[Users] Broadcast traffic on veth interfaces

Vitaliy Gusev vgusev at openvz.org
Fri Feb 13 12:22:46 EST 2009 

On 13 February 2009 19:58:07 Jason Voorhees wrote:
> On Fri, Feb 13, 2009 at 11:03 AM, Vitaliy Gusev <vgusev at openvz.org> wrote:
> > On 13 February 2009 17:48:39 Jason Voorhees wrote:
> >> On Fri, Feb 13, 2009 at 6:46 AM, Vitaliy Gusev <vgusev at openvz.org> wrote:
> >> > On 13 February 2009 02:53:12 Jason Voorhees wrote:
> >> >> Hi:
> >> >>
> >> >> On Fri, Feb 6, 2009 at 11:35 AM, Vitaliy Gusev <vgusev at openvz.org> wrote:
> >> >> > On 5 February 2009 18:26:05 Jason Voorhees wrote:
> >> >> >> Hi people:
> >> >> >>
> >> >> >> I'm a newbie in OpenVZ world yet. With a little help of Google and
> >> >> >> OpenVZ wiki I understood that it's necessary to use veth instead of
> >> >> >> venet to be able to deal with broadcast traffic in a VE. This is true,
> >> >> >> right?
> >> >> >> So I created the corresponding veth to my VE and attached it to a
> >> >> >> bridge. Now my VE has an eth0 interface, it has its own IP address and
> >> >> >> works nicely: send and receive ICMP messages (with ping), I can get
> >> >> >> into VE trough SSH, etc.
> >> >> >>
> >> >> >> But I can see that broadcast traffic isn't working very well yet. My
> >> >> >> VE is running a Samba server but I can't find its netbios name (from
> >> >> >> the HN) using nmblookup. Also from the VE I can't find any netbios
> >> >> >> host in my network using nmblookup except the VE host itself.
> >> >> >>
> >> >> >> I followed the steps of the wiki:
> >> >> >> http://wiki.openvz.org/Veth#Virtual_Ethernet_devices_can_be_joined_in_one_bridge
> >> >> >>
> >> >> >> Do I need to do anything else in my OpenVZ environment?
> >> >> >
> >> >> >
> >> >> > I think it is enough. What say a tcpdump in host and in VE?
> >> >> > Please also check iptables rules.
> >> >> >
> >> >>
> >> >> My VE and HN don't have any iptables rules, policy are set ACCEPT by
> >> >> default in all chains.
> >> >> In my VE I'm running this:
> >> >>
> >> >> # tcpdump -ni eth0 host 192.168.99.255
> >> >>
> >> >> And I get nothing as output. However when I run the same command at
> >> >> the HN I get this:
> >> >>
> >> >> # tcpdump -ni eth0 host 192.168.99.255
> >> >> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> >> >> listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
> >> >> 18:35:14.636181 IP 192.168.99.23 > 192.168.99.255: ICMP echo request,
> >> >> id 36213, seq 88, length 64
> >> >> 18:35:15.635582 IP 192.168.99.23 > 192.168.99.255: ICMP echo request,
> >> >> id 36213, seq 89, length 64
> >> >> 18:35:16.635749 IP 192.168.99.23 > 192.168.99.255: ICMP echo request,
> >> >> id 36213, seq 90, length 64
> >> >> 18:35:17.635667 IP 192.168.99.23 > 192.168.99.255: ICMP echo request,
> >> >> id 36213, seq 91, length 64
> >> >>
> >> >
> >> > Are you sure that traffic was broadcast? Please add "-e" option to tcpdump
> >> > and run again.
> >> >
> >> >
> >> Yes. This is my tcpdump output with -e running at HN when running
> >> "nmblookup server3k" (netbios name of my VE running Samba) & "ping -b
> >> 192.168.99.255" from my PC (192.168.99.23) in the same network:
> >>
> >> # tcpdump -e -ni eth0 host 192.168.99.255 and 192.168.99.23
> >
> > Hmm, it seems that you try to dump traffic on ethernet device, but
> > we are interested in traffic on veth device. So can you run again on
> > vethX.Y device from VE0 ?
> >
> 
> Yes, you're right. I must show tcpdump output of veth101.0. I did this:
> 
> 1. Keeping the bridge configuration yet, listening on veth101.0 with
> tcpdump returns nothing about broadcast traffic.
> 
> 2. Deleting the bridge configuration and setting up the route to veth101.0...
> 
> # ifconfig vzbr0 down
> # brctl delif vzbr0 veth101.0
> # brctl delbr vzbr0
> # route add -host 192.168.99.209 dev veth101.0
> 
> and running tcpdump on veth101.0 also returns nothing about broadcast traffic.
> 
> any ideas?

1) what ip address does veth101.0 have?
2) You did "route add -host". System will add IP to route with mask 255.255.255.255.
   What is broadcast traffic for IP with this mask?

3) What command do you use for check?
   If "ping  192.168.99.255", so related to 2) you can check route by:

      ip route get 192.168.99.255

   Please, show output of upper command and "ip r l"

   You can use "ping  192.168.99.255 -I veth102.0". Broadcast
   traffic will send directly through veth102.0 interface.

> 
> >> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> >> listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
> >> 09:44:28.851932 00:10:c6:a2:9e:3c > Broadcast, ethertype IPv4
> >> (0x0800), length 92: 192.168.99.23.21464 > 192.168.99.255.netbios-ns:
> >> NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
> >> 09:44:29.128501 00:10:c6:a2:9e:3c > Broadcast, ethertype IPv4
> >> (0x0800), length 92: 192.168.99.23.21464 > 192.168.99.255.netbios-ns:
> >> NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
> >> 09:44:29.400595 00:10:c6:a2:9e:3c > Broadcast, ethertype IPv4
> >> (0x0800), length 92: 192.168.99.23.21464 > 192.168.99.255.netbios-ns:
> >> NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
> >> 09:44:58.345506 00:10:c6:a2:9e:3c > Broadcast, ethertype IPv4
> >> (0x0800), length 98: 192.168.99.23 > 192.168.99.255: ICMP echo
> >> request, id 54551, seq 1, length 64
> >> 09:44:59.360174 00:10:c6:a2:9e:3c > Broadcast, ethertype IPv4
> >> (0x0800), length 98: 192.168.99.23 > 192.168.99.255: ICMP echo
> >> request, id 54551, seq 2, length 64
> >> 09:45:00.364349 00:10:c6:a2:9e:3c > Broadcast, ethertype IPv4
> >> (0x0800), length 98: 192.168.99.23 > 192.168.99.255: ICMP echo
> >> request, id 54551, seq 3, length 64
> >>
> >> Running the same tcpdump command with the same options returns nothing at my VE.
> >> It seems that something (i don't know what) ist blocking broadcast
> >> traffic at the HN host level.
> >> Is this true? Is it something related to the bridge configuration? Is
> >
> > You can check this by remove bridge configuration and setup to vethX.Y on
> > VE0 IP-address manually and send direclty through vethX.Y interface broadcast
> > traffic.
> >
> >> it related to HN routes?
> >
> > Route is an IP level, so I don't think so.
> >
> >
> >
> >
> > --
> > Thank,
> > Vitaliy Gusev
> >


-- 
Thank,
Vitaliy Gusev

More information about the Users mailing list