[Users] vlan and bridge network interface in openVZ/virtuozzo 7 + preventpromisc
Vasily Averin
vvs at virtuozzo.com
Wed Nov 2 10:33:42 PDT 2016
Dear Jehan,
as far as I understand incoming packets are filtered by bridge,
it have list of known MAC addresses and forward external packets to internal interface
broadcasts and packets addressed to MACs related to given interface.
brctl showmacs brX
So the settings of CT/VM interfaces do not takes into account on this stage.
THank you,
Vasily Averin
On 02.11.2016 13:56, Jehan Procaccia wrote:
> Hello
>
> I am still lock on setting *preventpromisc=off* in my CT .
> I did ask for it:
>
> # prlctl set CTprobe --device-set net1 --preventpromisc no
>
> no way, preventpromisc keeps beeing set to on
>
> [host]# prlctl list -if CTprobe | grep net1
>
> net1 (+) dev='veth42ba2f55' ifname='eth1' network='probenet'
> mac=001C42BA2F45*preventpromisc=on* mac_filter=off
> ip_filter=off nameservers= searchdomains=
>
> *
> *Vasily, when you said :*
>
> *
>
> 19/10/2016 11:29, Vasily Averin wrote :
> from man prlctl ("set" section)
>
> preventpromisc: determines if the specified network adapter should reject packages not addressed
> to its virtual environment. If set to "yes", the adapter will drop packages not addressed to its
> virtual environment.
>
> *In pcs6 it was affected VMs only*, and at present I'm not sure was it fully intergrated into vz7 or not.
>
>
> could it be that it is not integrated in vz7 ? or perhaps not in CT, but could work in VM ?
>
> regards .
>
>
> Le 19/10/2016 17:27, Jehan Procaccia a écrit :
>>
>> I expect to see all trafic mirrored from our edge router (cisco) to the Wan, indeed not trafic source and dest to my CT !
>>
>> That CTprobe as been transfered from an openvz6 host to that new openv7
>> on the vz6 there was no brigde, the host eth1 interface was directly monted/affected to the CT, like this
>>
>> NETIF="ifname=eth0,bridge=br0.11,mac=00:18:51:1B:26:98,host_ifname=veth11030.0,host_mac=00:18:51:E6:D6:45"
>> *NETDEV="eth1"*
>>
>> yes on the host side, either on the physical interface (em3) directly pluged to the mirrored port on the cisco or the associated bridge (brs0) I do see all in/out trafic of all users trafic
>> [host] # tcpdump -i em3 -n
>> 10:40:58.767042 IP 193.51.224.142.https > 147.157.103.21.54757: UDP, length 1350
>> [host]# brctl show
>> *brs0 8000.14187769840c no em3**
>> ** veth42ba2f55*
>>
>> [host] # prlsrvctl net list
>> Network ID Type Bound To Bridge Slave interfaces
>> Host-Only host-only virbr0
>> *probenet bridged em3 brs0 veth42ba2f55 *
>> but neither on the host nor on the CT I cannot see all trafic , but only protocol/braodcats or xcat, it seems as if trafic is filtered ... ?*
>>
>> *examples*
>>
>> *[host] # tcpdump -i veth42ba2f55 -n
>> tcpdump: WARNING: veth42ba2f55: no IPv4 address assigned
>> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
>> listening on veth42ba2f55, link-type EN10MB (Ethernet), capture size 65535 bytes
>> 17:17:34.279194 ARP, Request who-has 193.51.41.10 tell 193.51.41.1, length 46
>> 17:17:34.343210 ARP, Request who-has 193.51.41.43 tell 193.51.41.1, length 46
>> 17:17:34.451152 IP 193.51.41.36.hsrp > 224.0.0.102.hsrp: HSRPv1*
>>
>> *CT-11030 /# tcpdump -i eth1 -n
>> tcpdump: WARNING: eth1: no IPv4 address assigned
>> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
>> listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
>> 17:19:00.184782 arp who-has 193.51.41.34 tell 193.51.41.1
>> 17:19:00.296277 802.1d config 8001.00:26:99:64:c0:80.9688 root 8001.00:21:56:1c:3f:80 pathcost 1 age 1 max 20 hello 2 fdelay 15
>> 17:19:00.296641 00:25:84:f1:3f:9b > 01:00:0c:cc:cc:cd SNAP Unnumbered, ui, Flags [Command], length 50
>> 17:19:00.370773 arp who-has 193.51.41.42 tell 193.51.41.1
>> *
>> *[host]# prlctl list -if CTprobe | grep net1
>> net1 (+) dev='veth42ba2f55' ifname='eth1' network='probenet' mac=001C42BA2F45*preventpromisc=on* mac_filter=off ip_filter=off nameservers= searchdomains=
>> *
>> *is the preventpromisc=on my problem, how to change it to off ?
