OpenVZ Forum


Home » International » Russian » Проблемы с настройкой Veth интерфейса (Нет сети в виртуальной машине)
Проблемы с настройкой Veth интерфейса [message #51842] Mon, 19 January 2015 17:27 Go to next message
a.guzhin is currently offline  a.guzhin
Messages: 2
Registered: January 2015
Junior Member
From: *56.232.94.static.infanet.ru
Пытаюсь настроить Veth интерфейс. Виртуальная машина видит только HW, HW видит все устройства в сети (172.XXX.XXX.70/27).

Данные HN: виртуальная машина ESXi, установлена CentOS 6.6, виртуальные адаптеры типа E1000.

Настройки HW:
uname -a
2.6.32-042stab102.9 #1 SMP Fri Dec 19 20:34:40 MSK 2014 x86_64 x86_64 x86_64 GNU/Linux


ifconfig:
eth0      Link encap:Ethernet  HWaddr 00:0C:29:5B:54:9C  
          inet addr:192.XXX.XXX.19  Bcast:192.XXX.XXX.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fe5b:549c/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:3996 errors:0 dropped:0 overruns:0 frame:0
          TX packets:256 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:308124 (300.9 KiB)  TX bytes:49567 (48.4 KiB)

eth1      Link encap:Ethernet  HWaddr 00:0C:29:5B:54:A6  
          inet6 addr: fe80::20c:29ff:fe5b:54a6/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:3 errors:0 dropped:0 overruns:0 frame:0
          TX packets:16 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:318 (318.0 b)  TX bytes:1104 (1.0 KiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:1278 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1278 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:194737 (190.1 KiB)  TX bytes:194737 (190.1 KiB)

venet0    Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet6 addr: fe80::1/128 Scope:Link
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:3 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

veth100.0 Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF  
          inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:3 errors:0 dropped:0 overruns:0 frame:0
          TX packets:7 errors:0 dropped:1 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:188 (188.0 b)  TX bytes:420 (420.0 b)

vmbr0     Link encap:Ethernet  HWaddr 00:0C:29:5B:54:A6  
          inet addr:172.XXX.XXX.70  Bcast:172.XXX.XXX.95  Mask:255.255.255.224
          inet6 addr: fe80::20c:29ff:fe5b:54a6/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:6 errors:0 dropped:0 overruns:0 frame:0
          TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:464 (464.0 b)  TX bytes:636 (636.0 b)


iptables:
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 1191  180K ACCEPT     all  --  any    any     anywhere             anywhere            state RELATED,ESTABLISHED 
   22   792 ACCEPT     icmp --  any    any     anywhere             anywhere            
  110  6040 ACCEPT     all  --  lo     any     anywhere             anywhere            
    2   128 ACCEPT     tcp  --  any    any     anywhere             anywhere            state NEW tcp dpt:ssh 
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere            
  942 89313 REJECT     all  --  any    any     anywhere             anywhere            reject-with icmp-host-prohibited 

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere            
    3   276 REJECT     all  --  any    any     anywhere             anywhere            reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT 21 packets, 1417 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 1173  200K ACCEPT     tcp  --  any    any     anywhere             anywhere     


sysctl -p
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 1
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-arptables = 0
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
net.ipv4.conf.default.proxy_arp = 1
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0


bridge name	bridge id		STP enabled	interfaces
vmbr0		8000.000c295b54a6	no		eth1
							veth100.0


Настройки OpenVZ:
echo 'EXTERNAL_SCRIPT="/usr/sbin/vznetaddbr"' > /etc/vz/vznet.conf


Настройки ВМ:

vzctl create 100 --ostemplate ubuntu-14.04-x86 --config vswap-256m
vzctl set 100 --netif_add eth0,,,FE:FF:FF:FF:FF:FF,vmbr0 --save


ifconfig:
eth0      Link encap:Ethernet  HWaddr 00:18:51:1a:55:24  
          inet addr:172.XXX.XXX.71  Bcast:172.XXX.XXX.95  Mask:255.255.255.224
          inet6 addr: fe80::218:51ff:fe1a:5524/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:7 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3 errors:0 dropped:2 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:420 (420.0 B)  TX bytes:188 (188.0 B)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)


iptables:
Chain INPUT (policy ACCEPT 14 packets, 1316 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 19 packets, 1736 bytes)
 pkts bytes target     prot opt in     out     source               destination


sysctl -p
net.ipv4.ip_forward = 1


Как заставить сеть ВМ нормально работать?
Re: Проблемы с настройкой Veth интерфейса [message #51843 is a reply to message #51842] Wed, 21 January 2015 13:59 Go to previous message
a.guzhin is currently offline  a.guzhin
Messages: 2
Registered: January 2015
Junior Member
From: *56.232.94.static.infanet.ru
Причем кроме ARP запросов никакой сетевой активности ни в HW, ни в VE не вижу:

HW:
tcpdump -s1500 -i any -vvv -n '(dst host 172.XXX.XXX.71) or (src host 172.XXX.XXX.71)'

tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 1500 bytes
08:49:03.375589 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.XXX.XXX.71 tell 172.XXX.XXX.91, length 46
08:49:03.375602 ARP, Ethernet (len 6), IPv4 (len 4), Reply 172.XXX.XXX.71 is-at 00:18:51:1a:55:24, length 28


ip r l:

172.XXX.XXX.64/27 dev vmbr0  proto kernel  scope link  src 172.XXX.XXX.70 
192.XXX.XXX.0/24 dev eth0  proto kernel  scope link  src 192.XXX.XXX.19 
169.254.0.0/16 dev eth0  scope link  metric 1002 
169.254.0.0/16 dev vmbr0  scope link  metric 1004 
default via 192.XXX.XXX.254 dev eth0 


VE:
tcpdump -s1500 -i any -vvv -n

tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 1500 bytes
08:50:03.195426 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.XXX.XXX.71 tell 172.XXX.XXX.91, length 46
08:50:03.195440 ARP, Ethernet (len 6), IPv4 (len 4), Reply 172.XXX.XXX.71 is-at 00:18:51:1a:55:24, length 28


ip r l:

172.XXX.XXX.64/27 dev eth0  proto kernel  scope link  src 172.XXX.XXX.71

[Updated on: Wed, 21 January 2015 14:04]

Report message to a moderator

Previous Topic: Скрипт для резервного копирования ищу
Next Topic: Разрешить пакеты с произвольным source ip.
Goto Forum:
  


Current Time: Wed Jun 28 05:30:27 GMT 2017