Re: networking question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On Thu, Feb 24, 2022 at 07:07:18PM +0100, Natxo Asenjo wrote:

I have an issue with one host at a customer's site. I think this cannot
work, but I would like to ask you just in case I am confused.

eno1: 172.20.10.x/24 management interface gw
tun0: openvpn tunnel to external data center
internal-bridge: x.x.x.x/28 ; routed subnet that goes to openvpn tun0

on vm:
eth0: x.x.x.x/28 on internal-bridge (default gw)
eth1: 172.20.10.x/24 bridge-service gw (same as eno1)

Connectivity to and from openvpn (from and to datacenter) is perfect. All
vms are directly reachable from our management services, no natting.

From hypervisor I can ping the gw, from vm I cannot ping

My gut feeling is that this cannot work because traffic for the hypervisor
for subnet 172.20.10.x/24 flows through eno1, but for vm through the
bridge-loggin interface. So that cannot work.

I am not sure, but I would try to see where the packets are really going
through by using wireshark/tshark or tcpdump.

The only thing that I can come up on the spot is that it is trying to go
through different interface at some point due to reverse path filtering,
settings for that are in /proc/sys/net/ipv4/conf/*/rp_filter, it might
be routed elsewhere anywhere along the way.  But it is hard to say
without knowing how all the networks are connected.  Maybe I'm just bad
at understanding your situation, for me it is usually better to see this
stuff happen in wireshark.  But I figured I at least let know know one
idea which we had an issue before as well.

Hope that helps,

Should we just ask the customer to give us different subnets for the host
and the vm?


Attachment: signature.asc
Description: PGP signature

[Index of Archives]     [Virt Tools]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux