Problem with bridge external interface (VMWare)

LXD
1

Hi,

I can’t get a network bridge with external interface working

Case 1 : bridge native

# lxc network show external
config:
  bridge.external_interfaces: ens224
  ipv4.address: 10.23.254.104/24
  ipv6.address: none
description: ""
name: external
type: bridge
used_by:
- /1.0/profiles/external
managed: true
status: Created
locations:
- none

$ lxc config device add rproxy ext nic network=external name=ext
$ lxc shell rproxy
rpx # ip l s up dev ext
rpx # ip a a 10.23.254.100/24 dev ext
rpx # ping 10.23.254.1
PING 10.23.254.1 (10.23.254.1) 56(84) bytes of data.
From 10.23.254.100 icmp_seq=1 Destination Host Unreachable
From 10.23.254.100 icmp_seq=2 Destination Host Unreachable
^C
rpx # ping 10.23.254.254
PING 10.23.254.254 (10.23.254.254) 56(84) bytes of data.
From 10.23.254.100 icmp_seq=1 Destination Host Unreachable
^C
root@rproxy:~# ip n sh
10.23.254.104 dev ext lladdr 00:16:3e:67:03:fc REACHABLE
10.23.254.254 dev ext lladdr 00:50:56:b4:11:e0 STALE
10.23.254.1 dev ext  FAILED

Meanwhile :

# tcpdump -i ens224 arp or icmp
(...)
12:40:56.514517 ARP, Request who-has 10.23.254.1 tell 10.23.254.100, length 28
12:40:59.165890 ARP, Request who-has 10.23.254.254 tell 10.23.254.100, length 28
(...)
12:42:09.169277 ARP, Request who-has 10.23.254.XX tell 10.23.254.254, length 46
2

Please show output of ip a, ip r, and bridge link show from the host.

thanks

3

Case 2 : macvlan

$ lxc config device add rproxy ext nic nictype=macvlan   parent=ens224 name=ext
$ lxc shell rproxy 
rproxy:~# ip a s ext
29: ext@if3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether XXXXXXX brd ff:ff:ff:ff:ff:ff link-netnsid 0
rproxy:~# ip l s up ext
rproxy:~# ip a a 10.23.254.100/24 dev ext
rproxy:~# ip n sh
10.23.254.104 dev ext  FAILED
rproxy:~# ping 10.23.254.254
PING 10.23.254.254 (10.23.254.254) 56(84) bytes of data.
^C
--- 10.23.254.254 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2055ms

rproxy:~# ip n sh
10.23.254.104 dev ext  FAILED
10.23.254.254 dev ext  FAILED

Meanwhile :

# tcpdump -i ens224 arp or icmp
ARP, Request who-has 10.23.254.104 tell 10.23.254.100, length 28 28
ARP, Request who-has 10.23.254.254 tell 10.23.254.100, length 28 28
ARP, Request who-has 10.23.254.104 tell 10.23.254.100, length 28 28
ARP, Request who-has 10.23.254.1 tell 10.23.254.100, length 28 28
ARP, Request who-has 10.23.254.104 tell 10.23.254.100, length 28 28
ARP, Request who-has 10.23.254.1 tell 10.23.254.100, length 28 28
ARP, Request who-has 10.23.254.104 tell 10.23.254.100, length 28 28
ARP, Request who-has 10.23.254.1 tell 10.23.254.100, length 28 28
ARP, Request who-has 10.23.254.104 tell 10.23.254.100, length 28 28
ARP, Request who-has 10.23.254.1 tell 10.23.254.100, length 28 28
IP 10.23.254.100 > 10.23.254.254: ICMP echo request, id 657, seq 7, length 64 64
ARP, Request who-has 10.23.254.254 tell 10.23.254.100, length 28 28
IP 10.23.254.100 > 10.23.254.254: ICMP echo request, id 657, seq 8, length 64 64
ARP, Request who-has 10.23.254.254 tell 10.23.254.100, length 28 28
IP 10.23.254.100 > 10.23.254.254: ICMP echo request, id 657, seq 9, length 64 64
ARP, Request who-has 10.23.254.254 tell 10.23.254.100, length 28 28
IP 10.23.254.100 > 10.23.254.254: ICMP echo request, id 657, seq 10, length 64 64
ARP, Request who-has 10.23.254.104 tell 10.23.254.100, length 28 28
ARP, Request who-has 10.23.254.254 tell 10.23.254.100, length 28 28
ARP, Request who-has 10.23.254.104 tell 10.23.254.100, length 28 28
ARP, Request who-has 10.23.254.254 tell 10.23.254.100, length 28 28
IP 10.23.254.100 > 10.23.254.254: ICMP echo request, id 657, seq 11, length 64 64
IP 10.23.254.100 > 10.23.254.254: ICMP echo request, id 657, seq 12, length 64 64
ARP, Request who-has 10.23.254.104 tell 10.23.254.100, length 28 28
IP 10.23.254.100 > 10.23.254.254: ICMP echo request, id 657, seq 13, length 64 64
IP 10.23.254.100 > 10.23.254.254: ICMP echo request, id 657, seq 14, length 64 64
IP 10.23.254.100 > 10.23.254.254: ICMP echo request, id 657, seq 15, length 64 64
IP 10.23.254.100 > 10.23.254.254: ICMP echo request, id 657, seq 16, length 64 64
IP 10.23.254.100 > 10.23.254.254: ICMP echo request, id 657, seq 17, length 64 64
ARP, Request who-has 10.23.254.254 tell 10.23.254.100, length 28 28
IP 10.23.254.100 > 10.23.254.254: ICMP echo request, id 657, seq 18, length 64 64
ARP, Request who-has 10.23.254.254 tell 10.23.254.100, length 28 28
IP 10.23.254.100 > 10.23.254.254: ICMP echo request, id 657, seq 19, length 64 64
ARP, Request who-has 10.23.254.254 tell 10.23.254.100, length 28 28
IP 10.23.254.100 > 10.23.254.254: ICMP echo request, id 657, seq 20, length 64 64
ARP, Request who-has 10.23.254.254 tell 10.23.254.100, length 28 28
IP 10.23.254.100 > 10.23.254.254: ICMP echo request, id 657, seq 21, length 64 64
IP 10.23.254.100 > 10.23.254.254: ICMP echo request, id 657, seq 22, length 64 64
IP 10.23.254.100 > 10.23.254.254: ICMP echo request, id 657, seq 23, length 64 64
IP 10.23.254.100 > 10.23.254.254: ICMP echo request, id 657, seq 24, length 64 64
IP 10.23.254.100 > 10.23.254.254: ICMP echo request, id 657, seq 25, length 64 64
ARP, Request who-has 10.23.254.104 tell 10.23.254.100, length 28 28
IP 10.23.254.100 > 10.23.254.254: ICMP echo request, id 657, seq 26, length 64 64
ARP, Request who-has 10.23.254.104 tell 10.23.254.100, length 28 28
ARP, Request who-has 10.23.254.254 tell 10.23.254.100, length 28 28
ARP, Request who-has 10.23.254.104 tell 10.23.254.100, length 28 28
ARP, Request who-has 10.23.254.254 tell 10.23.254.100, length 28 28
ARP, Request who-has 10.23.254.1 tell 10.23.254.254, length 46 46
ARP, Request who-has 10.23.254.254 tell 10.23.254.100, length 28 28
IP 10.23.254.100 > 10.23.254.254: ICMP echo request, id 659, seq 1, length 64 64
IP 10.23.254.100 > 10.23.254.254: ICMP echo request, id 659, seq 2, length 64 64
ARP, Request who-has 10.23.254.104 tell 10.23.254.100, length 28 28
ARP, Request who-has 10.23.254.1 tell 10.23.254.100, length 28 28
ARP, Request who-has 10.23.254.104 tell 10.23.254.100, length 28 28
ARP, Request who-has 10.23.254.1 tell 10.23.254.100, length 28 28
ARP, Request who-has 10.23.254.254 tell 10.23.254.100, length 28 28
ARP, Request who-has 10.23.254.1 tell 10.23.254.100, length 28 28
ARP, Request who-has 10.23.254.254 tell 10.23.254.100, length 28 28
ARP, Request who-has 10.23.254.1 tell 10.23.254.100, length 28 28
ARP, Request who-has 10.23.254.254 tell 10.23.254.100, length 28 28
ARP, Request who-has 10.23.254.1 tell 10.23.254.100, length 28 28
ARP, Request who-has 10.23.254.104 tell 10.23.254.100, length 28 28
4

I suspect you have MAC filtering on the external network. You’re not seeing any ARP replies to your queries.

5

Or is LXD running in a VM by any chance?

6 
pc-host # ip a s external
30: external: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 00:16:3e:27:ba:82 brd ff:ff:ff:ff:ff:ff
    inet 10.23.254.104/24 scope global external
       valid_lft forever preferred_lft forever
    inet6 fe80::216:3eff:fe27:ba82/64 scope link
       valid_lft forever preferred_lft forever
pc-host # ip a s ens224
3: ens224: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master external state UP group default qlen 1000
    link/ether 00:50:56:b4:c1:ba brd ff:ff:ff:ff:ff:ff
    inet6 fe80::250:56ff:feb4:c1ba/64 scope link
       valid_lft forever preferred_lft forever

pc-host # ip r s dev external
10.23.254.0/24 proto kernel scope link src 10.23.254.104

pc-host # bridge link show dev ens224
3: ens224: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master external state forwarding priority 32 cost 2
7

Yes on VmWare

8

Oh wait, what is the external interface configured with the same subnet?

9

External is the name of the bridge

10

Ah that info is key info, you need to enable multiple MAC support for the VM on the VMWare side.
Usually called promiscuous mode or similar.

11

Got it thanks.

12

I think we … GOT A WINNER !!!

oscars-standing-ovation

1 Like
13

image

1 Like
14

image

Minimum fonctionnel