>> as
>> # prlctl set CTprobe --device-set net1 --preventpromisc no
>> doesn't work ?
>>
>> regards .*
>>
>>
>> *Le 19/10/2016 14:33, Vasily Averin a écrit :
>>> Dear Jehan,
>>>
>>> could you please clarify, which kind of traffic you expect to see inside container ?
>>> Are you sure it is present on host side on according vethX interface?
>>>
>>> I think bridge on host can do not route alien traffic to this interface.
>>> IIRC there is some setting on bridge settings that enables "promisc" mode,
>>> but by default bridge does not route all traffic to all attached interfaces.
>>>
>>> Thank you,
>>> Vasily Averin
>>>
>>> On 19.10.2016 13:16, Jehan Procaccia wrote:
>>>> indeed macfilter, ipfilter and preventpromisc were set to "on"
>>>>
>>>> # prlctl list -if CTprobe | grep net
>>>> venet0 (+) type='routed'
>>>> net0 (+) dev='veth11030.0' ifname='eth0' network='vlan11' mac=0018511B4688 preventpromisc=on mac_filter=on ip_filter=on nameservers= searchdomains= ips='192.168.11.30/255.255.255.0 '
>>>> *net1 (+) dev='veth42ba2f55' ifname='eth1' network='sondereve' mac=001C42BA2F45 preventpromisc=on mac_filter=on ip_filter=on* nameservers= searchdomains=
>>>>
>>>> I set them to "no"
>>>>
>>>> # prlctl set CTprobe --device-set net1 --ipfilter no
>>>> # prlctl set CTprobe --device-set net1 --preventpromisc no
>>>> # prlctl set CTprobe --device-set net1 --macfilter no
>>>>
>>>> now they are off , exept preventpromisc which keeps beeing set to on ?
>>>>
>>>> # prlctl list -if CTprobe | grep net1
>>>> net1 (+) dev='veth42ba2f55' ifname='eth1' network='sondereve' mac=001C42BA2F45 *preventpromisc=on* mac_filter=off ip_filter=off nameservers= searchdomains=
>>>>
>>>> I cannot set it to off !?
>>>> I did edit the CTprobe /etc/vz/conf/ file explicitly adding mac_filter=off,ip_filter=off,*preventpromisc=off*
>>>>
>>>> no way, my eth1 container interface only sees filtered trafic .
>>>>
>>>> I did nothing regarding the attached bridge (em3 ->*brs0* -> veth42ba2f55) , as I don't see any "mac-filter" in vzctl command help (only netfilter, not mac)
>>>> # vzctl --help | grep filter
>>>> [--netfilter <disabled|stateless|stateful|full>]
>>>>
>>>> is it the preventpromisc=off "bug" that drops packets, or the mac-filter on the bridge which might be not set ?
>>>> indeed it seems as if the container current config drops packets that are not address to it , for a probe it is a problem as by definition for a probe packets are not addreed to him !.
>>>>
>>>> regards .
>>>>
>>>>
>>>> Le 19/10/2016 11:29, Vasily Averin a écrit :
>>>>> Dear Jehan,
>>>>>
>>>>> 1)
>>>>> # prlctl list -if vvs.vz7.kdev | grep net0
>>>>> net0 (+) dev='veth5147a7b3' ifname='eth0' network='Bridged' mac=00185147A7B3 preventpromisc=on mac_filter=on ip_filter=on nameservers= searchdomains= dhcp='yes'
>>>>>
>>>>> from man prlctl ("set" section)
>>>>> ipfilter: determines if the specified network adapter is configured to filter network packages by
>>>>> IP address. If set to "yes", the adapter is allowed to send packages only from IPs in the network
>>>>> adapter's IP addresses list.
>>>>> macfilter: determines if the specified network adapter is configured to filter network packages by
>>>>> MAC address. If set to "yes", the adapter is allowed to send packages only from its own MAC
>>>>> address.
>>>>> preventpromisc: determines if the specified network adapter should reject packages not addressed
>>>>> to its virtual environment. If set to "yes", the adapter will drop packages not addressed to its
>>>>> virtual environment.
