On 04/30/2015 10:26 AM, Lars Kellogg-Stedman wrote: > I am running OpenStack inside a libvirt guest that is connected to the > local network via a macvtap interface. My experience so far suggests > that a macvtap interface will not pass traffic with a source MAC > address other than the MAC address of the interface itself...for > example, if inside the guest eth0 is attached to a bridge. > > Is that correct, or is there some setting that will make that work? > > Outbound traffic doesn't seem to be a problem (I can see, for example, > dhcp requests on the local network), but replies get dropped before > they reach the guest. My understanding is that macvtap doesn't work with multiple MAC addresses behind the macvtap device. There might be some way to make it work, but if there is libvirt doesn't have a knob for it. (I Cc'ed Vlad in case he wants to give a more informed statement). Recent versions of libvirt have the ability to change the MAC address (and multicast table) of the macvtap device based on events from the virtual guest, which allows the guest to change the interface's MAC address and have traffic still pass, but that is different from allowing multiple MAC addresses at the same time. (this functionality is enabled by adding "trustGuestRxFilters='yes'" as an attribute to the guest's <interface> element) If you need to do support multiple MAC addresses coming from the guest, you should probably use a standard tap-to-bridge connection on the host instead (and make sure your openstack config isn't adding "<filterref name='clean-traffic'/>" to the guest's interface, as that filter enforces a strict single MAC address policy on traffic from the guest). _______________________________________________ libvirt-users mailing list libvirt-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvirt-users
