[Users] Broadcast traffic on veth interfaces

Vitaliy Gusev vgusev at openvz.org
Fri Feb 13 11:03:21 EST 2009 

On 13 February 2009 17:48:39 Jason Voorhees wrote:
> On Fri, Feb 13, 2009 at 6:46 AM, Vitaliy Gusev <vgusev at openvz.org> wrote:
> > On 13 February 2009 02:53:12 Jason Voorhees wrote:
> >> Hi:
> >>
> >> On Fri, Feb 6, 2009 at 11:35 AM, Vitaliy Gusev <vgusev at openvz.org> wrote:
> >> > On 5 February 2009 18:26:05 Jason Voorhees wrote:
> >> >> Hi people:
> >> >>
> >> >> I'm a newbie in OpenVZ world yet. With a little help of Google and
> >> >> OpenVZ wiki I understood that it's necessary to use veth instead of
> >> >> venet to be able to deal with broadcast traffic in a VE. This is true,
> >> >> right?
> >> >> So I created the corresponding veth to my VE and attached it to a
> >> >> bridge. Now my VE has an eth0 interface, it has its own IP address and
> >> >> works nicely: send and receive ICMP messages (with ping), I can get
> >> >> into VE trough SSH, etc.
> >> >>
> >> >> But I can see that broadcast traffic isn't working very well yet. My
> >> >> VE is running a Samba server but I can't find its netbios name (from
> >> >> the HN) using nmblookup. Also from the VE I can't find any netbios
> >> >> host in my network using nmblookup except the VE host itself.
> >> >>
> >> >> I followed the steps of the wiki:
> >> >> http://wiki.openvz.org/Veth#Virtual_Ethernet_devices_can_be_joined_in_one_bridge
> >> >>
> >> >> Do I need to do anything else in my OpenVZ environment?
> >> >
> >> >
> >> > I think it is enough. What say a tcpdump in host and in VE?
> >> > Please also check iptables rules.
> >> >
> >>
> >> My VE and HN don't have any iptables rules, policy are set ACCEPT by
> >> default in all chains.
> >> In my VE I'm running this:
> >>
> >> # tcpdump -ni eth0 host 192.168.99.255
> >>
> >> And I get nothing as output. However when I run the same command at
> >> the HN I get this:
> >>
> >> # tcpdump -ni eth0 host 192.168.99.255
> >> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> >> listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
> >> 18:35:14.636181 IP 192.168.99.23 > 192.168.99.255: ICMP echo request,
> >> id 36213, seq 88, length 64
> >> 18:35:15.635582 IP 192.168.99.23 > 192.168.99.255: ICMP echo request,
> >> id 36213, seq 89, length 64
> >> 18:35:16.635749 IP 192.168.99.23 > 192.168.99.255: ICMP echo request,
> >> id 36213, seq 90, length 64
> >> 18:35:17.635667 IP 192.168.99.23 > 192.168.99.255: ICMP echo request,
> >> id 36213, seq 91, length 64
> >>
> >
> > Are you sure that traffic was broadcast? Please add "-e" option to tcpdump
> > and run again.
> >
> >
> Yes. This is my tcpdump output with -e running at HN when running
> "nmblookup server3k" (netbios name of my VE running Samba) & "ping -b
> 192.168.99.255" from my PC (192.168.99.23) in the same network:
> 
> # tcpdump -e -ni eth0 host 192.168.99.255 and 192.168.99.23

Hmm, it seems that you try to dump traffic on ethernet device, but
we are interested in traffic on veth device. So can you run again on
vethX.Y device from VE0 ?

> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
> 09:44:28.851932 00:10:c6:a2:9e:3c > Broadcast, ethertype IPv4
> (0x0800), length 92: 192.168.99.23.21464 > 192.168.99.255.netbios-ns:
> NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
> 09:44:29.128501 00:10:c6:a2:9e:3c > Broadcast, ethertype IPv4
> (0x0800), length 92: 192.168.99.23.21464 > 192.168.99.255.netbios-ns:
> NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
> 09:44:29.400595 00:10:c6:a2:9e:3c > Broadcast, ethertype IPv4
> (0x0800), length 92: 192.168.99.23.21464 > 192.168.99.255.netbios-ns:
> NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
> 09:44:58.345506 00:10:c6:a2:9e:3c > Broadcast, ethertype IPv4
> (0x0800), length 98: 192.168.99.23 > 192.168.99.255: ICMP echo
> request, id 54551, seq 1, length 64
> 09:44:59.360174 00:10:c6:a2:9e:3c > Broadcast, ethertype IPv4
> (0x0800), length 98: 192.168.99.23 > 192.168.99.255: ICMP echo
> request, id 54551, seq 2, length 64
> 09:45:00.364349 00:10:c6:a2:9e:3c > Broadcast, ethertype IPv4
> (0x0800), length 98: 192.168.99.23 > 192.168.99.255: ICMP echo
> request, id 54551, seq 3, length 64
> 
> Running the same tcpdump command with the same options returns nothing at my VE.
> It seems that something (i don't know what) ist blocking broadcast
> traffic at the HN host level.
> Is this true? Is it something related to the bridge configuration? Is

You can check this by remove bridge configuration and setup to vethX.Y on
VE0 IP-address manually and send direclty through vethX.Y interface broadcast
traffic.

> it related to HN routes?

Route is an IP level, so I don't think so.




-- 
Thank,
Vitaliy Gusev

More information about the Users mailing list