[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] Guest NIC interfaces always operate in promiscuous mode?
From: |
Kenton Cabiness |
Subject: |
[Qemu-devel] Guest NIC interfaces always operate in promiscuous mode? |
Date: |
Fri, 14 Oct 2011 14:05:49 -0500 |
User-agent: |
Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1 |
We have been seeing some unexpected behavior in our guests
(configuration details below). We have a configuration where we have
redundant networks configured in our guests and use IPM to control the
network routing over these networks (this is a port of a redundant high
availability Linux configuration onto virtualized HW platform). This
IPM process works by binding to raw TCP sockets and sending directed ARP
messages to monitor condition of the network access of the guest.
Our networks are configured using bridges. Our understanding is that
bridges run in promiscuous mode by the nature of their operation. Our
guest NIC interfaces have promiscuous mode turned off (by looking at
ifconfig output and looking in the device files), but the IPM process is
receiving ARP messages that are directed to other MAC addresses (i.e.
the NICs seem to be operating as if they have promiscuous mode turned
on). The only way we have been able to prevent this is by setting up
network filters using the libvirt network filters to drop the unexpected
messages (which seems to work OK).
Is this expected behavior? We have searched and can't find any
references to anyone having similar problems. Our theory is that the
bridge is operating in promiscuous mode and passing everything to the
guest, and since there isn't any actual hardware to do the MAC
filtering, the raw guest socket is getting everything passed by the bridge.
Is there any other way around this issue? We are seeing some problems
that seem like intermittent connectivity problems so we don't know if it
is a performance issue with the filters or not, so we would like to be
able to remove the filters if we could find a way to block these
unwanted messages.
Thanks,
Kenton
===================================================
Specifics:
===========
Host OS:
- RHEL 6.1 x64: (2.6.32-131.6.1.el6.x86_64)
- qemu-kvm: qemu-kvm-0.12.1.2-2.160.el6_1.2.x86_64.rpm
- libvirt: libvirt-0.8.7-18.el6.x86_64.rpm
Guest OS:
- RHEL 5.6: (2.6.18-238.19.1.el5)
VM details:
- 1 VM/guest on the host
- VM size is 32GB ram and 10 cores (host has
36GB and 12 cores total)
- virtual disk drive is a local file on a RAID 1 disk
- cpu pinning set to force each virtual core to
a unique core (hyperthreading is turned on)
- virtio for storage and network devices
- have 16 ethernet devices tied to 16 bridges
mapped to 2 NICS on the host
- Use of iPXE and SGA bios for VM.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-devel] Guest NIC interfaces always operate in promiscuous mode?,
Kenton Cabiness <=