virt-manager does not support ovs bridge

Bug #1279176 reported by Thiago Martins on 2014-02-12
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
virt-manager (Ubuntu)
Wishlist
Unassigned

Bug Description

Summary: if eth0 is bridged to a unix bridge br0, virt-manager can create
a vm connected through that bridge. However if eth0 is bridged to a openvswitch
bridge ovsbr1, then virt-manager cannot create a vm connected through that
bridge (fails when starting up). It needs to be taught to add the
<virtualport type='openvswitch'> tag into the <interface> section.

========================================
Original description:
========================================
Hello!

* Hypervisor is daily / latest Ubuntu 14.04 and guest is Ubuntu 12.04 and 14.04

-
KVM 1.7.0+dfsg-3ubuntu1
openvswitch-switch 2.0.1+git20140120-0ubuntu1
libvirt0 1.2.1-0ubuntu5
-

When I create a KVM Virtual Machine with Virt-Manager, my guests have the following content:

---
    <interface type='direct'>
      <mac address='52:54:00:99:0d:f5'/>
      <source dev='ovsbr1' mode='bridge'/>
      <virtualport type='openvswitch'>
        <parameters interfaceid='3f1a9ee2-bef8-4cdf-88ad-6904f317348a'/>
      </virtualport>
      <model type='virtio'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
    </interface>
---

IPv4 works as expected but IPv6 doesn't.

Then, if I edit the guest XML file with "virsh edit guest-1", and change <interface> like this:

---
    <interface type='bridge'>
      <mac address='52:54:00:99:0d:f5'/>
      <source bridge='ovsbr1'/>
      <virtualport type='openvswitch'>
        <parameters interfaceid='3f1a9ee2-bef8-4cdf-88ad-6904f317348a'/>
      </virtualport>
      <model type='virtio'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
    </interface>
---

The both IPv4 and IPv6 works!

So, I guess that there is something wrong with libvirt...

The OVS bridges was created at the host with:

--
ovs-vsctl add-br ovsbr1
ovs-vsctl add-port ovsbr1 eth1
--

* The OpenvSwitch bridges are Okay *

Thanks!
Thiago

Thiago Martins (martinx) on 2014-02-12
description: updated
Serge Hallyn (serge-hallyn) wrote :

Thanks for submitting this bug.

It appears to me that 'interface type='direct'' works only for macvlan devices. This would require you to use a real physical NIC, as in:

   <interface type='direct'>
      <source dev='eth0' mode='vepa'/>

For instance see http://libvirt.org/formatdomain.html.

So if there is a bug it would seem to me to be in virt-manager, not libvirt. I'm not sure virt-manager has been taught about ovs at all so this would be more of a missing feature than a bug.

I'll mark thsi bug as affecting virt-manager, and mark it as a feature request ('confirmed/wishlist').

Could you please give some more details about the precise options you chose when creating the VM in virt-manager?

affects: libvirt (Ubuntu) → virt-manager (Ubuntu)
Changed in virt-manager (Ubuntu):
importance: Undecided → Wishlist
status: New → Confirmed
Thiago Martins (martinx) wrote :

Hello Serge!

I think that this is, in fact, a bug.

Even using "vepa", the problem is the same.

My XML looks like this now:

---
    <interface type='direct'>
      <mac address='52:54:00:c4:c8:68'/>
      <source dev='ovsbr1' mode='vepa'/>
      <model type='virtio'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
    </interface>
---

Same problem, guest IPv4 works, IPv6 does not!

The weird is that, if I start a Router Advertisement in my network, the guest receive the ICMPv6 and generate its own IPv6 BUT, it can not "ping6 anywhere".

ONLY "type=bridge" works for both IPv4 and IPv6 guest network.

Here is how I'm configuring my guests using virt-manager:

Screenshot 1 - direct / mode=bridge - related to bug this report

http://i.imgur.com/T602EHU.png

Screenshot 2 - direct / mode=vepa - test you ask me to do

http://i.imgur.com/9MhmMZb.png

Thanks!
Thiago

Thiago Martins (martinx) wrote :

BTW, I'm seeing that, with your example, you're using:

---
   <interface type='direct'>
      <source dev='eth0' mode='vepa'/>
---

...so, your example points directly to eth0 but, I'm using OpenVSwitch, is that valid even for when using it?!

I'm reading http://libvirt.org/formatdomain.html now, thanks for pointing it out!

Best,
Thiago

Quoting Thiago Martins (<email address hidden>):
> Hello Serge!
>
> I think that this is, in fact, a bug.
>
> Even using "vepa", the problem is the same.
>
> My XML looks like this now:
>
> ---
> <interface type='direct'>
> <mac address='52:54:00:c4:c8:68'/>
> <source dev='ovsbr1' mode='vepa'/>
> <model type='virtio'/>
> <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
> </interface>
> ---
>
> Same problem, guest IPv4 works, IPv6 does not!

Right, I assume the type='bridge' triggers a slightly different
configuration. I'd be curious whether using type='direct' with
a NIC would also fail to do ipv6. If that were the case then
this would be a high priority bug. But I've not yet found any
information on the propriety of using type='direct' instead of
type='bridge' on a bridge.

