<br><br><div class="gmail_quote">On Sat, Jul 16, 2011 at 11:22 PM, Trey Dockendorf <span dir="ltr"><<a href="mailto:treydock@gmail.com">treydock@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
Nataraj , I'm going to work on your suggestions, but I have a bit more troubleshooting info that may help (or to me just makes this stranger), and also to answer Eric's suggestion.<div><br></div><div>With the VM running this is the brctl table...</div>
<div><br></div><div><div class="im"><div># brctl show</div><div>bridge name bridge id STP enabled interfaces</div><div>br0 8000.001b21a1cf76 no eth3</div></div><div> vnet0</div>
<div>virbr0 8000.fe5400345b8c yes vnet1</div></div><div><br></div><div><br></div><div>So that looks good.</div><div><br></div><div>The arp table from the VM only shows its own interface, nothing else. </div>
<div><br></div><div>From the KVM host, I get this (with IPs removed)...</div><div><br></div><div><div># arp</div><div>Address HWtype HWaddress Flags Mask Iface</div><div>192.168.122.20 ether 52:54:00:34:5b:8c C virbr0</div>
<div>---.---.---.--- (VM on br0) (incomplete) eth0</div><div>---.---.---.--- (gateway) ether 00:13:xx:xx:xx:xx C eth0</div><div><br></div><div>
<br></div><div>To clarify a bit about the networking on this server, there are 4 physical interfaces (eth0-3). eth0 is what I use for management. eth3 is linked to br0 and that is the bridge the VM is associated to. The VM currently has two interfaces (for testing in this case). the VM's eth0 is attached to host's br0 and the VMs eth1 is attached to the host's NAT.</div>
<div><br></div><div>What makes this situation very confusing to me is that from the VM, with NAT now working...I can ping my servers on other subnets, and resolve DNS (ie ping <a href="http://google.com" target="_blank">google.com</a>). However I am unable to ping the gateway of the local subnet or the KVM host, from the VM, even though networking is functional using NAT. I am also unable to ping the VM from the KVM host via the bridged IP. This is what leads me to believe the university switches could be blocking something. I've been told they increased the MAC address limit on my port, but due to restrictions on this subnet I am not able to directly correspond or troubleshoot this issue with the University IT , but rather have to go through someone else who only knows Windows (*sigh*).</div>
<div><br></div><div>I'll work on troubleshooting with tcpdump and traceroute, but have never used those tools previously so will have to do a bit of quick learning-on-the-go to provide useful information.</div><div><br>
</div><div>Thanks for the help thus far!</div><div><br></div><font color="#888888"><div>- Trey</div></font><div><div></div><div class="h5"><div><br></div><br><div class="gmail_quote">On Sat, Jul 16, 2011 at 8:24 PM, Nataraj <span dir="ltr"><<a href="mailto:incoming-centos@rjl.com" target="_blank">incoming-centos@rjl.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><u></u>
<div bgcolor="#ffffff" text="#000000"><div><div></div><div>
On 07/16/2011 04:58 PM, Trey Dockendorf wrote:
<blockquote type="cite"><br>
<br>
<div class="gmail_quote">On Fri, Jul 15, 2011 at 6:24 PM, Emmanuel
Noobadmin <span dir="ltr"><<a href="mailto:centos.admin@gmail.com" target="_blank">centos.admin@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204, 204, 204);padding-left:1ex">
<div>On 7/16/11, Trey Dockendorf <<a href="mailto:treydock@gmail.com" target="_blank">treydock@gmail.com</a>>
wrote:<br>
> I have successfully bridged one of the server's NICs to
br0, and I can ping<br>
> the IP remotely that is assigned to br0, but none of
the VMs that worked in<br>
> 5.6's KVM are able to access the network. Please let
me know what<br>
> information would be useful to troubleshoot this.<br>
<br>
</div>
Could you try creating a new VM using the GUI tool, then check
if the<br>
networking works from it?<br>
<br>
I was having problems with KVM and part of the troubleshooting
process<br>
got me to try it on SL6, which finally led me to discover that
the<br>
command line tool generated XML doesn't work as well as the
