Hello,
My VPS are unreachable with a configuration of CentOS 7.6 (built using nmcli) for KVM + Bridge + (2 x 1Gbit LACP 802.3ad Teaming). The KVM host itself seems fine IPv4 networking wise and is reachable fine from external. The 2 x 1Gbit LACP Teaming seems fine. CentOS 7 is using iptables not firewallD. I've stopped/flushed iptables and no effect so its not that.
The 2 test VPS I created, Windows and Linux, are not reachable from external. Both VPS network info is verified good.
Both VPS can ping the host and the host can ping the VPS. VPS can't ping the gateway though the host can ping same gateway.
Might something additionally be required for KVM + Bridge + LACP Teaming for traffic to leave the network bridge?
The bridge/teaming was built using nmcli and is default interface cmds from it.
[root@kvmtest5 network-scripts]# nmcli con show
NAME UUID TYPE DEVICE
br0 a265816d-8082-43e5-8317-691d6769fc33 bridge br0
kvm35670.0 0ae892e5-34e1-415c-b435-d8e32324bc12 tun kvm35670.0
kvm35672.0 887ca691-275e-4205-bc6f-79628fc226b6 tun kvm35672.0
team0 9f66329a-912d-4d02-97c2-dd05106df041 team team0
team-slave-eno1 ac018528-5da3-488a-b480-3b3a4a267734 ethernet eno1
team-slave-eno2 6a7f3430-8263-490f-a1f1-d6fa81694f8f ethernet eno2
[root@kvmtest5 network-scripts]#
[root@kvmtest5 network-scripts]#
[root@kvmtest5 network-scripts]# teamdctl team0 state
setup:
runner: lacp
ports:
eno1
link watches:
link summary: up
instance[link_watch_0]:
name: ethtool
link: up
down count: 0
runner:
aggregator ID: 3, Selected
selected: yes
state: current
eno2
link watches:
link summary: up
instance[link_watch_0]:
name: ethtool
link: up
down count: 0
runner:
aggregator ID: 3, Selected
selected: yes
state: current
runner:
active: yes
fast rate: yes
[root@kvmtest5 network-scripts]#
##########
#lacp teaming config (real ips changed)
#install
yum install bridge-utils -y
#show config
nmcli con show
#create team0 and br0
nmcli con add type team con-name team0 ifname team0
#add interfaces to team0
nmcli con add type team-slave ifname eno1 master team0
nmcli con add type team-slave ifname eno2 master team0
#disable ip address on the team0 interface.
nmcli con mod team0 ipv4.method disabled
#add a bridge on the team0 interface
nmcli con add type bridge con-name br0 ifname br0
nmcli con mod br0 bridge.stp no
nmcli con mod team0 connection.master br0 connection.slave-type bridge
#add network info to br0
nmcli con mod br0 ipv4.addresses 1.2.3.4/27 ipv4.gateway 1.2.3.1 ipv4.method manual
#modify team from default roundrobin to 802.3ad lacp from config
nmcli con mod team0 team.config /opt/teaming/lacp_1.conf
#####################
#this is same lacp config we use on some regular non-kvm backup hosts
[root@kvmtest5 ~]# cat /opt/teaming/lacp_1.conf
{
"device": "nm-team",
"runner": {
"name": "lacp",
"active": true,
"fast_rate": true,
"tx_hash": ["l3", "l4"]
},
"link_watch": {"name": "ethtool"},
"ports": {"eno1": {}, "eno2": {}}
}
[root@kvmtest5 ~]#
#a reference for those with access
https://access.redhat.com/solutions/2181361
Anyone done this config and experienced this issue??
CentOS 7 KVM + Bridge + Teaming LACP. VPS unreachable
Re: CentOS 7 KVM + Bridge + Teaming LACP. VPS unreachable
Please,
Furthermore,
one VM. The <interface> block is of interest.
Code: Select all
brctl showCode: Select all
virsh dumpxmlRe: CentOS 7 KVM + Bridge + Teaming LACP. VPS unreachable
Not yet sure if it has anything to do with it but we are possibly going to try different LACP tx_hash. I'm talking to my network guys about an alternative to test. https://access.redhat.com/documentation ... md_runners
[root@kvmtest5 ~]# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.ac1f6b253cfe no kvm35670.0
kvm35672.0
team0
[root@kvmtest5 ~]#
<interface type='bridge'>
<mac address='00:16:3c:b4:9b:5b'/>
<source bridge='br0'/>
<target dev='kvm35670.0'/>
<model type='virtio'/>
<alias name='net0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
[root@kvmtest5 ~]# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.ac1f6b253cfe no kvm35670.0
kvm35672.0
team0
[root@kvmtest5 ~]#
<interface type='bridge'>
<mac address='00:16:3c:b4:9b:5b'/>
<source bridge='br0'/>
<target dev='kvm35670.0'/>
<model type='virtio'/>
<alias name='net0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
Re: CentOS 7 KVM + Bridge + Teaming LACP. VPS unreachable
Yeah this config did not work with teaming. I even tried switching back to the default round-robin. Result was massive packet loss. Every once in a while a ping would succeed. Not sure what's going on but it seems that teaming is quite buggy or I do not know what additional requirements are needed. I have switched to bonding LACP and working so far.