qemu-discuss
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-discuss] qemu network question/problem


From: Jakob Bohm
Subject: Re: [Qemu-discuss] qemu network question/problem
Date: Tue, 16 Feb 2016 13:56:21 +0100
User-agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.5.1

On 15/02/2016 16:25, Bruce R JONES wrote:
I am running several qemu/kvm guests on my server. Both server and guests are running Linux. The guests images all need to be able to communicate with each other, the server and other machines on the network. Because of that I chose to setup a bridged network using tun/tap interfaces. On the server I created a bridge interface. The server interface eth0 is placed in that bridge. I also created tunnel endpoints with the tunctl command. Those tunnel endpoints also go into the bridge. The args to qemu include the following: -netdev type=tap,id=eth0,ifname=tun0,script=no,downscript=no –device virtio-net-pci,netdev=eth0 I assign IP addresses to the various interfaces. The network runs fine and I have the necessary connectivity everywhere. The problem is when there is a large amount of traffic on the server network. We have had several broadcast storms, or other heavy blasts of traffic. This seems to bring the qemu guests to their knees. I suspect it is because the qemu guests receive all of that traffic and have a hard time handling it. Since the server eth0 is part of a bridge it is in promiscuous mode, so instead of filtering traffic in the NIC by MAC address all traffic is received and sent to the bridge. The bridge has to handle it all and flood it to each of the qemu guests. Each of those guests in turn have to handle all that traffic in software. Just wondering if there is a better way to design the network, or some recommendations on how to prevent or reduce the impact of such traffic.
I don't know, what you are doing is actually the usually
"best" setup.

Some possibilities:

1. Check if there is a bug in the qemu virtio-net-pci
  emulation which fails to emulate the "not promiscuous"
  setting as set by the Guest OS.  In other words, does
  the qemu code on host fail to drop incoming packets
  that are not supposed to be delivered to the Guest
  (because the MAC destination is wrong and the Guest
  has not set the virtual NIC in promiscuous mode)?

2. Check if there is a bug in the Host linux kernel bridge
  code which fails to do the packet limitation work that a
  real Ethernet switch would do.

3. Check if the traffic blasts are actually
  broadcasts/multicasts that are (from an Ethernet
  perspective) supposed to reach the Guests.

4. If 1 or 2 is the problem, set up ebtables on the Host
  with rules that simply emulate the missing MAC
  filtering.  For example packets to 12:34:56:78:9A:BC
  should only be delivered to the VM tap interface whose
  corresponding Guest NIC has that MAC address,

5. Check if there is some kind of add-on for the Linux
  Bridge subsystem (on the Host) to do the missing MAC
  filtering (similar to how the ARP subsystem can be
  supplemented with an ARP daemon).

Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded




reply via email to

[Prev in Thread] Current Thread [Next in Thread]