KVM virbr# no longer forwards multicast traffic by default (U12.04)
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| | libvirt (Ubuntu) |
High
|
Unassigned | ||
| | Precise |
High
|
Unassigned | ||
| | linux (Ubuntu) |
High
|
Unassigned | ||
| | Precise |
High
|
Unassigned | ||
Bug Description
A recent kernel update (Apr 2013) has made it's way to U12.04.2 LTS (approx June-Aug 2013) and has stopped the (default) behaviour of automatically forwarding multicast traffic over virbr#. Some updates the bridge subsystem now, by default, disable multicast traffic without IGMP Querier being enabled on that bridge.
The corresponding Fedora/RHEL bug tracks the progress/updates of this specific change in relation to Fedora.
https:/
(I have yet to find a similar bug report in Ubuntu so I have created this bug to help the Ubuntu community identify multicast issues that may arise since April 2013 in U12.04 LTS and presumably other Ubuntu releases as backports are made and break regression testing.)
Using the latest patches in U12.04.2 LTS this following addition, with some modifications, can be made to the udev rules will enable multicast on virbr# bridge:
https:/
While this is an improvement/
IMPACT: multicast is broken over libvirt bridges
FIX: set a (new, introduced by a new kernel) toggle on the bridges
TEST CASE: cat /sys/devices/
REGRESSION POTENTIAL: should be none. older kernels do not have the toggle, and failure to set it will be ignored
| Changed in bridge-utils (Ubuntu): | |
| status: | New → Confirmed |
| importance: | Undecided → High |
| affects: | bridge-utils (Ubuntu) → libvirt (Ubuntu) |
| Changed in libvirt (Ubuntu Precise): | |
| status: | New → Confirmed |
| importance: | Undecided → High |
| Changed in libvirt (Ubuntu): | |
| status: | Confirmed → Fix Released |
| Serge Hallyn (serge-hallyn) wrote : | #1 |
We are currently facing the same problem. IGMP queries are reaching the bridge but won't hit the TAP device. Can someone tell me, because I wasn't able to get this information on my own, in which version it's fixed?
Also if the commited patch is the only fix does someone know what else could result in this issue because enabling the querier does not work for us?
Thanks!
| Serge Hallyn (serge-hallyn) wrote : | #3 |
I had thought that we'd need a udev rule to work around this, but looking over the fedora bug in more detail it looks like cherrypicking the two patches mentioned in comment 31 ( https:/
Can those who are suffering from this bug please tell us precisely which kernel they are using? If I understand right, this should be fixed in 3.11, so I would expect anyone using the saucy backport kernel to not be affected.
This bug is missing log files that will aid in diagnosing the problem. From a terminal window please run:
apport-collect 1218959
and then change the status of the bug to 'Confirmed'.
If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.
This change has been made by an automated script, maintained by the Ubuntu Kernel Team.
| Changed in linux (Ubuntu): | |
| status: | New → Incomplete |
| Changed in linux (Ubuntu Precise): | |
| status: | New → Incomplete |
| tags: | added: precise |
| tags: | added: patch |
| Stefan Bader (smb) wrote : | #5 |
Serge, looks like we need to be careful with those two. At least one of them:
"bridge: only expire the mdb entry when query is received"
was reverted with 3.12. The commit message looks a bit like they might have packed several reverts into one. And it references
"bridge: disable snooping if there is no querier" as the one making the reverted stuff obsolete.
| description: | updated |
| Changed in linux (Ubuntu): | |
| status: | Incomplete → Fix Released |
| Changed in linux (Ubuntu Precise): | |
| status: | Incomplete → Won't Fix |
| Changed in linux (Ubuntu): | |
| importance: | Undecided → High |
| Changed in linux (Ubuntu Precise): | |
| importance: | Undecided → High |
Hello Michael, or anyone else affected,
Accepted libvirt into precise-proposed. The package will build now and be available at http://
Please help us by testing this new package. See https:/
If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-
Further information regarding the verification process can be found at https:/
| Changed in libvirt (Ubuntu Precise): | |
| status: | Confirmed → Fix Committed |
| tags: | added: verification-needed |
| Marc Deslauriers (mdeslaur) wrote : | #7 |
Can someone please test this package so it gets released?
If nobody tests it, it will get superseded by a security update.
| Serge Hallyn (serge-hallyn) wrote : Re: [Bug 1218959] Re: KVM virbr# no longer forwards multicast traffic by default (U12.04) | #8 |
There has also been some concern about the propriety of the
proposed fix (when a newer kernel with the upstream fixes should
appear), in addition to lack of verifiaction - so please go ahead
and supersede this if you haven't already.
| Michael Cook (michaelcook-mjc) wrote : | #9 |
Thanks for the patch and test instructions.
Should this be tested using U12.04.2 LTS or U12.04.4 LTS as a baseline and should I apply updates to the installation first?
A few questions:
1) I don't understand how of the "security update" superceeding this patch affects this problem unless it prevents enabling MC on bridge?
2) There is reference to an independent kernel update to libvirt has addressed this problem and if so, in which kernel. The comment #3 mentioned a redhat bug but the comments of that bug say it's not going to be propagated and looks project specific. Maybe I misread it?
3) I originally applied a udev rule myself, but specific to the single bridged interface I'm using to send multicast over. Your proposed udev patch applies this to all virbr* interfaces. Is this ok/sensible?
Personally, I think for U12.04.2LTS back ports, MC traffic should have simply been left as-is. Future releases should have adopted proper handling of MC traffic and required Querier to be enabled.
Appreciate any insight, thanks.
| Launchpad Janitor (janitor) wrote : | #10 |
This bug was fixed in the package libvirt - 0.9.8-2ubuntu17.19
---------------
libvirt (0.9.8-
* Add a udev hook and script to enable multicast_querier when a
virbr* is brought up (LP: #1218959)
-- Serge Hallyn <email address hidden> Wed, 26 Mar 2014 11:36:55 -0500
| Changed in libvirt (Ubuntu Precise): | |
| status: | Fix Committed → Fix Released |
This patch should solve this bug. However there is a package in precise-proposed right now, so this will need to be queued up.