Any idea on this? On Sat, Nov 30, 2019 at 1:15 AM Fariborz Navidan <[email protected]> wrote:
> I just ran "virsh nwfilter-list" following table shows multicast and mac > and arp spoofing is not allowed. I guess this is why each IP is constrained > with it's vnet MAC address and does not allow floating IP addresses. > > [root@fr-kvm1 ~]# virsh nwfilter-list > UUID Name > ------------------------------------------------------------------ > 906f8af9-317a-47be-8568-83d83fda3187 allow-arp > 6a3bee5a-272c-4f9c-ba89-7661529740a2 allow-dhcp > 74efaf38-e4ce-4550-a79f-b9df5eec74bf allow-dhcp-server > 011fc636-4f6c-48cc-a4dd-efe962c9cc8e allow-incoming-ipv4 > 30ca1846-10ae-4e1e-bf55-a54371d69d8b allow-ipv4 > 529466c5-0a94-4908-a0b2-c13c3b3bbc82 clean-traffic > 7a5c405e-3b9c-4ac7-a330-67a18a1a4701 clean-traffic-gateway > c7e311be-715b-4d77-9b31-f1f4504abb1f no-arp-ip-spoofing > c6a902a9-b9fa-45c1-9e04-1889f20f1d30 no-arp-mac-spoofing > fce5536f-a2d2-4360-a2c9-b697b4cc2054 no-arp-spoofing > ced96d59-f7d5-4393-853d-9b11ed7afda8 no-ip-multicast > d77ac888-14ff-485a-8093-7be87a2ba46b no-ip-spoofing > a1f14101-78c3-4fad-ba1e-f54e30ba48ae no-mac-broadcast > 37b3dfcf-de29-48ad-8826-1e3621c728a3 no-mac-spoofing > c16752f2-8f0c-401f-9275-f5e6d5b9de01 no-other-l2-traffic > 3b44715b-b542-4aea-97c2-9dd6c5f2ea44 no-other-rarp-traffic > c93e46c2-5a32-40b7-acd9-47872a01b312 qemu-announce-self > a30e079a-fe7d-4efb-ae8e-d822f4135180 qemu-announce-self-rarp > > > On Wed, Nov 27, 2019 at 3:18 PM Fariborz Navidan <[email protected]> > wrote: > >> Any idea? >> >> On Tue, Nov 26, 2019 at 6:12 PM Fariborz Navidan <[email protected]> >> wrote: >> >>> Hello, >>> >>> I want to be able to use a single secondary IP on two or more VMs but >>> secondary IPs only work on the VM it belongs to it. For this work, I guess >>> promiscuous mode and/or forged transmits should be enabled on the network. >>> For this I have modified the DB table network_offering_details and then >>> restarted the network but it still does not work. >>> >>> When I reserve an IP on a VM and set it on the guest using command "ip >>> addr ad ...", it is reachable and works fine but if I delete the ip from >>> that guest and add it to another guest which secondary IP was not reserved >>> for, it is not reachable using this IP. It means looks like MAC addresses >>> are somehow bound to NIC MAC address. >>> >>> I should notice tat I am running an advanced zone and shared network.and >>> security groups are enabled. Default egress policy is "Allow" and all >>> tcp/udp/icmp ingress traffic is allowed in the security groups. >>> >>> But I am still not able to make a shared IP floating. >>> >>> Please guide me through the right way. >>> >>> Thanks >>> >>
