[Users] Broadcast traffic on veth interfaces

Jason Voorhees jvoorhees1 at gmail.com
Fri Feb 13 09:48:39 EST 2009 

On Fri, Feb 13, 2009 at 6:46 AM, Vitaliy Gusev <vgusev at openvz.org> wrote:
> On 13 February 2009 02:53:12 Jason Voorhees wrote:
>> Hi:
>>
>> On Fri, Feb 6, 2009 at 11:35 AM, Vitaliy Gusev <vgusev at openvz.org> wrote:
>> > On 5 February 2009 18:26:05 Jason Voorhees wrote:
>> >> Hi people:
>> >>
>> >> I'm a newbie in OpenVZ world yet. With a little help of Google and
>> >> OpenVZ wiki I understood that it's necessary to use veth instead of
>> >> venet to be able to deal with broadcast traffic in a VE. This is true,
>> >> right?
>> >> So I created the corresponding veth to my VE and attached it to a
>> >> bridge. Now my VE has an eth0 interface, it has its own IP address and
>> >> works nicely: send and receive ICMP messages (with ping), I can get
>> >> into VE trough SSH, etc.
>> >>
>> >> But I can see that broadcast traffic isn't working very well yet. My
>> >> VE is running a Samba server but I can't find its netbios name (from
>> >> the HN) using nmblookup. Also from the VE I can't find any netbios
>> >> host in my network using nmblookup except the VE host itself.
>> >>
>> >> I followed the steps of the wiki:
>> >> http://wiki.openvz.org/Veth#Virtual_Ethernet_devices_can_be_joined_in_one_bridge
>> >>
>> >> Do I need to do anything else in my OpenVZ environment?
>> >
>> >
>> > I think it is enough. What say a tcpdump in host and in VE?
>> > Please also check iptables rules.
>> >
>>
>> My VE and HN don't have any iptables rules, policy are set ACCEPT by
>> default in all chains.
>> In my VE I'm running this:
>>
>> # tcpdump -ni eth0 host 192.168.99.255
>>
>> And I get nothing as output. However when I run the same command at
>> the HN I get this:
>>
>> # tcpdump -ni eth0 host 192.168.99.255
>> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
>> listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
>> 18:35:14.636181 IP 192.168.99.23 > 192.168.99.255: ICMP echo request,
>> id 36213, seq 88, length 64
>> 18:35:15.635582 IP 192.168.99.23 > 192.168.99.255: ICMP echo request,
>> id 36213, seq 89, length 64
>> 18:35:16.635749 IP 192.168.99.23 > 192.168.99.255: ICMP echo request,
>> id 36213, seq 90, length 64
>> 18:35:17.635667 IP 192.168.99.23 > 192.168.99.255: ICMP echo request,
>> id 36213, seq 91, length 64
>>
>
> Are you sure that traffic was broadcast? Please add "-e" option to tcpdump
> and run again.
>
>
Yes. This is my tcpdump output with -e running at HN when running
"nmblookup server3k" (netbios name of my VE running Samba) & "ping -b
192.168.99.255" from my PC (192.168.99.23) in the same network:

# tcpdump -e -ni eth0 host 192.168.99.255 and 192.168.99.23
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
09:44:28.851932 00:10:c6:a2:9e:3c > Broadcast, ethertype IPv4
(0x0800), length 92: 192.168.99.23.21464 > 192.168.99.255.netbios-ns:
NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
09:44:29.128501 00:10:c6:a2:9e:3c > Broadcast, ethertype IPv4
(0x0800), length 92: 192.168.99.23.21464 > 192.168.99.255.netbios-ns:
NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
09:44:29.400595 00:10:c6:a2:9e:3c > Broadcast, ethertype IPv4
(0x0800), length 92: 192.168.99.23.21464 > 192.168.99.255.netbios-ns:
NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
09:44:58.345506 00:10:c6:a2:9e:3c > Broadcast, ethertype IPv4
(0x0800), length 98: 192.168.99.23 > 192.168.99.255: ICMP echo
request, id 54551, seq 1, length 64
09:44:59.360174 00:10:c6:a2:9e:3c > Broadcast, ethertype IPv4
(0x0800), length 98: 192.168.99.23 > 192.168.99.255: ICMP echo
request, id 54551, seq 2, length 64
09:45:00.364349 00:10:c6:a2:9e:3c > Broadcast, ethertype IPv4
(0x0800), length 98: 192.168.99.23 > 192.168.99.255: ICMP echo
request, id 54551, seq 3, length 64

Running the same tcpdump command with the same options returns nothing at my VE.
It seems that something (i don't know what) ist blocking broadcast
traffic at the HN host level.
Is this true? Is it something related to the bridge configuration? Is
it related to HN routes?

More information about the Users mailing list