>>>>>
>>>>> In pcs6 it was affected VMs only, and at present I'm not sure was it fully intergrated into vz7 or not.
>>>>>
>>>>> 2) vzctl also have filter setting for bridged interfaces
>>>>> man vzctl:
>>>>> --mac_filter on|off - enable/disable packets filtering by MAC address and MAC changing on veth
>>>>> device inside CT.
>>>>>
>>>>> Thank you,
>>>>> Vasily Averin
>>>>>
>>>>>
>>>>> On 19.10.2016 12:05, Jehan Procaccia wrote:
>>>>>> Hello
>>>>>>
>>>>>> I'am back to my vlan/brige/vm-interface ...
>>>>>> although it works fine for my containers primary interfaces (eth0)
>>>>>> I have a specific container that has 2 interfaces, the second beeing for a probe on the network (tcpdump, snort etc ...)
>>>>>> unfortunatly only minimal trafic seems to be forwarded into the container on that second interface , not all , I do see the wall trafic within the physical interface and its bridge on the physical host, but not on the veth into the CT !?.
>>>>>>
>>>>>> here's the physical and config situation: on the physical host I plug the cisco mirrored outbound/Wan interface to em3 (physical interface on the host)
>>>>>>
>>>>>> I created a virtual network for that probe attached to em3 and associated to bridge brs0
>>>>>>
>>>>>> # prlsrvctl net add probenet --type bridged --ifname em3
>>>>>> # prlsrvctl net list
>>>>>> Network ID Type Bound To Bridge Slave interfaces
>>>>>> Host-Only host-only virbr0
>>>>>> *probenet bridged em3 brs0 veth42ba2f55 *
>>>>>> ...
>>>>>>
>>>>>> my CT 2nd interface (eth1, eth0 beeing the 1st one) is attached to that network
>>>>>>
>>>>>> # prlctl set CTprobe --netif_add eth1
>>>>>> # prlctl set CTprobe --ifname eth1 --network probenet
>>>>>>
>>>>>> my problem is that a tcpdump -i em3 or bsr0 on the physical host do show all traffic on my outbound cisco Wan mirrored interface
>>>>>> here is a very small sample (hundred of packats per secondes ...)
>>>>>> # tcpdump -i brs0 -n
>>>>>> 10:40:58.767042 IP 193.51.224.142.https > 147.157.103.21.54757: UDP, length 1350
>>>>>> 10:40:58.767062 IP 193.51.224.42.https > 147.157.161.85.50813: Flags [.], seq 2056788:2058248, ack 511, win 1650, length 1460
>>>>>> 10:40:58.841239 IP 193.157.24.26.hsrp > 224.0.0.102.hsrp: HSRPv1
>>>>>> 10:40:59.075644 IP 193.157.24.25.hsrp > 224.0.0.102.hsrp: HSRPv1
>>>>>> 10:40:59.801310 ARP, Request who-has 193.157.24.30 tell 193.157.41.1, length 46
>>>>>>
>>>>>> if I do the same tcpdump -i veth42ba2f55 or inside the CTprobe -i eth1 , only protocol trafic seems to pass through (STP,ARP,HSRP...), no users payload (https, ssh etc ...) , and only a dozen packets per seconds (they were hundreds on the brs0 or em3)
>>>>>>
>>>>>> # tcpdump -i veth42ba2f55 -n
>>>>>> 10:45:30.918642 STP 802.1d, Config, Flags [none], bridge-id 8d52.00:20:56:1e:a6:80.8040, length 42
>>>>>> 10:45:31.213516 ARP, Request who-has 193.157.41.45 tell 193.157.41.1, length 46
>>>>>> 10:45:31.281744 ARP, Request who-has 193.157.41.17 tell 193.157.41.1, length 46
>>>>>> 10:45:31.332678 IP 193.157.41.236 > 224.0.0.13: PIMv2, Hello, length 38
>>>>>> 10:45:31.383549 ARP, Request who-has 193.157.41.31 tell 193.157.41.1, length 46
>>>>>> 10:45:31.456594 ARP, Request who-has 193.157.41.34 tell 193.157.41.1, length 46
>>>>>> 10:45:31.458344 STP 802.1d, Config, Flags [none], bridge-id 89ce.00:20:56:1e:a6:80.8040, length 42
>>>>>> 10:45:31.458898 STP 802.1d, Config, Flags [none], bridge-id 8168.00:20:56:1e:a6:80.8040, length 42
>>>>>> 10:45:31.654835 STP 802.1d, Config, Flags [none], bridge-id 89da.00:20:56:1e:a6:80.8040, length 42
>>>>>> 10:45:31.655039 STP 802.1d, Config, Flags [none], bridge-id 89cf.00:20:56:1e:a6:80.8040, length 42
>>>>>> 10:45:31.709254 IP 193.157.41.35.hsrp > 224.0.0.102.hsrp: HSRPv1
>>>>>> 10:45:31.966666 STP 802.1d, Config, Flags [none], bridge-id 89d0.00:20:56:1e:a6:80.8040, length 42
>>>>>> 10:45:31.993787 CDPv2, ttl: 180s, Device-ID 'core.ispint.fr', length 405
>>>>>>
>>>>>> Is the CT veth filtering trafic ? or cannot cope with the volume ?
>>>>>> it is strange though that no payload/users trafic, only protocol (Xcast/broadcast ?) trafic pass from brs0 to veth42ba2f55 or inside the CTprobe eth1
>>>>>> Am I missing a "capability" ?
>>>>>>
>>>>>> Regards .
>>>>>>
>>>>>> Le 10/10/2016 21:24, Jehan Procaccia a écrit :
>>>>>>> Indeed !
>>>>>>> that was that last setting missing:
>>>>>>>
>>>>>>> prlctl set MyCT11 --ifname eth0 --network vlan11
>>>>>>>
>>>>>>> now vlans works fine
>>>>>>> Just note that I had to add NM_CONTROLLED="no" to all mi ifcfg-xxx definition files, otherwise network restart failed to start them
>>>>>>>
>>>>>>> regards .
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Le 10/10/2016 09:12, Vasily Averin a écrit :
>>>>>>>> Dear Jehan,
>>>>>>>>
>>>>>>>> Virtuozzo 7 have nice documentaion on docs.virtuozzo.com
>>>>>>>>
>>>>>>>> http://docs.virtuozzo.com/virtuozzo_7_users_guide/managing-network/configuring-virtual-machines-and-containers-in-bridged-mode.html?highlight=bridge
>>>>>>>>
>>>>>>>> in your case you need to bind container interface to newly-created bridge by using follwing command:
>>>>>>>>
>>>>>>>> prlctl set MyCT11 --ifname eth0 --network vlan11
>>>>>>>>
>>>>>>>> Thank you,
>>>>>>>> Vasily Averin
>>>>>>>>
>>>>>>>> On 09.10.2016 22:37, Jehan Procaccia wrote:
>>>>>>>>> I found a method to configure bridge and vlan based on RHEL docs :
>>>>>>>>> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Networking_Guide/sec-Network_Bridging_Using_the_Command_Line_Interface.html
>>>>>>>>>
>>>>>>>>> in order not to mess with current config automatically configured by virtuozzo7 installer on em1 and em2 with repective bridges br0 en br1, I plugged a 3rd interface on the server (fiber) p2p2 :
>>>>>>>>>
>>>>>>>>> [network-scripts]# cat ifcfg-p2p2
>>>>>>>>> TYPE=Ethernet
>>>>>>>>> BOOTPROTO=none
>>>>>>>>> NAME=p2p2
>>>>>>>>> UUID=9188d131-21b1-4ee9-8205-c893b4a4fc44
>>>>>>>>> DEVICE=p2p2
>>>>>>>>> ONBOOT=yes
>>>>>>>>>
>>>>>>>>> then the associated subinterface for vlan11 as described in RHEL7 doc
>>>>>>>>>
>>>>>>>>> # cat ifcfg-p2p2*.11*
>>>>>>>>> DEVICE=p2p2.11
>>>>>>>>> BOOTPROTO=none
>>>>>>>>> ONBOOT=yes
>>>>>>>>> VLAN=yes
>>>>>>>>> BRIDGE="br11"
>>>>>>>>>
>>>>>>>>> and finally the bridge for that vlan
>>>>>>>>>
>>>>>>>>> # cat ifcfg-br11
>>>>>>>>> DEVICE="br11"
>>>>>>>>> NAME="p2p2.11"
>>>>>>>>> ONBOOT=yes
>>>>>>>>> NETBOOT=yes
>>>>>>>>> IPV6INIT=yes
>>>>>>>>> BOOTPROTO=dhcp
>>>>>>>>> TYPE="Bridge"
>>>>>>>>> DELAY="2"
>>>>>>>>> STP="off"
>>>>>>>>>
>>>>>>>>> # ip -d link show p2p2.11
>>>>>>>>> 41: p2p2.11 at p2p2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br11 state UP mode DEFAULT
>>>>>>>>> link/ether f4:e9:d4:91:c4:33 brd ff:ff:ff:ff:ff:ff promiscuity 1
>>>>>>>>> vlan protocol 802.1Q id 11 <REORDER_HDR> addrgenmode none
>>>>>>>>>
>>>>>>>>> # ip -d link show br11
>>>>>>>>> 42: br11: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT
>>>>>>>>> link/ether f4:e9:d4:91:c4:33 brd ff:ff:ff:ff:ff:ff promiscuity 0
>>>>>>>>> bridge addrgenmode none
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Now I can add my virtual network attached to the p2p2.11 interface (or should I have chosed br11 !?)
