From mboxrd@z Thu Jan  1 00:00:00 1970
From: Mark McLoughlin <markmc@redhat.com>
Subject: Re: [PATCH 0/9][RFC] KVM virtio_net performance
Date: Mon, 28 Jul 2008 07:42:29 +0100
Message-ID: <1217227349.9122.7.camel@muff>
References: <1216899979-32532-1-git-send-email-markmc@redhat.com>
	 <4888EC61.8050208@codemonkey.ws> <488B7668.7090605@tmr.com>
	 <488C292C.7020609@qumranet.com>  <488C7585.2050804@tmr.com>
Reply-To: Mark McLoughlin <markmc@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Cc: Avi Kivity <avi@qumranet.com>,
	Anthony Liguori <anthony@codemonkey.ws>, kvm@vger.kernel.org,
	Herbert Xu <herbert@gondor.apana.org.au>,
	Rusty Russell <rusty@rustcorp.com.au>
To: Bill Davidsen <davidsen@tmr.com>
Return-path: <kvm-owner@vger.kernel.org>
Received: from mx1.redhat.com ([66.187.233.31]:47321 "EHLO mx1.redhat.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1751933AbYG1Gmw (ORCPT <rfc822;kvm@vger.kernel.org>);
	Mon, 28 Jul 2008 02:42:52 -0400
In-Reply-To: <488C7585.2050804@tmr.com>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

On Sun, 2008-07-27 at 09:17 -0400, Bill Davidsen wrote:
> Avi Kivity wrote:
> > Bill Davidsen wrote:
> >>
> >> I have been discussing this (on this list) in another thread. Putting 
> >> tcpdump on the eth0 device in the VM, the br0 device in the host, and 
> >> the eth0 (physical NIC) in the host, you can see that when the VM 
> >> generates a DHCP request it shows up on the br0 in the host, but 
> >> never gets sent on the wire by eth0.
> >>
> >> That's the point of failure, at least using RHEL5/FC6/kvm-66 as the 
> >> environment.
> >
> > Does playing with the bridge forward delay ('brctl setfd') help?
> >
> Update: Redhat has a user chain in iptables shared between INPUT and 
> FORWARD (bad idea) which doesn't pass bootp packets by default. 

Yeah, I've been trying to get that rule changed to allow all bridged
packets to be forwarded by default. See:

  https://bugzilla.redhat.com/221828

> Adding 
> the following rules to that table solved the DHCP for me.
> 
> ACCEPT     udp  --  anywhere             anywhere            udp 
> spt:bootps dpt:bootpc
> ACCEPT     udp  --  anywhere             anywhere            udp 
> spt:bootpc dpt:bootps
> 
> This seems to solve my problem, I just have to make it part of my "start 
> kvm" procedure.

See here:

  http://wiki.libvirt.org/page/Networking

in the 'Bridged networking (aka "shared physical device")' section:

  # echo "-I FORWARD -m physdev --physdev-is-bridged -j ACCEPT" > /etc/sysconfig/iptables-forward-bridged
  # lokkit --custom-rules=ipv4:filter:/etc/sysconfig/iptables-forward-bridged
  # service libvirtd reload

Cheers,
Mark.