I'm trying to get two virtual machines (running CentOS) to talk to host (Ubuntu 10.04) using VDE and the outside network.
So far I'm running into an ARP issue.
On Host I have a physical eth0 and a virtual tap0 interfaces bridged by br0. All on the same subnet.
br0 Link encap:Ethernet HWaddr 78:e3:b5:90:88:df
inet addr:172.16.1.3 Bcast:172.255.255.255 Mask:255.0.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:1381 (1.3 KB)
br0:1 Link encap:Ethernet HWaddr 78:e3:b5:90:88:df
inet addr:172.16.1.4 Bcast:172.255.255.255 Mask:255.0.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
eth0 Link encap:Ethernet HWaddr 78:e3:b5:90:88:df
inet addr:172.16.1.1 Bcast:172.255.255.255 Mask:255.0.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:18 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:2362 (2.3 KB)
Interrupt:33 Base address:0x6000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:778 errors:0 dropped:0 overruns:0 frame:0
TX packets:778 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:62832 (62.8 KB) TX bytes:62832 (62.8 KB)
tap0 Link encap:Ethernet HWaddr b6:22:43:93:ed:60
inet addr:172.16.1.2 Bcast:172.255.255.255 Mask:255.0.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:15 errors:0 dropped:3 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:0 (0.0 B) TX bytes:1980 (1.9 KB)
When I ping this Host Ubuntu machine from another machine (or from the Guest), the arp cache entry is stored as a br0 entry, so the Ubuntu machine never responds to ping.
Address HWtype HWaddress Flags Mask Iface
172.22.64.4 (incomplete) eth0
172.22.64.4 ether 00:25:b3:0f:0b:14 C br0
Here's the interfaces file that actually works for setting up the IP addresses on all interfaces: auto lo iface lo inet loopback
auto eth0
iface eth0 inet manual
address 172.16.1.1
netmask 255.0.0.0
gateway 172.16.1.255
post-up ifconfig eth0 172.16.1.1 netmask 255.0.0.0
auto tap0
iface tap0 inet static
address 172.16.1.2
netmask 255.0.0.0
gateway 172.16.1.255
pre-up vde_tunctl -t $IFACE
post-up ifconfig tap0 172.16.1.2 netmask 255.0.0.0
post-up vde_switch -t $IFACE -s /tmp/vde-$IFACE -d -g rhuser -m 664
post-down vde_tunctl -d $IFACE
auto br0
iface br0 inet static
address 172.16.1.3
netmask 255.0.0.0
gateway 172.16.1.255
post-up ifconfig br0 172.16.1.3 netmask 255.0.0.0
post-up ifconfig br0:1 172.16.1.4 netmask 255.0.0.0
bridge_ports eth0 tap0
I've tried turning off ARP on br0 by ip link set br0 arp off.
I've also tried setting things like arp_ignore for br0.
In both cases Ubuntu never responds to ARP requests at all. And this is my first question - why does eth0 not respond to ARP requests when a bridge exists. It does well when bridge is commented out from interfaces.
Is arp_filter useful in this situation? It's documentation says "you must use source based routing for this to work". Can someone throw me a link that explains how I set up "source based routing" (I'm pretty new to the topic).
Can arptables or ebtables be used to control this behavior? Looking at their documentation, I see info on how to react to apr requests and when to respond to them, but not much regarding apr cache behavior.
Generally, should I be doing something with sysctl and ARP or should I set my IP assignments differently? I see guides on the net that tell you how to do this trouble-free, but they all assign guests to a separate subnet, making bridge as a gateway. That would not work for me - I need all devices to be on the same subnet.
Any idea would do as long as:
