[pve-devel] corosync, multicast problem because of vmbr multicast_snooping enabled

Alexandre DERUMIER aderumier at odiso.com
Mon Mar 11 09:03:46 CET 2013


>>I have send a mail to patch author, maybe can he give us more informations about the problem. 

Reponse from Herbert Xu

 
> I'm using cisco switches , and they seem to not like igmp queries with 0.0.0.0 address coming from linux bridge.
> 
> 
> Do you remember what exactly was the problem or users reports about it ? I would like to known what happen exactly.

The physical switch (Cisco) would stop sending multicast packets
to our port completely when it receives our zero-source quieries.

Cheers,
-- 
Email: Herbert Xu <herbert at gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

"

So Maybe it's specific to cisco, but I think i'm not the only one to use cisco at work ;)

I'll test the patch to see if it's working fine.



----- Mail original ----- 

De: "Alexandre DERUMIER" <aderumier at odiso.com> 
À: "Michael Rasmussen" <mir at datanom.net> 
Cc: pve-devel at pve.proxmox.com 
Envoyé: Lundi 11 Mars 2013 06:41:15 
Objet: Re: [pve-devel] corosync, multicast problem because of vmbr multicast_snooping enabled 

Thank for help Michael 


>>1) Configure your switches to always have numerical lower IP than any 
>>hosts on the same vlan 

Not sure it'll help, as igmp query from linux have 0.0.0.0 address and not real host address. 
But my switches have lower ip than my proxmox hosts 

also, 

cisco doc say: 

http://www.cisco.com/en/US/docs/switches/datacenter/sw/nx-os/multicast/configuration/guide/b_multicast_chapter_0110.html 
" 
Note 
The IP address for the querier should not be a broadcast IP, multicast IP, or 0(0.0.0.0). 
" 

So maybe cisco really don't link 0.0.0.0 address quierer... 



I have send a mail to patch author, maybe can he give us more informations about the problem. 

I'll continue tests this week. 

----- Mail original ----- 

De: "Michael Rasmussen" <mir at datanom.net> 
À: pve-devel at pve.proxmox.com 
Envoyé: Dimanche 10 Mars 2013 11:05:49 
Objet: Re: [pve-devel] corosync, multicast problem because of vmbr multicast_snooping enabled 

On Sun, 10 Mar 2013 10:41:53 +0100 (CET) 
Alexandre DERUMIER <aderumier at odiso.com> wrote: 

> 
> So, I don't known for HP switchs, but for Cisco switches it seem to break the election of igmp. 
> 
Some thoughts: 
1) You have an aggregation spanning over two switches, I only use one 
2) The switch is up before the pve hosts and maybe HP switches, given 
the are configured to be querier, disable election and forces querier 
state because I never see any querying on my network coming from the 
switch. It is only the pve hosts which sends out queries. 
3) If none of your Cisco switches are configured as querier they use 
simple election to determine querier 
4) When I had not configured my switch as querier I seem to recall a 
broken multicast on the vlan too. 

Some tests you can performe: 
1) Configure your switches to always have numerical lower IP than any 
hosts on the same vlan 
2) Designate one or both of your switches as querier 

If both of your tests gives a successful result I think the conclusion 
must be that the linux bridge in some way brakes the election since 
when you start your hosts one of your switches must be the querier but 
after some time the querier changes to one of your hosts presumably 
because your switches are having a numerical higher IP than one or 
all of your pve hosts. 

> 
> Maybe my problem was that my proxmox host was the igmp quierer, and when I have shutted it down, no other igmp quierer have worked, and snooping have blocked all mutlticast address. 
> 
or maybe 
"Multicast routers send host-query messages periodically to refresh 
their knowledge of memberships present on their networks. If, after 
some number of queries, the Cisco IOS software discovers that no local 
hosts are members of a multicast group, the software stops forwarding 
onto the local network multicast packets from remote origins for that 
group and sends a prune message upstream toward the source." 

PS. Are your mail client broken because it removes the List-Id from 
your replies in which case other mailers will reply only to you when 
replying if you forget to say 'reply to all'. 

-- 
Hilsen/Regards 
Michael Rasmussen 

Get my public GnuPG keys: 
michael <at> rasmussen <dot> cc 
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xD3C9A00E 
mir <at> datanom <dot> net 
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE501F51C 
mir <at> miras <dot> org 
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE3E80917 
-------------------------------------------------------------- 
Democracy is the name we give the people whenever we need them. 
-- Arman de Caillavet, 1913 

_______________________________________________ 
pve-devel mailing list 
pve-devel at pve.proxmox.com 
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel 
_______________________________________________ 
pve-devel mailing list 
pve-devel at pve.proxmox.com 
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel 


More information about the pve-devel mailing list