GUI tool<br>
for some reason. So there's the possibility that it could be
that the<br>
definitions created through virsh in 5.6 has the same issues
in CentOS<br>
6.<br>
<div>
<div>_______________________________________________<br>
CentOS-virt mailing list<br>
<a href="mailto:CentOS-virt@centos.org" target="_blank">CentOS-virt@centos.org</a><br>
<a href="http://lists.centos.org/mailman/listinfo/centos-virt" target="_blank">http://lists.centos.org/mailman/listinfo/centos-virt</a><br>
</div>
</div>
</blockquote>
</div>
<br>
<div><br>
</div>
<div>I did try another VM (CentOS 6) via virt-manager with the
same results. However I setup a test server at home, and am
able to get both bridging and NAT to work so this may be an
issue with the network on my server. It's a University network
and their switches tend to play havoc with virtual servers even
though I've been assured enough MAC addresses have been allowed
on my port. </div>
<div><br>
</div>
<div>How does one troubleshoot or provide debug information on a
correctly or incorrectly functioning network bridge? As I
contact my University's helpdesk I'd like to be able to point
out the fault is not with my KVM server.</div>
<div><br>
</div>
<div>Thanks</div>
<div>- Trey</div>
<pre><fieldset></fieldset>
_______________________________________________
CentOS-virt mailing list
<a href="mailto:CentOS-virt@centos.org" target="_blank">CentOS-virt@centos.org</a>
<a href="http://lists.centos.org/mailman/listinfo/centos-virt" target="_blank">http://lists.centos.org/mailman/listinfo/centos-virt</a>
</pre>
</blockquote></div></div>
If both the VM's and the server are on the same bridge and they
can't talk to each other, I would from both the server and VM end,
ping the opposite end and check the arp table to see if arp entries
are getting resolved, then I would run tcpdump on each respective
end and send packets from the other end and see if they are getting
through. If not, then their is either a problem with either the
VM's config file or the networking/bridge config on the server. (Of
course if you have any kind of ipfilter access lists, then I would
check those).<br>
<br>
Once you've got the above working, I would attempt to perform
similar tests to the outside. If you happen to have a login on
another host on the same subnet, you can ping your VM and check the
arp table to see if there is arp resolution. (Also check that you
don't have duplicate ip address assignments). If there is arp
resolution, then run tcp dump on the vm (or the physical interface
of the server) and see if you can see the packets from outside.
Checking the reverse direction is harder if you don't have root
access on the remote end.<br>
<br>
If your going through gateways, then run traceroute to see how far
your getting.<br>
<br>
As I thought about it more, it's unclear weather your VM's are on a
seperate bridge from your server's external interface or they are
bridged directly onto it. If the VM's are on a bridge that also has
an external interface on it, then you don't use NAT. NAT would be
if you wanted your server to act as a router/firewall for the VM's
in which case the VM's would be on a separate bridge and the server
would have another external interface and would act as a router
between the bridge network and the external network.<br>
<br>
This should be a start anyway.<br>
<br>
Nataraj<br>
<br>
</div>
<br>_______________________________________________<br>
CentOS-virt mailing list<br>
<a href="mailto:CentOS-virt@centos.org" target="_blank">CentOS-virt@centos.org</a><br>
<a href="http://lists.centos.org/mailman/listinfo/centos-virt" target="_blank">http://lists.centos.org/mailman/listinfo/centos-virt</a><br>
<br></blockquote></div><br></div></div></div>
</blockquote></div><br><div>Apologies for replying to my own post, but after running arp a few more times on the VM it now shows the MAC and IP of the subnet's gateway and the KVM host. Still not entirely sure what all this information means, but it's a start.</div>
<div><br></div><div>Thanks</div><div><br></div><div>- Trey</div><div><br></div>