>>>>>>>>>
>>>>>>>>> # prlsrvctl net add vlan11 --type bridged --ifname p2p2.11
>>>>>>>>> # prlsrvctl net list
>>>>>>>>> Network ID Type Bound To Bridge Slave interfaces
>>>>>>>>> Bridged bridged em2 br1
>>>>>>>>> Host-Only host-only virbr0
>>>>>>>>> vlan11 bridged p2p2.11 br11
>>>>>>>>>
>>>>>>>>> # brctl show
>>>>>>>>> bridge name bridge id STP enabled interfaces
>>>>>>>>> br0 8000.14187769840a yes em1
>>>>>>>>> br1 8000.14187769840b no em2
>>>>>>>>> br11 8000.f4e9d495c432 no p2p2.11
>>>>>>>>> host-routed 8000.000000000000 no
>>>>>>>>> virbr0 8000.52540064dd31 no virbr0-nic
>>>>>>>>>
>>>>>>>>> create a container MyCT11
>>>>>>>>> # prlctl create MyCT11 --vmtype ct
>>>>>>>>> ...
>>>>>>>>> Processing metadata for centos-7-x86_64
>>>>>>>>> ...The Container has been successfully created.
>>>>>>>>>
>>>>>>>>> now I add an interface to my CT so that it will be in vlan11
>>>>>>>>>
>>>>>>>>> # prlctl set MyCT11 --netif_add eth0
>>>>>>>>> # prlctl set MyCT11 --ifname eth0 --ipadd 192.168.11.10/24
>>>>>>>>> # prlctl set MyCT11 --ifname eth0 --gw 192.168.11.1
>>>>>>>>>
>>>>>>>>> entering the CT an pinging the gateway unfortunatly fails
>>>>>>>>>
>>>>>>>>> CT-bad098d8 /# ping 192.168.11.1
>>>>>>>>> PING 192.168.11.1 (192.168.11.1) 56(84) bytes of data.
>>>>>>>>> ^C
>>>>>>>>> --- 192.168.11.1 ping statistics ---
>>>>>>>>> 3 packets transmitted, 0 received, 100% packet loss, time 1999ms
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> the pb seems that that new CT seems to be attached to an other bridge
>>>>>>>>>
>>>>>>>>> # prlsrvctl net list
>>>>>>>>> Network ID Type Bound To Bridge Slave interfaces
>>>>>>>>> Bridged bridged em2 *br1 * *veth4250fe85 *
>>>>>>>>> Host-Only host-only virbr0
>>>>>>>>> vlan11 bridged p2p2.11 br11
>>>>>>>>>
>>>>>>>>> not to vlan11 network on br11
>>>>>>>>>
>>>>>>>>> I guess I missed something , where did I went wrong ?
>>>>>>>>> anyone has a full scenario to enable vlan through bridge mode in CT (and VM) ?
>>>>>>>>>
>>>>>>>>> regards .
>>>>>>>>>
>>>>>>>>> http://docs.virtuozzo.com/virtuozzo_7_users_guide/managing-network/configuring-virtual-machines-and-containers-in-bridged-mode.html
>>>>>>>>>
>>>>>>>>> Le 07/10/2016 19:22, Jehan Procaccia a écrit :
>>>>>>>>>> hello
>>>>>>>>>>
>>>>>>>>>> based on https://docs.openvz.org/openvz_users_guide.webhelp/_configuring_virtual_machines_and_containers_in_bridged_mode.html
>>>>>>>>>> it is not clear to me how to create virtual networks associated to vlans ?
