Quick question for anyone in the know, I have a fairly basic setup (at
least I think it is?) with an openvswitch, and the br0 port has an IP
assigned in the same subnet as the VM to act as a gateway.
|------ovs-------|
eno2 <-- |--br0 |
|--vnet0 - VM |
|------------------|
I would like the VM (vnet0) to use br0 as a gateway which local
connectivity wise seems fine but the internet is a bit odd. I can ping for
example 1.1.1.1 dns without any issues but anying udp/tcp is a no go.
I checked the physical hosts interface(eno2) and br0 to find that the VM's
packets were successfully heading to br0 but when leaving the physical
host(eno2) the tcp/udp packets weren't being masqueraded. The rule is
pretty straightforward and to test I plugged another device into the eno1
afxdp port and had no connectivity issues and packets were being
masqueraded fine.
I tried to set trustGuestRxFilters='yes' but that didn't work and the same
state remained, the only thing that worked was using the "rtl8139" model
type.
I always remember using 'virtio' in the past and I must be missing
something crucial in the somewhat lengthy libvirt documentation.
Would be super helpful if someone can shed some light on this ? and
possibly if I should be using virtio or the realtek driver ?
Thanks ! (config below)
Iptables:
sudo iptables -t nat -A POSTROUTING -o eno2 -j MASQUERADE
ovs-vsctl show
ec13c3e2-6159-4019-984e-36cc90c59075
Bridge br0
fail_mode: standalone
datapath_type: netdev
Port vnet0
Interface vnet0
Port eno1
Interface eno1
type: afxdp
Port br0
Interface br0
type: internal
instance domain xml
<interface type='bridge'>
<mac address='52:54:00:77:fc:70'/>
<source bridge='br0'/>
<virtualport type='openvswitch'>
<parameters interfaceid='2124ef39-e244-434c-8339-d2aa04d0d888'/>
</virtualport>
<model type='virtio'/> #rtl8139 works.
<address type='pci' domain='0x0000' bus='0x02' slot='0x01'
function='0x0'/>
</interface>
