[Users] Broadcast traffic on veth interfaces

Jason Voorhees jvoorhees1 at gmail.com
Fri Feb 13 13:35:16 EST 2009 

On Fri, Feb 13, 2009 at 12:22 PM, Vitaliy Gusev <vgusev at openvz.org> wrote:
> On 13 February 2009 19:58:07 Jason Voorhees wrote:
>> On Fri, Feb 13, 2009 at 11:03 AM, Vitaliy Gusev <vgusev at openvz.org> wrote:
>> > On 13 February 2009 17:48:39 Jason Voorhees wrote:
>> >> On Fri, Feb 13, 2009 at 6:46 AM, Vitaliy Gusev <vgusev at openvz.org> wrote:
>> >> > On 13 February 2009 02:53:12 Jason Voorhees wrote:
>> >> >> Hi:
>> >> >>
>> >> >> On Fri, Feb 6, 2009 at 11:35 AM, Vitaliy Gusev <vgusev at openvz.org> wrote:
>> >> >> > On 5 February 2009 18:26:05 Jason Voorhees wrote:
>> >> >> >> Hi people:
>> >> >> >>
>> >> >> >> I'm a newbie in OpenVZ world yet. With a little help of Google and
>> >> >> >> OpenVZ wiki I understood that it's necessary to use veth instead of
>> >> >> >> venet to be able to deal with broadcast traffic in a VE. This is true,
>> >> >> >> right?
>> >> >> >> So I created the corresponding veth to my VE and attached it to a
>> >> >> >> bridge. Now my VE has an eth0 interface, it has its own IP address and
>> >> >> >> works nicely: send and receive ICMP messages (with ping), I can get
>> >> >> >> into VE trough SSH, etc.
>> >> >> >>
>> >> >> >> But I can see that broadcast traffic isn't working very well yet. My
>> >> >> >> VE is running a Samba server but I can't find its netbios name (from
>> >> >> >> the HN) using nmblookup. Also from the VE I can't find any netbios
>> >> >> >> host in my network using nmblookup except the VE host itself.
>> >> >> >>
>> >> >> >> I followed the steps of the wiki:
>> >> >> >> http://wiki.openvz.org/Veth#Virtual_Ethernet_devices_can_be_joined_in_one_bridge
>> >> >> >>
>> >> >> >> Do I need to do anything else in my OpenVZ environment?
>> >> >> >
>> >> >> >
>> >> >> > I think it is enough. What say a tcpdump in host and in VE?
>> >> >> > Please also check iptables rules.
>> >> >> >
>> >> >>
>> >> >> My VE and HN don't have any iptables rules, policy are set ACCEPT by
>> >> >> default in all chains.
>> >> >> In my VE I'm running this:
>> >> >>
>> >> >> # tcpdump -ni eth0 host 192.168.99.255
>> >> >>
>> >> >> And I get nothing as output. However when I run the same command at
>> >> >> the HN I get this:
>> >> >>
>> >> >> # tcpdump -ni eth0 host 192.168.99.255
>> >> >> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
>> >> >> listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
>> >> >> 18:35:14.636181 IP 192.168.99.23 > 192.168.99.255: ICMP echo request,
>> >> >> id 36213, seq 88, length 64
>> >> >> 18:35:15.635582 IP 192.168.99.23 > 192.168.99.255: ICMP echo request,
>> >> >> id 36213, seq 89, length 64
>> >> >> 18:35:16.635749 IP 192.168.99.23 > 192.168.99.255: ICMP echo request,
>> >> >> id 36213, seq 90, length 64
>> >> >> 18:35:17.635667 IP 192.168.99.23 > 192.168.99.255: ICMP echo request,
>> >> >> id 36213, seq 91, length 64
>> >> >>
>> >> >
>> >> > Are you sure that traffic was broadcast? Please add "-e" option to tcpdump
>> >> > and run again.
>> >> >
>> >> >
>> >> Yes. This is my tcpdump output with -e running at HN when running
>> >> "nmblookup server3k" (netbios name of my VE running Samba) & "ping -b
>> >> 192.168.99.255" from my PC (192.168.99.23) in the same network:
>> >>
>> >> # tcpdump -e -ni eth0 host 192.168.99.255 and 192.168.99.23
>> >
>> > Hmm, it seems that you try to dump traffic on ethernet device, but
>> > we are interested in traffic on veth device. So can you run again on
>> > vethX.Y device from VE0 ?
>> >
>>
>> Yes, you're right. I must show tcpdump output of veth101.0. I did this:
>>
>> 1. Keeping the bridge configuration yet, listening on veth101.0 with
>> tcpdump returns nothing about broadcast traffic.
>>
>> 2. Deleting the bridge configuration and setting up the route to veth101.0...
>>
>> # ifconfig vzbr0 down
>> # brctl delif vzbr0 veth101.0
>> # brctl delbr vzbr0
>> # route add -host 192.168.99.209 dev veth101.0
>>
>> and running tcpdump on veth101.0 also returns nothing about broadcast traffic.
>>
>> any ideas?
>
> 1) what ip address does veth101.0 have?