>>>>>>>>>>
>>>>>>>>>> On a fresly installed Virtuozzo Linux release 7.2 (3515) on a host with 2 activated interfaces (em1 and em2) in trunk mode (cisco terminology switchport trunk, allowed vlan 10,11,12, native 10) I cannot find out how to create networks dedicated to a vlan
>>>>>>>>>>
>>>>>>>>>> I tried :
>>>>>>>>>> # prlsrvctl net add vlan11 --type bridged --ifname em2
>>>>>>>>>> Failed to add Virtual Network vlan11: This network adapter is already in use. Please select another network adapter and try again.
>>>>>>>>>>
>>>>>>>>>> I suspect that because em2 is already bridge to br1, it cannot be bridged anymore ?
>>>>>>>>>>
>>>>>>>>>> Or should I create a /etc/sysconfig/network-scripts/ifcfg-em2.11 to have a interface dedicated to vlan11 :
>>>>>>>>>> # cat ifcfg-em2.11
>>>>>>>>>> DEVICE=em2.11
>>>>>>>>>> ONBOOT=yes
>>>>>>>>>> TYPE=Ethernet
>>>>>>>>>> BOOTPROTO=none
>>>>>>>>>> VLAN=yes
>>>>>>>>>>
>>>>>>>>>> an then try to: /prlsrvctl net add vlan11 --type bridged --ifname em2.11/ ?
>>>>>>>>>> unfortunatly after /systemctl restart network/ , system complains with :
>>>>>>>>>>
>>>>>>>>>> Bringing up interface em2.11: Error: Connection activation failed: No suitable device found for this connection.
>>>>>>>>>>
>>>>>>>>>> as anymone succeed in configuring CT and VM attached to vlan (in bridge mode as I want full feature network with multicast/broacast) ?
>>>>>>>>>>
>>>>>>>>>> Thanks .
>>>>>>>>>>
>>>>>>>>>> PS : few more information of the actual network config on the system :
>>>>>>>>>>
>>>>>>>>>> # ip addr | grep LOWER_UP
>>>>>>>>>> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
>>>>>>>>>> 2: em1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br0 state UP qlen 1000
>>>>>>>>>> 3: em2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br1 state UP qlen 1000
>>>>>>>>>> 8: venet0: <BROADCAST,POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
>>>>>>>>>> 22: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
>>>>>>>>>> 23: br1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
>>>>>>>>>>
>>>>>>>>>> # prlsrvctl net list
>>>>>>>>>> Network ID Type Bound To Bridge Slave interfaces
>>>>>>>>>> Bridged bridged em2 br1
>>>>>>>>>> Host-Only host-only virbr0
>>>>>>>>>>
>>>>>>>>>> it strange that em1 and br0 doesn't show up here !?
>>>>>>>>>>
>>>>>>>>>> # brctl show
>>>>>>>>>> bridge name bridge id STP enabled interfaces
>>>>>>>>>> br0 8000.14187769840a no em1
>>>>>>>>>> br1 8000.14187769840b no em2
>>>>>>>>>> host-routed 8000.000000000000 no
>>>>>>>>>> virbr0 8000.52540064dd31 no virbr0-nic
>>>>>>>>>> virbr2 8000.52540085818e no virbr2-nic
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> _______________________________________________
>>>>>>>>>> Users mailing list
>>>>>>>>>> Users at openvz.org
>>>>>>>>>> https://lists.openvz.org/mailman/listinfo/users
>>>>>>>>> _______________________________________________
>>>>>>>>> Users mailing list
>>>>>>>>> Users at openvz.org
>>>>>>>>> https://lists.openvz.org/mailman/listinfo/users
>>>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Users mailing list
>>>>>>> Users at openvz.org
>>>>>>> https://lists.openvz.org/mailman/listinfo/users
>>>>> _______________________________________________
>>>>> Users mailing list
>>>>> Users at openvz.org
>>>>> https://lists.openvz.org/mailman/listinfo/users
>>>>
>>>> _______________________________________________
>>>> Users mailing list
>>>> Users at openvz.org
>>>> https://lists.openvz.org/mailman/listinfo/users
>>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at openvz.org
>>> https://lists.openvz.org/mailman/listinfo/users
>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at openvz.org
>> https://lists.openvz.org/mailman/listinfo/users
>
More information about the Users
mailing list