<HTML><HEAD xmlns="http://www.w3.org/1999/xhtml"/>
<BODY>Bonjour,<BR>Le routage ne serait pas activité sur l'hyperviseur par hasard ?<BR>
<BR>-------- Message original --------<BR>Objet : [FRsAG] Problème d'isolation réseau et système sous Linux - OVS - Qemu<BR>De : Florent Nolot <FNOLOT @gmail.com="">
<BR>À : frsag@frsag.org<BR>Cc : <BR>
<BR>
</FNOLOT>
<BLOCKQUOTE style="border-left:1px solid black; padding-left:1px;">
<HTML>
  
<HEAD>
<META http-equiv="Content-Type" content="text/html; charset=UTF-8">
    
<META content="text/html; charset=UTF-8" http-equiv="content-type">
  
  
</HEAD>
<BODY bgcolor="#FFFFFF" text="#000000">
    
<P>Bonjour</P>
    
<P>J'ai un problème d'isolation entre des VM connectés à un
      OpenVSwitch et utilisant des VLAN. Les vlan ne jouent pas leur
      rôle de cloisement. Je copie ci-dessous le post stackoverflow que
      j'ai effectué, resté sans réponse à ce jour.</P>
    
<P> 
</P>
    
<DIV class="post-text" itemprop="text">
      
<P>I have 3 VM (qemu with tap interface), 2 on vlan 10 and 1 on
        vlan 66 on the same lab1 OpenVSwitch. The first VM is connected
        via a tap interface on port lab1vm1. The second has 2 network
        interfaces connected on port lab1dhcp and lab1dhcpmaster and the
        third VM on port dhcpmaster.</P>
      
<PRE>
<CODE>-------------   -----------------------  --------------
| VM 1      |   |        VM2          |  |   VM3      |
|10.10.10.3 |   |10.8.6.1  10.10.10.13|  | 10.10.10.2 |
-------------   -----------------------  --------------
   |                |           |             |
   |                |           |             |
------------------------------------------------------------------
|lab1vm1          lab1dhcp  lab1dhcpadm   dhcpmaster     OVS lab1|
|tag 10           tag 10     tag 66         tag 66               |
------------------------------------------------------------------
</CODE>
</PRE>
      
<P>The OpenVSwitch is configured as follow :</P>
      
<PRE class="lang-sh prettyprint prettyprinted" style="">
<CODE><SPAN class="pln">    </SPAN><SPAN class="typ">Bridge</SPAN><SPAN class="pln"> </SPAN><SPAN class="str">"lab1"</SPAN><SPAN class="pln">
        </SPAN><SPAN class="typ">Port</SPAN><SPAN class="pln"> </SPAN><SPAN class="str">"lab1vm1"</SPAN><SPAN class="pln">
            tag</SPAN><SPAN class="pun">:</SPAN><SPAN class="pln"> </SPAN><SPAN class="lit">10</SPAN><SPAN class="pln">
            </SPAN><SPAN class="typ">Interface</SPAN><SPAN class="pln"> </SPAN><SPAN class="str">"lab1vm1"</SPAN><SPAN class="pln">
        </SPAN><SPAN class="typ">Port</SPAN><SPAN class="pln"> </SPAN><SPAN class="str">"lab1"</SPAN><SPAN class="pln">
            tag</SPAN><SPAN class="pun">:</SPAN><SPAN class="pln"> </SPAN><SPAN class="lit">10</SPAN><SPAN class="pln">
            </SPAN><SPAN class="typ">Interface</SPAN><SPAN class="pln"> </SPAN><SPAN class="str">"lab1"</SPAN><SPAN class="pln">
                type</SPAN><SPAN class="pun">:</SPAN><SPAN class="pln"> internal
        </SPAN><SPAN class="typ">Port</SPAN><SPAN class="pln"> </SPAN><SPAN class="str">"lab1dhcp"</SPAN><SPAN class="pln">
            tag</SPAN><SPAN class="pun">:</SPAN><SPAN class="pln"> </SPAN><SPAN class="lit">10</SPAN><SPAN class="pln">
            </SPAN><SPAN class="typ">Interface</SPAN><SPAN class="pln"> </SPAN><SPAN class="str">"lab1dhcp"</SPAN><SPAN class="pln">
        </SPAN><SPAN class="typ">Port</SPAN><SPAN class="pln"> </SPAN><SPAN class="str">"lab1dhcpadm"</SPAN><SPAN class="pln">
            tag</SPAN><SPAN class="pun">:</SPAN><SPAN class="pln"> </SPAN><SPAN class="lit">66</SPAN><SPAN class="pln">
            </SPAN><SPAN class="typ">Interface</SPAN><SPAN class="pln"> </SPAN><SPAN class="str">"lab1dhcpadm"</SPAN><SPAN class="pln">
        </SPAN><SPAN class="typ">Port</SPAN><SPAN class="pln"> dhcpmaster
            tag</SPAN><SPAN class="pun">:</SPAN><SPAN class="pln"> </SPAN><SPAN class="lit">66</SPAN><SPAN class="pln">
            </SPAN><SPAN class="typ">Interface</SPAN><SPAN class="pln"> dhcpmaster
    ovs_version</SPAN><SPAN class="pun">:</SPAN><SPAN class="pln"> </SPAN><SPAN class="str">"2.9.2"</SPAN></CODE>
</PRE>
      
<P>The problem: VM1 can ping VM3!</P>
      
<UL>
        
<LI>If I power off VM2 or shutdown lab1dhcp or lab1dhcpadm
          interface, the ping doesn't work.</LI>
        
<LI>If I shutdown the two network interfaces of VM2, ping works
          !</LI>
      
</UL>
      
<P>Why VM2 relay ICMP packet from VM1 to VM3 ? The broadcast send
        by VM1 reach also VM3 ! for example, if I ask an address from
        dhcp client on VM1, VM3 receive the dhcp discover.<BR>
      
</P>
    
</DIV>
    
<P>Merci pour votre aide.</P>
    
<P>Florent<BR>
    
</P>
  

</BODY>
</HTML>
</BLOCKQUOTE>
</BODY>
</HTML>