[PVE-User] Linux bridge, kvm, ipv6, intel 10gbe

Sten Aus sten.aus at eenet.ee
Mon Apr 27 16:45:22 CEST 2015


Has anyone encountered a bug regarding to Linux bridge, KVM and IPv6?

I have a situation where my KVM machine cannot see other VMs in another 
node. Everything else is working inside a PVE Host. But this VM can ping 
outside world, for example Facebook, Google (IPv6 of course) etc.

I’ve found bugreport from 2014, but it should be solved by now. And I 
have latest 2.6.32-37-pve kernel ( Installed: 2.6.32-150) and regarding 
to changelog, IPv6 neighbor solicitation should be solved in -149 release.

|pve-kernel-2.6.32 (2.6.32-149) unstable; urgency=low
* IPv6: forwaring ICMP6 neighbor solicitation on bridge

Switches: Extreme Summit X670-48x, DELL N4064F
Network cards (10G):

|    Intel Corporation 82599EB 10-Gigabit SFI/SFP+ (using driver*ixgbe*  version 3.23.2)
    Ethernet Controller X710 for 10GbE SFP+ (using driver*i40e*  version 1.1.23,
because latest driver did not work with IPv4)

The sad thing is that it's quite chaotic - it's working in some VLANs 
quite OK, but in some VLANs it's not.

Multicast ping (ff02::1) does not show all link local addresses in reply 
(tcpdump running on multiple VMs - in same node, in different node) on 
some VMs, so my guess is that Linux bridge does not forward neighbor 
solicitation packets still.

Upper part is written in morning, but I wanted to archive it for later. 
Anyway, here is what I have so far.

When a random machine pings this new VM (ipv6), then it cannot see it. 
Tcpdump shows that Linux bridge cannot hear neighbour solicitation 
packets. When I ping from VM to random machine, then everything is 
working. As long as this (for example physical) machine remembers this 
VM MAC and IP.

So, I have again updated drivers (i40e network card drivers). Tried the 
one, which is coming from pve-kernel and the latest 1.2.38 from Intel 
webpage - still, i40e driver "eats" my NS packets.
See my other problem: http://comments.gmane.org/gmane.linux.pve.user/4184

My next guess is that maybe it's Linux bridge + i40e bug, I am going to 
try openvswitch configuration in that node.

All the best

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.proxmox.com/pipermail/pve-user/attachments/20150427/cb731b32/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3242 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.proxmox.com/pipermail/pve-user/attachments/20150427/cb731b32/attachment.bin>

More information about the pve-user mailing list