veth101.0 doesn't have any IPv4 address. According to the wiki I did
"ifconfig veth101.0 0".
eth0 in HN has 192.168.99.208. Should I assign a 192.168.99.X address
to veth101.0? I think that having 2 network interfaces with IP
addresses of the same range creates routing problems. Right?

> 2) You did "route add -host". System will add IP to route with mask 255.255.255.255.
>   What is broadcast traffic for IP with this mask?
Sorry, I don't get you. Maybe my English isn't very good to interpret
correctly this question :(

> 3) What command do you use for check?
>   If "ping  192.168.99.255", so related to 2) you can check route by:
>
>      ip route get 192.168.99.255
>
>   Please, show output of upper command and "ip r l"
>
>   You can use "ping  192.168.99.255 -I veth102.0". Broadcast
>   traffic will send directly through veth102.0 interface.
>
Ok, I was probing PING from my PC (192.168.99.23), not from the HN
(192.168.99.208). But anyway, these are the result of my tests:

1. At HN, ping broadcast address:

# ping -b 192.168.99.255

.. meanwhile at VE I'm listening on eth0 with tcpdump:

# tcpdump -ni eth0 -e host 192.168.99.255
... (returns nothing)


2. At HN, ping broadcast address choosing what interface address to use:

# ping -b 192.168.99.255 -I veth101.0

... meanwhile still running tcpdump at VE:

# tcpdump -ni eth0 -e host 192.168.99.255
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
13:24:20.476026 00:18:51:80:c1:23 > Broadcast, ethertype IPv4
(0x0800), length 98: 192.168.99.208 > 192.168.99.255: ICMP echo
request, id 50002, seq 5, length 64
13:24:21.475878 00:18:51:80:c1:23 > Broadcast, ethertype IPv4
(0x0800), length 98: 192.168.99.208 > 192.168.99.255: ICMP echo
request, id 50002, seq 6, length 64
13:24:22.475709 00:18:51:80:c1:23 > Broadcast, ethertype IPv4
(0x0800), length 98: 192.168.99.208 > 192.168.99.255: ICMP echo
request, id 50002, seq 7, length 64

Broadcast traffic delivers fine to VE, so NetBIOS queries should too.
I can see now that there's a routing problem... apparently, but I'm
not able to identify it, yet.
Why unicast traffic works OK trough veth101.0 but broadcast doesn't?
Why do I need to be specific about the network interface when I try to
send broadcast packets?

This is the information requested about my HN routes:

# ip route get 192.168.99.255
broadcast 192.168.99.255 dev eth0  src 192.168.99.208
    cache <local,brd>  mtu 1500 advmss 1460 hoplimit 64

# ip route list
192.168.99.206 dev venet0  scope link
192.168.99.212 dev venet0  scope link
192.168.99.209 dev veth10199202.0  scope link
192.168.99.0/24 dev eth0  proto kernel  scope link  src 192.168.99.208
169.254.0.0/16 dev eth0  scope link
default via 192.168.99.1 dev eth0

Do I need to route traffic to 192.168.99.255 trough veth101.0 only?
What happens when I need to create more veth interfaces for additional
VEs?

More information about the Users mailing list