[Users] Broadcast traffic on veth interfaces

Jason Voorhees jvoorhees1 at gmail.com
Fri Feb 13 11:58:07 EST 2009 

On Fri, Feb 13, 2009 at 11:03 AM, Vitaliy Gusev <vgusev at openvz.org> wrote:
> On 13 February 2009 17:48:39 Jason Voorhees wrote:
>> On Fri, Feb 13, 2009 at 6:46 AM, Vitaliy Gusev <vgusev at openvz.org> wrote:
>> > On 13 February 2009 02:53:12 Jason Voorhees wrote:
>> >> Hi:
>> >>
>> >> On Fri, Feb 6, 2009 at 11:35 AM, Vitaliy Gusev <vgusev at openvz.org> wrote:
>> >> > On 5 February 2009 18:26:05 Jason Voorhees wrote:
>> >> >> Hi people:
>> >> >>
>> >> >> I'm a newbie in OpenVZ world yet. With a little help of Google and
>> >> >> OpenVZ wiki I understood that it's necessary to use veth instead of
>> >> >> venet to be able to deal with broadcast traffic in a VE. This is true,
>> >> >> right?
>> >> >> So I created the corresponding veth to my VE and attached it to a
>> >> >> bridge. Now my VE has an eth0 interface, it has its own IP address and
>> >> >> works nicely: send and receive ICMP messages (with ping), I can get
>> >> >> into VE trough SSH, etc.
>> >> >>
>> >> >> But I can see that broadcast traffic isn't working very well yet. My
>> >> >> VE is running a Samba server but I can't find its netbios name (from
>> >> >> the HN) using nmblookup. Also from the VE I can't find any netbios
>> >> >> host in my network using nmblookup except the VE host itself.
>> >> >>
>> >> >> I followed the steps of the wiki:
>> >> >> http://wiki.openvz.org/Veth#Virtual_Ethernet_devices_can_be_joined_in_one_bridge
>> >> >>
>> >> >> Do I need to do anything else in my OpenVZ environment?
>> >> >
>> >> >
>> >> > I think it is enough. What say a tcpdump in host and in VE?
>> >> > Please also check iptables rules.
>> >> >
>> >>
>> >> My VE and HN don't have any iptables rules, policy are set ACCEPT by
>> >> default in all chains.
>> >> In my VE I'm running this:
>> >>
>> >> # tcpdump -ni eth0 host 192.168.99.255
>> >>
>> >> And I get nothing as output. However when I run the same command at
>> >> the HN I get this:
>> >>
>> >> # tcpdump -ni eth0 host 192.168.99.255
>> >> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
>> >> listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
>> >> 18:35:14.636181 IP 192.168.99.23 > 192.168.99.255: ICMP echo request,
>> >> id 36213, seq 88, length 64
>> >> 18:35:15.635582 IP 192.168.99.23 > 192.168.99.255: ICMP echo request,
>> >> id 36213, seq 89, length 64
>> >> 18:35:16.635749 IP 192.168.99.23 > 192.168.99.255: ICMP echo request,
>> >> id 36213, seq 90, length 64
>> >> 18:35:17.635667 IP 192.168.99.23 > 192.168.99.255: ICMP echo request,
>> >> id 36213, seq 91, length 64
>> >>
>> >
>> > Are you sure that traffic was broadcast? Please add "-e" option to tcpdump
>> > and run again.
>> >
>> >
>> Yes. This is my tcpdump output with -e running at HN when running
>> "nmblookup server3k" (netbios name of my VE running Samba) & "ping -b
>> 192.168.99.255" from my PC (192.168.99.23) in the same network:
>>
>> # tcpdump -e -ni eth0 host 192.168.99.255 and 192.168.99.23
>
> Hmm, it seems that you try to dump traffic on ethernet device, but
> we are interested in traffic on veth device. So can you run again on
> vethX.Y device from VE0 ?
>

Yes, you're right. I must show tcpdump output of veth101.0. I did this:

1. Keeping the bridge configuration yet, listening on veth101.0 with
tcpdump returns nothing about broadcast traffic.

2. Deleting the bridge configuration and setting up the route to veth101.0...

# ifconfig vzbr0 down
# brctl delif vzbr0 veth101.0
# brctl delbr vzbr0
# route add -host 192.168.99.209 dev veth101.0

and running tcpdump on veth101.0 also returns nothing about broadcast traffic.

any ideas?

>> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
>> listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
>> 09:44:28.851932 00:10:c6:a2:9e:3c > Broadcast, ethertype IPv4
>> (0x0800), length 92: 192.168.99.23.21464 > 192.168.99.255.netbios-ns:
>> NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
>> 09:44:29.128501 00:10:c6:a2:9e:3c > Broadcast, ethertype IPv4
>> (0x0800), length 92: 192.168.99.23.21464 > 192.168.99.255.netbios-ns:
>> NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
>> 09:44:29.400595 00:10:c6:a2:9e:3c > Broadcast, ethertype IPv4
>> (0x0800), length 92: 192.168.99.23.21464 > 192.168.99.255.netbios-ns:
>> NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
>> 09:44:58.345506 00:10:c6:a2:9e:3c > Broadcast, ethertype IPv4
>> (0x0800), length 98: 192.168.99.23 > 192.168.99.255: ICMP echo
>> request, id 54551, seq 1, length 64
>> 09:44:59.360174 00:10:c6:a2:9e:3c > Broadcast, ethertype IPv4
>> (0x0800), length 98: 192.168.99.23 > 192.168.99.255: ICMP echo
>> request, id 54551, seq 2, length 64
>> 09:45:00.364349 00:10:c6:a2:9e:3c > Broadcast, ethertype IPv4
>> (0x0800), length 98: 192.168.99.23 > 192.168.99.255: ICMP echo
>> request, id 54551, seq 3, length 64
>>
>> Running the same tcpdump command with the same options returns nothing at my VE.
>> It seems that something (i don't know what) ist blocking broadcast
>> traffic at the HN host level.
>> Is this true? Is it something related to the bridge configuration? Is
>
> You can check this by remove bridge configuration and setup to vethX.Y on
> VE0 IP-address manually and send direclty through vethX.Y interface broadcast
> traffic.
>
>> it related to HN routes?
>
> Route is an IP level, so I don't think so.
>
>
>
>
> --
> Thank,
> Vitaliy Gusev
>

More information about the Users mailing list