Thread: MacVTap VEPA with OpenBSD router/firewall, need bridge to reflect on same segment
View Single Post
  #16   (View Single Post)  
Old 20th September 2016
rbigm101 rbigm101 is offline
New User
  
Join Date: Sep 2016
Posts: 8
Default
Update:
I have been configuring my VM’s to use the vxlan. I have the vxlan that is attached to the VM’s bridged to my eth0 interface. I have the other vxlan on my OpenBSD router, on the same bridge as all the interfaces. The purpose of this experiment was to gain/demonstrate the functionality of having one of the VM’s talk to its host system. The VM talkes to to xvlan, the xvlan repeats on the OpenBSD bridge, the bridge sends the frame to the KVM host ethernet port.

Here’s what keeps happening:
1. I have my OpenBSD router running with the vxlan ready to go.

2. I turn on my KVM host and configure the vxlan with these commands.

Code:
ip link add vxlan0 type vxlan id 1 remote 172.168.1.1 local 172.168.1.11 dev eth0 dstport 4789
ip addr add 172.168.1.200/24 dev vxlan0
Then I start my VM’s

3. I run tests with ping, telnet, and tcpdump, while using X11 forwarding to view/use the running VM’s, so I can do ping, and telnet tests on those, while watching my tcpdump.

4. At some point in my testing, the OpenBSD kernel will crash. I have noticed that these kernel crashes will not reoccur if I restart the OpenBSD router after a kernel crash and continue testing, without having restarted my KVM host along with it. Meaning I just ssh into the KVM host again and continue my testing. If I restart the KVM host, shortly after I start testing, I'll do a ping or try to ssh and the router will crash. Photos of all of the information I could produce from the crashes are below.

I have not been able to get the xvlan to work at any point durring this (not even an ip assignment to the VM’s) , and I’m worried that the functionality I’m looking for is not available while the router is the last thing that has been booted. Although it could be just poor vxlan configuration and/or firewall issues.

Tomorrow I’m going to submit a bug report on the kernel crashes, and a bug report on the bridge(4) for not supporting a “hairpin” mode, which I believe is the most elegant solution to using VEPA with OpenBSD. I’m also going to look into different ways to connect the vxlan to the VM’s.

http://s12.postimg.org/x2vfmecf1/IMG...003886_HDR.jpg
http://s12.postimg.org/rsqgv3s65/IMG...547944_HDR.jpg
http://s12.postimg.org/ke152q6al/IMG...023029_HDR.jpg
http://s12.postimg.org/riiybrdjx/IMG..._185802405.jpg
__________________
The bugs will pass, but the functionality will remain.
Last edited by rbigm101; 20th September 2016 at 12:12 AM. Reason: Forgot to explicitly say that when I restarted my KVM host, it crashes. Forgot to blame firewall/self for non functionality.
Reply With Quote