Hi again Ben, here's the output (portuguese ubuntu version):
Tabela de Roteamento IP do Kernel Destino Roteador MáscaraGen. Opções MSS Janela irtt Iface 0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 br0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br0 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 br0 I changed my network configuration to something like that: control network: 192.168.0.0 test network 1: 192.168.2.0 (vlan id = 2) test network 2: 192.168.3.0 (vlan id =3) Now the vlan isolation seems to work. VM's at test network 1 can ping from one to another, but can't ping to vm's in test network 2. Also, vm's in test network 1 or test network 2 can ping to my host, that is, the control network. But i don't really know the reason that my first configuration doesn't work. 2013/1/15 Iben Rodriguez <iben.rodrig...@gmail.com> > Would you please list the route table on your hypervisor? > > Run this command... > > netstat -r -n > > I b e n > +14087824726 > Skype: ibenrodriguez > > > On Mon, Jan 14, 2013 at 5:11 PM, Túlio Gomes <tulio.gomesbarb...@gmail.com > > wrote: > >> Ok Ben, >> i'll do some tests and return soon. >> >> Thank you very much >> >> 2013/1/14 Ben Pfaff <b...@nicira.com> >> >>> Like I said, the problem may be that your VMs can communicate over >>> eth0, and that the VMs are using that to communicate on the "private" >>> IP addresses. >>> >>> On Mon, Jan 14, 2013 at 06:19:10PM -0200, Túlio Gomes wrote: >>> > Ben, thanks for your response. >>> > >>> > My eth0 nic isn't attached to any vlan. That is, the vlan's id that i >>> had >>> > cited it's associated only to eth1 nic. >>> > >>> > Do you think could be my image that doesn't have support to vlan? >>> > >>> > 2013/1/14 Ben Pfaff <b...@nicira.com> >>> > >>> > > On Sun, Jan 13, 2013 at 06:44:34PM -0200, Túlio Gomes wrote: >>> > > > Currently, i'm testing the vlan isolation feature provided by >>> > > openvswitch, >>> > > > but it's not working like described in documentation. >>> > > > >>> > > > What i'm trying to do is to set two interfaces on each vm (one for >>> data >>> > > > control and another for tests) >>> > > > >>> > > > For example: >>> > > > I have 4 vm's with the following ips and vlans: >>> > > > eth0 = data control >>> > > > eth1 = tests purposes >>> > > > 1 - eth0: 10.1.1.5; eth1: 10.1.1.33; vlan: 32 >>> > > > 2 - eth0: 10.1.1.6; eth1: 10.1.1.34; vlan: 32 >>> > > > 3 - eth0: 10.1.1.7; eth1: 10.1.1.65; vlan: 64 >>> > > > 4 - eth0: 10.1.1.8; eth1: 10.1.1.66; vlan: 64 >>> > > > >>> > > > The host has the ip 10.1.1.2 (broadcast 10.1.1.31 and netmask >>> > > > 255.255.255.224) >>> > > > >>> > > > Here's the problem: i can ping from vm 1 to vm 2 (ping 10.1.1.34), >>> but i >>> > > > also can ping from vm 1 to vm 3 or vm 4 (ping 10.1.1.64 or ping >>> > > 10.1.1.65) >>> > > > >>> > > > That is, VM's 1 and 2 can communicate with each other, but they >>> also can >>> > > > communicate with vm's 3 and 4. >>> > > >>> > > It seems likely that you are running into an often surprising feature >>> > > of the Linux networking stack: Linux is willing to talk on any >>> > > assigned IP address on any network interface. That is, even though >>> > > you assign IP 10.1.1.5 to eth0 and 10.1.1.33 to eth1, the kernel will >>> > > accept packets for 10.1.1.33 on eth0 and for 10.1.1.5 on eth1. So, >>> > > although you have isolated the eth1 interfaces on VLANs, the VMs are >>> > > still willing to talk to each other on the "private" IP addresses via >>> > > the eth0 interfaces. >>> > > >>> > >>> > >>> > >>> > -- >>> > Atenciosamente, >>> > Túlio Gomes Barbosa >>> > br.linkedin.com/in/tuliogomesbarbosa >>> >> >> >> >> -- >> Atenciosamente, >> Túlio Gomes Barbosa >> br.linkedin.com/in/tuliogomesbarbosa >> >> >> _______________________________________________ >> discuss mailing list >> discuss@openvswitch.org >> http://openvswitch.org/mailman/listinfo/discuss >> >> > -- Atenciosamente, Túlio Gomes Barbosa br.linkedin.com/in/tuliogomesbarbosa
_______________________________________________ discuss mailing list discuss@openvswitch.org http://openvswitch.org/mailman/listinfo/discuss
