Header Only - DO NOT REMOVE - Extreme Networks

Ovirt KVM, connection lost after VM migration within the cluster


Hello,
Im setting up an Ovirt HA KVM environment with two stacked x440 Summit switches.
My cluster has only two nodes, and I'm currently testing the live migration with a virtualized firewall (pfsense).

The firewall has many virtual interfaces (wan0-wan3) which act as dhcp client on different VLANs. After migrating the firewall to another cluster node, the interfaces lose the ip and the data connection, while the link stays up. After moving the VM back everything works again.

The switch has no special configuration. What is needed to get the VMs running with IPs from an external DHCP on the wan interfaces?
Do I need VM-Tracking, to allow the movement of the MAC address from one physical port to another?

show iparp:

Dynamic Entries : 3 Static Entries : 0 Pending Entries : 0 In Request : 293832 In Response : 1524218 Out Request : 1524043 Out Response : 1194 Failed Requests : 1 Proxy Answered : 0 Rx Error : 0 Dup IP Addr : 192.168.1.1 Rejected Count : 277511 Rejected IP : 192.168.3.4 Rejected Port : 1:1 Rejected I/F : wan1 Max ARP entries : 8192 Max ARP pending entries : 256 ARP address check: Enabled ARP refresh : Enabled Timeout : 20 minutes ARP Sender-Mac Learning : both-request-and-reply Locktime : 1000 milliseconds Retransmit Time : 1000 milliseconds Reachable Time : 900000 milliseconds (Auto) Fast Convergence : Off
[/code]
Switches:
ExtremeXOS version 16.1.1.4
X440-48p-10G (Stack)

Thanks for any suggestions

4 replies

Hi, as I understand on the switch there's no need to make an extra configuration.
The problem can be on the oVirt side, both hypervisors have attached the virtual networks that the pfsense VM "needs" ?

BR.
Without the attached networks I would get errors during the migration and also would have inconsistencys in the cluster. However, the network setup is not easy, with four physical links as 2x 2 lacp and multiple vlans on top of them, I will check that again. I thought that the switch sets the ip/mac as dublicated after the migration and rejects all traffic in. Im also wondering why the Reject Count is so high and the out response is so low in my iparp stats. Thanks
Florian Nolden wrote:

Without the attached networks I would get errors during the migration and also would have inconsistencys in the cluster. However, the network setup is not easy, with four physical links as 2x 2 lacp and multiple vlans on top of them, I will check that again. I thought that the switch sets the ip/mac as dublicated after the migration and rejects all traffic in. Im also wondering why the Reject Count is so high and the out response is so low in my iparp stats. Thanks

I found my issue! It was not switch related. The bond0 slave interfaces where recreated by ovirt, using the propper interface name, while I choose a other name during the initial os installation. However, these interface configuration was still there and caused the trouble on all Vlans over this bond interface. The RX value of these VLAN interfaces where all zero.
After deleting the old bond slave interface configuration files, I rebooted. Now it seems to work as expected.

Thanks for pointing me in the right direction!
Florian Nolden wrote:

Without the attached networks I would get errors during the migration and also would have inconsistencys in the cluster. However, the network setup is not easy, with four physical links as 2x 2 lacp and multiple vlans on top of them, I will check that again. I thought that the switch sets the ip/mac as dublicated after the migration and rejects all traffic in. Im also wondering why the Reject Count is so high and the out response is so low in my iparp stats. Thanks

Great, thanks for the update.

BR.

Reply