Is there a downside to using type='bridge' in your setup?

 status: incomplete

Changed in virt-manager (Ubuntu):
status: Confirmed → Incomplete

Hi Serge,

Why this BUG is marked as "Incomplete"?

Do I need to post more info about it?!

Nevertheless, do you think that this is a problem with virt-manager itself? I mean, it is the "guy" who is writing the guest XML, right?! I'm used to use it with "type=directly" mostly because virt-manager does that for me automatically, but, now, that I have my IPv6 blocks, this problem appeared and I'm seeing myself "obligated" to move to "type=bridge"...

Sometimes, "type=bridge" triggers errors, telling me that some vnetX OVS ports are already in use but, it is not, then, I need to manually delete the "conflicting" ports on host with "ovs-vsctl del-port ovsbr1 vnet13", for example, otherwise, some random guests doesn't even start.

Listen, I'm a bit worried about this because it works for IPv4 and not for IPv6, but why?! Something is wrong. This BUG is "Confirmed", don't you think?!

NOTE: About the conflicts with "vnetX" when "type=bridge", I'm seeing that, with the latest Ubuntu 14.04 packages, there is no "vnetX" interfaces anymore, they are now called "vifX.Y", maybe it will not conflict anymore... Time will tell.

Regards,
Thiago

Changed in virt-manager (Ubuntu):
importance: Wishlist → Medium
Changed in libvirt (Ubuntu):
importance: Undecided → Medium
status: New → Confirmed

 importance: high

Changed in libvirt (Ubuntu):
importance: Medium → High
Changed in virt-manager (Ubuntu):
importance: Medium → High
status: Incomplete → Confirmed

Thanks, so it sounds like there are several bugs here, if I'm
understanding things right. It's possible that virtinst should
be using type=bridge, I need to figure that out. In either case,
as you say, if ipv4 works then you'd think ipv6 should work - that
would be a libvirt bug.

And it sounds like you're saying there is a bug when using type=bridge
with OVS ports. I will do some testing with that to see what I can
reproduce.

Serge Hallyn (serge-hallyn) wrote :

I tested this 4 ways:

Using a linux bridge, using
 <interface type='direct'> <source dev='br0' mode='bridge'/>
Using a linux bridge, using
 <interface type='bridge'> <source bridge='br0'/><virtualport type='openvswitch''>
Using an ovs bridge, using
 <interface type='direct'> <source dev='ovsbr1' mode='bridge'/> <virtualport type='openvswitch''>
Using an ovs bridge, using
 <interface type='bridge'> <source bridge='ovsbr1'/><virtualport type='openvswitch''>

Only the ovs bridge with type='direct' failed to ping its ipv6 gateway (fc00::1 for me).

The fact that type='direct' works with a linux bridge and not with an ovs bridge is interesting.

Serge Hallyn (serge-hallyn) wrote :

Interestingly, a subsequent attempt using ovsbr1 and type='direct' succeeded.

Serge Hallyn (serge-hallyn) wrote :

I can no longer get that to fail, so either my first configuration was invalid, or the bug is very intermittent.

I'm using the 2.0 qemu candidate from ppa:ubuntu-virt/ppa, and 1.2.2-0ubuntu3 libvirt.

If you switch to that ppa and update libvirt, does that help?

Serge Hallyn (serge-hallyn) wrote :

Hi,

Laine straightened me out on irc. the <interface type='direct'> means that it will create a macvtap interface. It is not meant to be used with a bridge, but with a real nic. Since you are using a bridge, you want to use <interface type='bridge'>. The fact that type='direct' sometimes works appears to be an accident.

You mentioned in comment #5 that you sometimes have an error starting up VMs when using <interface type='bridge'>. If that is the case, that would be the real bug here. (Note though that vifX are the network interfaces used for xen, so if you are seeing those they are not related to your kvm vms)

So, I will mark this bug invalid. Please switch to using <interface type='bridge'>. If/when you have an error starting VMs due to that, please file a new bug immediately (using ubuntu-bug libvirt if possible) so we can figure out what is going on there.

Changed in libvirt (Ubuntu):
status: Confirmed → Invalid
Serge Hallyn (serge-hallyn) wrote :

Oh, actually, if you don't object, I'd like to re-title this bug to be a feature request for virt-manager to support an ovs bridge for VM connections.

no longer affects: libvirt (Ubuntu)
Changed in virt-manager (Ubuntu):
importance: High → Wishlist
summary: - IPv6 fails when "<interface type='direct'>", on top of OVS
+ virt-manager does not support ovs bridge
description: updated
Thiago Martins (martinx) wrote :

Awesome!

Thank you Serge for the clarifications! I really appreciate it! Cheers!

Best,
Thiago

zx (foreverwingsfly) on 2015-03-06
Changed in virt-manager (Ubuntu):
status: Confirmed → Fix Released
Thiago Martins (martinx) wrote :

WOW!! That's good news!! :-D

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers