Dear Jehan,
fyi: I've moved physical device into container by using command
vzctl set --netif_add eth0 --host_ifname eth0
On 07.11.2016 09:08, Vasily Averin wrote:
> Dear Jehan,
>
> probably you can tune bridge somehow.
> alternatively you can move physical device into container's network namespace.
>
> I need to clarify is it implemented in Virtuozzo SDK or prlctl,
> however even if it is not ready yet you can try to use following command on
> host after start the container.
>
> ip set ethX netns <CTid>
>
> At the first glance this should work, however we did not tested it.
> I expect the interface should be moved back to host after CT stop,
> but probably some additional actions will be required here too.
>
> Please let us know about any results of your experiments.
>
> Thank you,
> Vasily Averin
>
> On 04.11.2016 00:07, Jehan Procaccia wrote:
>> ok, then how can I have VM or CT that act as a probe and receives all trafic
>> from a mirror WAN router interface ?
>> is there a way to bypass a bridge, by pluging the physical interface
>> that receives all mirroed trafic directly to the VM/CT , is it
>> possible ?
>>
>> Thanks .
>>
>> Le 02/11/2016 18:33, Vasily Averin a écrit :
>>> Dear Jehan,
>>> as far as I understand incoming packets are filtered by bridge,
>>> it have list of known MAC addresses and forward external packets to
>>> internal interface
>>> broadcasts and packets addressed to MACs related to given interface.
>>>
>>> brctl showmacs brX
>>>
>>> So the settings of CT/VM interfaces do not takes into account on this stage.
>>>
>>> THank you,
>>> Vasily Averin
>>>
>>> On 02.11.2016 13:56, Jehan Procaccia wrote:
>>>> Hello
>>>>
>>>> I am still lock on setting *preventpromisc=off* in my CT .
>>>> I did ask for it:
>>>>
>>>> # prlctl set CTprobe --device-set net1 --preventpromisc no
>>>>
>>>> no way, preventpromisc keeps beeing set to on
>>>>
>>>> [host]# prlctl list -if CTprobe | grep net1
>>>>
>>>> net1 (+) dev='veth42ba2f55' ifname='eth1' network='probenet'
>>>> mac=001C42BA2F45*preventpromisc=on* mac_filter=off
>>>> ip_filter=off nameservers= searchdomains=
>>>>
>>>> *
>>>> *Vasily, when you said :*
>>>>
>>>> *
>>>>
>>>> 19/10/2016 11:29, Vasily Averin wrote :
>>>> from man prlctl ("set" section)
>>>>
>>>> preventpromisc: determines if the specified network adapter
>>>> should reject packages not addressed
>>>> to its virtual environment. If set to "yes", the adapter will
>>>> drop packages not addressed to its
>>>> virtual environment.
>>>>
>>>> *In pcs6 it was affected VMs only*, and at present I'm not sure was it
>>>> fully intergrated into vz7 or not.
>>>>
>>>>
>>>> could it be that it is not integrated in vz7 ? or perhaps not in CT, but
>>>> could work in VM ?
>>>>
>>>> regards .
>>>>
>>>>
>>>> Le 19/10/2016 17:27, Jehan Procaccia a écrit :
>>>>> I expect to see all trafic mirrored from our edge router (cisco) to the
>>>>> Wan, indeed not trafic source and dest to my CT !
>>>>>
>>>>> That CTprobe as been transfered from an openvz6 host to that new openv7
>>>>> on the vz6 there was no brigde, the host eth1 interface was directly
>>>>> monted/affected to the CT, like this
>>>>>
>>>>> NETIF="ifname=eth0,bridge=br0.11,mac=00:18:51:1B:26:98,host_ifname=veth11030.0,host_mac=00:18:51:E6:D6:45"
>>>>> *NETDEV="eth1"*
>>>>>
>>>>> yes on the host side, either on the physical interface (em3) directly
>>>>> pluged to the mirrored port on the cisco or the associated bridge (brs0)
>>>>> I do see all in/out trafic of all users trafic
>>>>> [host] # tcpdump -i em3 -n
>>>>> 10:40:58.767042 IP 193.51.224.142.https > 147.157.103.21.54757: UDP,
>>>>> length 1350
>>>>> [host]# brctl show
>>>>> *brs0 8000.14187769840c no em3**
>>>>> **
>>>>> veth42ba2f55*
>>>>>
>>>>> [host] # prlsrvctl net list
>>>>> Network ID Type Bound To Bridge Slave interfaces
>>>>> Host-Only host-only virbr0
>>>>> *probenet bridged em3 brs0 veth42ba2f55 *
>>>>> but neither on the host nor on the CT I cannot see all trafic , but only
>>>>> protocol/braodcats or xcat, it seems as if trafic is filtered ... ?*
>>>>>
>>>>> *examples*
>>>>>
>>>>> *[host] # tcpdump -i veth42ba2f55 -n
>>>>> tcpdump: WARNING: veth42ba2f55: no IPv4 address assigned
>>>>> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
>>>>> listening on veth42ba2f55, link-type EN10MB (Ethernet), capture size
>>>>> 65535 bytes
>>>>> 17:17:34.279194 ARP, Request who-has 193.51.41.10 tell 193.51.41.1,
>>>>> length 46
>>>>> 17:17:34.343210 ARP, Request who-has 193.51.41.43 tell 193.51.41.1,
>>>>> length 46
>>>>> 17:17:34.451152 IP 193.51.41.36.hsrp > 224.0.0.102.hsrp: HSRPv1*
>>>>>
>>>>> *CT-11030 /# tcpdump -i eth1 -n
>>>>> tcpdump: WARNING: eth1: no IPv4 address assigned
>>>>> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
>>>>> listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
>>>>> 17:19:00.184782 arp who-has 193.51.41.34 tell 193.51.41.1
>>>>> 17:19:00.296277 802.1d config 8001.00:26:99:64:c0:80.9688 root
>>>>> 8001.00:21:56:1c:3f:80 pathcost 1 age 1 max 20 hello 2 fdelay 15
>>>>> 17:19:00.296641 00:25:84:f1:3f:9b > 01:00:0c:cc:cc:cd SNAP Unnumbered,
>>>>> ui, Flags [Command], length 50
>>>>> 17:19:00.370773 arp who-has 193.51.41.42 tell 193.51.41.1
>>>>> *
>>>>> *[host]# prlctl list -if CTprobe | grep net1
>>>>> net1 (+) dev='veth42ba2f55' ifname='eth1' network='probenet'
>>>>> mac=001C42BA2F45*preventpromisc=on* mac_filter=off ip_filter=off
>>>>> nameservers= searchdomains=
>>>>> *
>>>>> *is the preventpromisc=on my problem, how to change it to off ?
>>>>> as
>>>>> # prlctl set CTprobe --device-set net1 --preventpromisc no
>>>>> doesn't work ?
>>>>>
>>>>> regards .*
>>>>>
>>>>>
>>>>> *Le 19/10/2016 14:33, Vasily Averin a écrit :
>>>>>> Dear Jehan,
>>>>>>
>>>>>> could you please clarify, which kind of traffic you expect to see inside
>>>>>> container ?
>>>>>> Are you sure it is present on host side on according vethX interface?
>>>>>>
>>>>>> I think bridge on host can do not route alien traffic to this interface.
>>>>>> IIRC there is some setting on bridge settings that enables "promisc"
>>>>>> mode,
>>>>>> but by default bridge does not route all traffic to all attached
>>>>>> interfaces.
>>>>>>
>>>>>> Thank you,
>>>>>> Vasily Averin
>>>>>> On 19.10.2016 13:16, Jehan Procaccia wrote:
>>>>>>> indeed macfilter, ipfilter and preventpromisc were set to "on"
>>>>>>>
>>>>>>> # prlctl list -if CTprobe | grep net
>>>>>>> venet0 (+) type='routed'
>>>>>>> net0 (+) dev='veth11030.0' ifname='eth0' network='vlan11'
>>>>>>> mac=0018511B4688 preventpromisc=on mac_filter=on ip_filter=on
>>>>>>> nameservers= searchdomains= ips='192.168.11.30/255.255.255.0 '
>>>>>>> *net1 (+) dev='veth42ba2f55' ifname='eth1' network='sondereve'
>>>>>>> mac=001C42BA2F45 preventpromisc=on mac_filter=on ip_filter=on*
>>>>>>> nameservers= searchdomains=
>>>>>>>
>>>>>>> I set them to "no"
>>>>>>>
>>>>>>> # prlctl set CTprobe --device-set net1 --ipfilter no
>>>>>>> # prlctl set CTprobe --device-set net1 --preventpromisc no
>>>>>>> # prlctl set CTprobe --device-set net1 --macfilter no
>>>>>>>
>>>>>>> now they are off , exept preventpromisc which keeps beeing set to on ?
>>>>>>>
>>>>>>> # prlctl list -if CTprobe | grep net1
>>>>>>> net1 (+) dev='veth42ba2f55' ifname='eth1' network='sondereve'
>>>>>>> mac=001C42BA2F45 *preventpromisc=on* mac_filter=off ip_filter=off
>>>>>>> nameservers= searchdomains=
>>>>>>>
>>>>>>> I cannot set it to off !?
>>>>>>> I did edit the CTprobe /etc/vz/conf/ file explicitly adding
>>>>>>> mac_filter=off,ip_filter=off,*preventpromisc=off*
>>>>>>>
>>>>>>> no way, my eth1 container interface only sees filtered trafic .
>>>>>>>
>>>>>>> I did nothing regarding the attached bridge (em3 ->*brs0* ->
>>>>>>> veth42ba2f55) , as I don't see any "mac-filter" in vzctl command help
>>>>>>> (only netfilter, not mac)
>>>>>>> # vzctl --help | grep filter
>>>>>>> [--netfilter <disabled|stateless|stateful|full>]
>>>>>>>
>>>>>>> is it the preventpromisc=off "bug" that drops packets, or the
>>>>>>> mac-filter on the bridge which might be not set ?
>>>>>>> indeed it seems as if the container current config drops packets that
>>>>>>> are not address to it , for a probe it is a problem as by definition
>>>>>>> for a probe packets are not addreed to him !.
>>>>>>>
>>>>>>> regards .
>>>>>>>
>>>>>>>
>>>>>>> Le 19/10/2016 11:29, Vasily Averin a écrit :
>>>>>>>> Dear Jehan,
>>>>>>>>
>>>>>>>> 1)
>>>>>>>> # prlctl list -if vvs.vz7.kdev | grep net0
>>>>>>>> net0 (+) dev='veth5147a7b3' ifname='eth0' network='Bridged'
>>>>>>>> mac=00185147A7B3 preventpromisc=on mac_filter=on ip_filter=on
>>>>>>>> nameservers= searchdomains= dhcp='yes'
>>>>>>>>
>>>>>>>> from man prlctl ("set" section)
>>>>>>>> ipfilter: determines if the specified network adapter is
>>>>>>>> configured to filter network packages by
>>>>>>>> IP address. If set to "yes", the adapter is allowed to
>>>>>>>> send packages only from IPs in the network
>>>>>>>> adapter's IP addresses list.
>>>>>>>> macfilter: determines if the specified network adapter is
>>>>>>>> configured to filter network packages by
>>>>>>>> MAC address. If set to "yes", the adapter is allowed to
>>>>>>>> send packages only from its own MAC
>>>>>>>> address.
>>>>>>>> preventpromisc: determines if the specified network
>>>>>>>> adapter should reject packages not addressed
>>>>>>>> to its virtual environment. If set to "yes", the adapter
>>>>>>>> will drop packages not addressed to its
>>>>>>>> virtual environment.
>>>>>>>>
>>>>>>>> In pcs6 it was affected VMs only, and at present I'm not sure was it
>>>>>>>> fully intergrated into vz7 or not.
>>>>>>>>
>>>>>>>> 2) vzctl also have filter setting for bridged interfaces
>>>>>>>> man vzctl:
>>>>>>>> --mac_filter on|off - enable/disable packets filtering by MAC
>>>>>>>> address and MAC changing on veth
>>>>>>>> device inside CT.
>>>>>>>>
>>>>>>>> Thank you,
>>>>>>>> Vasily Averin
>>>>>>>>
>>>>>>>>
>>>>>>>> On 19.10.2016 12:05, Jehan Procaccia wrote:
>>>>>>>>> Hello
>>>>>>>>>
>>>>>>>>> I'am back to my vlan/brige/vm-interface ...
>>>>>>>>> although it works fine for my containers primary interfaces (eth0)
>>>>>>>>> I have a specific container that has 2 interfaces, the second beeing
>>>>>>>>> for a probe on the network (tcpdump, snort etc ...)
>>>>>>>>> unfortunatly only minimal trafic seems to be forwarded into the
>>>>>>>>> container on that second interface , not all , I do see the wall
>>>>>>>>> trafic within the physical interface and its bridge on the physical
>>>>>>>>> host, but not on the veth into the CT !?.
>>>>>>>>>
>>>>>>>>> here's the physical and config situation: on the physical host I plug
>>>>>>>>> the cisco mirrored outbound/Wan interface to em3 (physical interface
>>>>>>>>> on the host)
>>>>>>>>>
>>>>>>>>> I created a virtual network for that probe attached to em3 and
>>>>>>>>> associated to bridge brs0
>>>>>>>>>
>>>>>>>>> # prlsrvctl net add probenet --type bridged --ifname em3
>>>>>>>>> # prlsrvctl net list
>>>>>>>>> Network ID Type Bound To Bridge Slave
>>>>>>>>> interfaces
>>>>>>>>> Host-Only host-only virbr0
>>>>>>>>> *probenet bridged em3 brs0
>>>>>>>>> veth42ba2f55 *
>>>>>>>>> ...
>>>>>>>>>
>>>>>>>>> my CT 2nd interface (eth1, eth0 beeing the 1st one) is attached to
>>>>>>>>> that network
>>>>>>>>> # prlctl set CTprobe --netif_add eth1
>>>>>>>>> # prlctl set CTprobe --ifname eth1 --network probenet
>>>>>>>>>
>>>>>>>>> my problem is that a tcpdump -i em3 or bsr0 on the physical host do
>>>>>>>>> show all traffic on my outbound cisco Wan mirrored interface
>>>>>>>>> here is a very small sample (hundred of packats per secondes ...)
>>>>>>>>> # tcpdump -i brs0 -n
>>>>>>>>> 10:40:58.767042 IP 193.51.224.142.https > 147.157.103.21.54757: UDP,
>>>>>>>>> length 1350
>>>>>>>>> 10:40:58.767062 IP 193.51.224.42.https > 147.157.161.85.50813: Flags
>>>>>>>>> [.], seq 2056788:2058248, ack 511, win 1650, length 1460
>>>>>>>>> 10:40:58.841239 IP 193.157.24.26.hsrp > 224.0.0.102.hsrp: HSRPv1
>>>>>>>>> 10:40:59.075644 IP 193.157.24.25.hsrp > 224.0.0.102.hsrp: HSRPv1
>>>>>>>>> 10:40:59.801310 ARP, Request who-has 193.157.24.30 tell 193.157.41.1,
>>>>>>>>> length 46
>>>>>>>>>
>>>>>>>>> if I do the same tcpdump -i veth42ba2f55 or inside the CTprobe -i
>>>>>>>>> eth1 , only protocol trafic seems to pass through (STP,ARP,HSRP...),
>>>>>>>>> no users payload (https, ssh etc ...) , and only a dozen packets per
>>>>>>>>> seconds (they were hundreds on the brs0 or em3)
>>>>>>>>>
>>>>>>>>> # tcpdump -i veth42ba2f55 -n
>>>>>>>>> 10:45:30.918642 STP 802.1d, Config, Flags [none], bridge-id
>>>>>>>>> 8d52.00:20:56:1e:a6:80.8040, length 42
>>>>>>>>> 10:45:31.213516 ARP, Request who-has 193.157.41.45 tell 193.157.41.1,
>>>>>>>>> length 46
>>>>>>>>> 10:45:31.281744 ARP, Request who-has 193.157.41.17 tell 193.157.41.1,
>>>>>>>>> length 46
>>>>>>>>> 10:45:31.332678 IP 193.157.41.236 > 224.0.0.13: PIMv2, Hello, length
>>>>>>>>> 38
>>>>>>>>> 10:45:31.383549 ARP, Request who-has 193.157.41.31 tell 193.157.41.1,
>>>>>>>>> length 46
>>>>>>>>> 10:45:31.456594 ARP, Request who-has 193.157.41.34 tell 193.157.41.1,
>>>>>>>>> length 46
>>>>>>>>> 10:45:31.458344 STP 802.1d, Config, Flags [none], bridge-id
>>>>>>>>> 89ce.00:20:56:1e:a6:80.8040, length 42
>>>>>>>>> 10:45:31.458898 STP 802.1d, Config, Flags [none], bridge-id
>>>>>>>>> 8168.00:20:56:1e:a6:80.8040, length 42
>>>>>>>>> 10:45:31.654835 STP 802.1d, Config, Flags [none], bridge-id
>>>>>>>>> 89da.00:20:56:1e:a6:80.8040, length 42
>>>>>>>>> 10:45:31.655039 STP 802.1d, Config, Flags [none], bridge-id
>>>>>>>>> 89cf.00:20:56:1e:a6:80.8040, length 42
>>>>>>>>> 10:45:31.709254 IP 193.157.41.35.hsrp > 224.0.0.102.hsrp: HSRPv1
>>>>>>>>> 10:45:31.966666 STP 802.1d, Config, Flags [none], bridge-id
>>>>>>>>> 89d0.00:20:56:1e:a6:80.8040, length 42
>>>>>>>>> 10:45:31.993787 CDPv2, ttl: 180s, Device-ID 'core.ispint.fr', length
>>>>>>>>> 405
>>>>>>>>>
>>>>>>>>> Is the CT veth filtering trafic ? or cannot cope with the volume ?
>>>>>>>>> it is strange though that no payload/users trafic, only protocol
>>>>>>>>> (Xcast/broadcast ?) trafic pass from brs0 to veth42ba2f55 or inside
>>>>>>>>> the CTprobe eth1
>>>>>>>>> Am I missing a "capability" ?
>>>>>>>>>
>>>>>>>>> Regards .
>>>>>>>>>
>>>>>>>>> Le 10/10/2016 21:24, Jehan Procaccia a écrit :
>>>>>>>>>> Indeed !
>>>>>>>>>> that was that last setting missing:
>>>>>>>>>>
>>>>>>>>>> prlctl set MyCT11 --ifname eth0 --network vlan11
>>>>>>>>>>
>>>>>>>>>> now vlans works fine
>>>>>>>>>> Just note that I had to add NM_CONTROLLED="no" to all mi ifcfg-xxx
>>>>>>>>>> definition files, otherwise network restart failed to start them
>>>>>>>>>>
>>>>>>>>>> regards .
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Le 10/10/2016 09:12, Vasily Averin a écrit :
>>>>>>>>>>> Dear Jehan,
>>>>>>>>>>>
>>>>>>>>>>> Virtuozzo 7 have nice documentaion on docs.virtuozzo.com
>>>>>>>>>>>
>>>>>>>>>>> http://docs.virtuozzo.com/virtuozzo_7_users_guide/managing-network/configuring-virtual-machines-and-containers-in-bridged-mode.html?highlight=bridge
>>>>>>>>>>>
>>>>>>>>>>> in your case you need to bind container interface to newly-created
>>>>>>>>>>> bridge by using follwing command:
>>>>>>>>>>>
>>>>>>>>>>> prlctl set MyCT11 --ifname eth0 --network vlan11
>>>>>>>>>>>
>>>>>>>>>>> Thank you,
>>>>>>>>>>> Vasily Averin
>>>>>>>>>>>
>>>>>>>>>>> On 09.10.2016 22:37, Jehan Procaccia wrote:
>>>>>>>>>>>> I found a method to configure bridge and vlan based on RHEL docs :
>>>>>>>>>>>> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Networking_Guide/sec-Network_Bridging_Using_the_Command_Line_Interface.html
>>>>>>>>>>>>
>>>>>>>>>>>> in order not to mess with current config automatically configured
>>>>>>>>>>>> by virtuozzo7 installer on em1 and em2 with repective bridges br0
>>>>>>>>>>>> en br1, I plugged a 3rd interface on the server (fiber) p2p2 :
>>>>>>>>>>>>
>>>>>>>>>>>> [network-scripts]# cat ifcfg-p2p2
>>>>>>>>>>>> TYPE=Ethernet
>>>>>>>>>>>> BOOTPROTO=none
>>>>>>>>>>>> NAME=p2p2
>>>>>>>>>>>> UUID=9188d131-21b1-4ee9-8205-c893b4a4fc44
>>>>>>>>>>>> DEVICE=p2p2
>>>>>>>>>>>> ONBOOT=yes
>>>>>>>>>>>>
>>>>>>>>>>>> then the associated subinterface for vlan11 as described in RHEL7
>>>>>>>>>>>> doc
>>>>>>>>>>>>
>>>>>>>>>>>> # cat ifcfg-p2p2*.11*
>>>>>>>>>>>> DEVICE=p2p2.11
>>>>>>>>>>>> BOOTPROTO=none
>>>>>>>>>>>> ONBOOT=yes
>>>>>>>>>>>> VLAN=yes
>>>>>>>>>>>> BRIDGE="br11"
>>>>>>>>>>>>
>>>>>>>>>>>> and finally the bridge for that vlan
>>>>>>>>>>>>
>>>>>>>>>>>> # cat ifcfg-br11
>>>>>>>>>>>> DEVICE="br11"
>>>>>>>>>>>> NAME="p2p2.11"
>>>>>>>>>>>> ONBOOT=yes
>>>>>>>>>>>> NETBOOT=yes
>>>>>>>>>>>> IPV6INIT=yes
>>>>>>>>>>>> BOOTPROTO=dhcp
>>>>>>>>>>>> TYPE="Bridge"
>>>>>>>>>>>> DELAY="2"
>>>>>>>>>>>> STP="off"
>>>>>>>>>>>>
>>>>>>>>>>>> # ip -d link show p2p2.11
>>>>>>>>>>>> 41: p2p2.11@p2p2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
>>>>>>>>>>>> noqueue master br11 state UP mode DEFAULT
>>>>>>>>>>>> link/ether f4:e9:d4:91:c4:33 brd ff:ff:ff:ff:ff:ff
>>>>>>>>>>>> promiscuity 1
>>>>>>>>>>>> vlan protocol 802.1Q id 11 <REORDER_HDR> addrgenmode none
>>>>>>>>>>>>
>>>>>>>>>>>> # ip -d link show br11
>>>>>>>>>>>> 42: br11: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
>>>>>>>>>>>> state UP mode DEFAULT
>>>>>>>>>>>> link/ether f4:e9:d4:91:c4:33 brd ff:ff:ff:ff:ff:ff
>>>>>>>>>>>> promiscuity 0
>>>>>>>>>>>> bridge addrgenmode none
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> Now I can add my virtual network attached to the p2p2.11 interface
>>>>>>>>>>>> (or should I have chosed br11 !?)
>>>>>>>>>>>>
>>>>>>>>>>>> # prlsrvctl net add vlan11 --type bridged --ifname p2p2.11
>>>>>>>>>>>> # prlsrvctl net list
>>>>>>>>>>>> Network ID Type Bound To Bridge Slave
>>>>>>>>>>>> interfaces
>>>>>>>>>>>> Bridged bridged em2 br1
>>>>>>>>>>>> Host-Only host-only virbr0
>>>>>>>>>>>> vlan11 bridged p2p2.11 br11
>>>>>>>>>>>>
>>>>>>>>>>>> # brctl show
>>>>>>>>>>>> bridge name bridge id STP enabled interfaces
>>>>>>>>>>>> br0 8000.14187769840a yes em1
>>>>>>>>>>>> br1 8000.14187769840b no em2
>>>>>>>>>>>> br11 8000.f4e9d495c432 no p2p2.11
>>>>>>>>>>>> host-routed 8000.000000000000 no
>>>>>>>>>>>> virbr0 8000.52540064dd31 no virbr0-nic
>>>>>>>>>>>>
>>>>>>>>>>>> create a container MyCT11
>>>>>>>>>>>> # prlctl create MyCT11 --vmtype ct
>>>>>>>>>>>> ...
>>>>>>>>>>>> Processing metadata for centos-7-x86_64
>>>>>>>>>>>> ...The Container has been successfully created.
>>>>>>>>>>>>
>>>>>>>>>>>> now I add an interface to my CT so that it will be in vlan11
>>>>>>>>>>>>
>>>>>>>>>>>> # prlctl set MyCT11 --netif_add eth0
>>>>>>>>>>>> # prlctl set MyCT11 --ifname eth0 --ipadd 192.168.11.10/24
>>>>>>>>>>>> # prlctl set MyCT11 --ifname eth0 --gw 192.168.11.1
>>>>>>>>>>>>
>>>>>>>>>>>> entering the CT an pinging the gateway unfortunatly fails
>>>>>>>>>>>>
>>>>>>>>>>>> CT-bad098d8 /# ping 192.168.11.1
>>>>>>>>>>>> PING 192.168.11.1 (192.168.11.1) 56(84) bytes of data.
>>>>>>>>>>>> ^C
>>>>>>>>>>>> --- 192.168.11.1 ping statistics ---
>>>>>>>>>>>> 3 packets transmitted, 0 received, 100% packet loss, time 1999ms
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> the pb seems that that new CT seems to be attached to an other
>>>>>>>>>>>> bridge
>>>>>>>>>>>>
>>>>>>>>>>>> # prlsrvctl net list
>>>>>>>>>>>> Network ID Type Bound To Bridge Slave
>>>>>>>>>>>> interfaces
>>>>>>>>>>>> Bridged bridged em2 *br1 *
>>>>>>>>>>>> *veth4250fe85 *
>>>>>>>>>>>> Host-Only host-only virbr0
>>>>>>>>>>>> vlan11 bridged p2p2.11 br11
>>>>>>>>>>>>
>>>>>>>>>>>> not to vlan11 network on br11
>>>>>>>>>>>>
>>>>>>>>>>>> I guess I missed something , where did I went wrong ?
>>>>>>>>>>>> anyone has a full scenario to enable vlan through bridge mode in
>>>>>>>>>>>> CT (and VM) ?
>>>>>>>>>>>>
>>>>>>>>>>>> regards .
>>>>>>>>>>>>
>>>>>>>>>>>> http://docs.virtuozzo.com/virtuozzo_7_users_guide/managing-network/configuring-virtual-machines-and-containers-in-bridged-mode.html
>>>>>>>>>>>>
>>>>>>>>>>>> Le 07/10/2016 19:22, Jehan Procaccia a écrit :
>>>>>>>>>>>>> hello
>>>>>>>>>>>>>
>>>>>>>>>>>>> based on
>>>>>>>>>>>>> https://docs.openvz.org/openvz_users_guide.webhelp/_configuring_virtual_machines_and_containers_in_bridged_mode.html
>>>>>>>>>>>>> it is not clear to me how to create virtual networks associated
>>>>>>>>>>>>> to vlans ?
>>>>>>>>>>>>>
>>>>>>>>>>>>> On a fresly installed Virtuozzo Linux release 7.2 (3515) on a
>>>>>>>>>>>>> host with 2 activated interfaces (em1 and em2) in trunk mode
>>>>>>>>>>>>> (cisco terminology switchport trunk, allowed vlan 10,11,12,
>>>>>>>>>>>>> native 10) I cannot find out how to create networks dedicated to
>>>>>>>>>>>>> a vlan
>>>>>>>>>>>>>
>>>>>>>>>>>>> I tried :
>>>>>>>>>>>>> # prlsrvctl net add vlan11 --type bridged --ifname em2
>>>>>>>>>>>>> Failed to add Virtual Network vlan11: This network adapter is
>>>>>>>>>>>>> already in use. Please select another network adapter and try
>>>>>>>>>>>>> again.
>>>>>>>>>>>>>
>>>>>>>>>>>>> I suspect that because em2 is already bridge to br1, it cannot be
>>>>>>>>>>>>> bridged anymore ?
>>>>>>>>>>>>>
>>>>>>>>>>>>> Or should I create a /etc/sysconfig/network-scripts/ifcfg-em2.11
>>>>>>>>>>>>> to have a interface dedicated to vlan11 :
>>>>>>>>>>>>> # cat ifcfg-em2.11
>>>>>>>>>>>>> DEVICE=em2.11
>>>>>>>>>>>>> ONBOOT=yes
>>>>>>>>>>>>> TYPE=Ethernet
>>>>>>>>>>>>> BOOTPROTO=none
>>>>>>>>>>>>> VLAN=yes
>>>>>>>>>>>>>
>>>>>>>>>>>>> an then try to: /prlsrvctl net add vlan11 --type bridged --ifname
>>>>>>>>>>>>> em2.11/ ?
>>>>>>>>>>>>> unfortunatly after /systemctl restart network/ , system complains
>>>>>>>>>>>>> with :
>>>>>>>>>>>>>
>>>>>>>>>>>>> Bringing up interface em2.11: Error: Connection activation
>>>>>>>>>>>>> failed: No suitable device found for this connection.
>>>>>>>>>>>>>
>>>>>>>>>>>>> as anymone succeed in configuring CT and VM attached to vlan (in
>>>>>>>>>>>>> bridge mode as I want full feature network with
>>>>>>>>>>>>> multicast/broacast) ?
>>>>>>>>>>>>>
>>>>>>>>>>>>> Thanks .
>>>>>>>>>>>>>
>>>>>>>>>>>>> PS : few more information of the actual network config on the
>>>>>>>>>>>>> system :
>>>>>>>>>>>>>
>>>>>>>>>>>>> # ip addr | grep LOWER_UP
>>>>>>>>>>>>> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state
>>>>>>>>>>>>> UNKNOWN
>>>>>>>>>>>>> 2: em1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq
>>>>>>>>>>>>> master br0 state UP qlen 1000
>>>>>>>>>>>>> 3: em2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq
>>>>>>>>>>>>> master br1 state UP qlen 1000
>>>>>>>>>>>>> 8: venet0: <BROADCAST,POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1500
>>>>>>>>>>>>> qdisc noqueue state UNKNOWN
>>>>>>>>>>>>> 22: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
>>>>>>>>>>>>> state UP
>>>>>>>>>>>>> 23: br1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
>>>>>>>>>>>>> state UP
>>>>>>>>>>>>>
>>>>>>>>>>>>> # prlsrvctl net list
>>>>>>>>>>>>> Network ID Type Bound To Bridge Slave
>>>>>>>>>>>>> interfaces
>>>>>>>>>>>>> Bridged bridged em2 br1
>>>>>>>>>>>>> Host-Only host-only virbr0
>>>>>>>>>>>>>
>>>>>>>>>>>>> it strange that em1 and br0 doesn't show up here !?
>>>>>>>>>>>>>
>>>>>>>>>>>>> # brctl show
>>>>>>>>>>>>> bridge name bridge id STP enabled interfaces
>>>>>>>>>>>>> br0 8000.14187769840a no em1
>>>>>>>>>>>>> br1 8000.14187769840b no em2
>>>>>>>>>>>>> host-routed 8000.000000000000 no
>>>>>>>>>>>>> virbr0 8000.52540064dd31 no virbr0-nic
>>>>>>>>>>>>> virbr2 8000.52540085818e no virbr2-nic
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>>> Users mailing list
>>>>>>>>>>>>> Users@openvz.org
>>>>>>>>>>>>> https://lists.openvz.org/mailman/listinfo/users
>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>> Users mailing list
>>>>>>>>>>>> Users@openvz.org
>>>>>>>>>>>> https://lists.openvz.org/mailman/listinfo/users
>>>>>>>>>>>>
>>>>>>>>>> _______________________________________________
>>>>>>>>>> Users mailing list
>>>>>>>>>> Users@openvz.org
>>>>>>>>>> https://lists.openvz.org/mailman/listinfo/users
>>>>>>>> _______________________________________________
>>>>>>>> Users mailing list
>>>>>>>> Users@openvz.org
>>>>>>>> https://lists.openvz.org/mailman/listinfo/users
>>>>>>> _______________________________________________
>>>>>>> Users mailing list
>>>>>>> Users@openvz.org
>>>>>>> https://lists.openvz.org/mailman/listinfo/users
>>>>>>>
>>>>>> _______________________________________________
>>>>>> Users mailing list
>>>>>> Users@openvz.org
>>>>>> https://lists.openvz.org/mailman/listinfo/users
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Users mailing list
>>>>> Users@openvz.org
>>>>> https://lists.openvz.org/mailman/listinfo/users
>>> _______________________________________________
>>> Users mailing list
>>> Users@openvz.org
>>> https://lists.openvz.org/mailman/listinfo/users
>>
>> _______________________________________________
>> Users mailing list
>> Users@openvz.org
>> https://lists.openvz.org/mailman/listinfo/users
_______________________________________________
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users
