 valid_lft 34758sec preferred_lft 34758sec inet6 fe80::f816:3eff:fe10:600e/64 scope link valid_lft forever preferred_lft forever 3: virbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether 52:54:00:98:07:1a brd ff:ff:ff:ff:ff:ff inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0 valid_lft forever preferred_lft forever 4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc fq_codel master virbr0 state DOWN group default qlen 1000 link/ether 52:54:00:98:07:1a brd ff:ff:ff:ff:ff:ff 5: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master virbr0 state UNKNOWN group default qlen 1000 link/ether fe:54:00:f9:5d:4d brd ff:ff:ff:ff:ff:ff inet6 fe80::fc54:ff:fef9:5d4d/64 scope link valid_lft forever preferred_lft forever ``` And this is my Iptable ``` iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination LIBVIRT_INP all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination LIBVIRT_FWX all -- anywhere anywhere LIBVIRT_FWI all -- anywhere anywhere LIBVIRT_FWO all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination LIBVIRT_OUT all -- anywhere anywhere Chain LIBVIRT_FWI (1 references) target prot opt source destination ACCEPT all -- anywhere 192.168.122.0/24 ctstate RELATED,ESTABLISHED REJECT all -- anywhere anywhere reject-with icmp-port-unreachable Chain LIBVIRT_FWO (1 references) target prot opt source destination ACCEPT all -- 192.168.122.0/24 anywhere REJECT all -- anywhere anywhere reject-with icmp-port-unreachable Chain LIBVIRT_FWX (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere Chain LIBVIRT_INP (1 references) target prot opt source destination ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT udp -- anywhere anywhere udp dpt:bootps ACCEPT tcp -- anywhere anywhere tcp dpt:67 Chain LIBVIRT_OUT (1 references) target prot opt source destination ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT udp -- anywhere anywhere udp dpt:bootpc ACCEPT tcp -- anywhere anywhere tcp dpt:68 ``` I think this is a bug because i have configured the same ssttings on baremetal system and it was completely OK ... but here when i use the OPENSTACK Instance the problem occures! ( Actually i think this problem happen in Nested KVM situation!) I would be glad to hear about hint on how to solve this issue! Thanks Best regards To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1971050/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp