KVM - trunk interface on gues

Hi!

I installed Cisco router CSR1000v in KVM. It is generally working, but I’m not able to use it as a “router on a stick”. I need to configure trunk interface on switch and then on router and router will be doing routing between vlans.
Unfortunately it looks that VLAN tagged packets are not reaching router/network. How can I configure KVM to forward any trafic from physical interface to router and other way? I thought that passthrough mode is what I need but it is not working.
I would like also that CDP packet also woud be forwarded from guest to switch. Generally -> connect physical interface to guest without any filtering.

Configuring separated interfaces for vlans is not a sollution. Router admin should be able to configure vlan subinterfaces on router without asking KVM admin every time to create new vlan interfce.

How can I do that?

Passthrough (if you mean macvtap) is for attaching PCI VF; is your system capable of it and have you configured virtual functions? Otherwise I expect that macvtap in any other mode should work; VEPA requires explicit external switch support, so as long as you do not need to communicate with your guest from host (at least, over the same interface), either bridge or private. As long as you have single guest it does not really matter.
[/QUOTE]

Are you following any Cisco deployment guides?

This is the page for all virtualization technologies
http://www.cisco.com/c/en/us/td/docs/routers/csr1000/software/configuration/csr1000Vswcfg.html

And, this is the page which describes how to set up specifically in KVM. Don’t worry about the references to RHEL, to my eye everything should work on openSUSE without any modification.
http://www.cisco.com/c/en/us/td/docs/routers/csr1000/software/configuration/csr1000Vswcfg/installkvm.html

Skimming the various methods to set up your csr,
I’d recommend using the libvirt method (second described method). Looks like the virsh method should work without a problem, too.
To configure your interfaces,

It also looks like you can set up on an OpenStack as well… If this is something you’d like to try, I’ve created some scripts to have Devstack (The recommended way to deploy a simple, small OpenStack) on openSUSE at the following page. After installed, then you can follow the OpenStack instructions for your csr.
https://en.opensuse.org/User:Tsu2/openstack-install

Additionally,
Especially for this kind of use, I <do not> recommend using Tumbleweed as your HostOS, you will want a stable HostOS (and likely a GuestOS as well) when you’re building network infrastructure. Re-install or “upgrade” to LEAP before installing your csr.

And, note that you do <not> need or would likely want to do any hardware pass-through.
To configure your network interfaces,
http://www.cisco.com/c/en/us/td/docs/routers/csr1000/software/configuration/csr1000Vswcfg/vminterface.html

TSU

So many topics :wink:

Additionally,
Especially for this kind of use, I <do not> recommend using Tumbleweed as your HostOS, you will want a stable HostOS (and likely a GuestOS as well) when you’re building network infrastructure. Re-install or “upgrade” to LEAP before installing your csr.

It is not a production system, it is my testing environment for CCNP exam preparation. I think it doesn’t need to be so stable and secure.
Anyway, I can think about migration if you convince me that it will start workink this way :wink:

I stareted reading about Open vSwitch and found this: VLAN Trunking to Guest Domains with Open vSwitch - Scott's Weblog - The weblog of an IT pro focusing on cloud computing, Kubernetes, Linux, containers, and networking
It sounds line what I need.

Now trunk interface in router started working but again with restrictions. It looks that multicasts are blocked. I started EIGRP routing protocol on 1000v in guest and neighboring is not associated.
Now my configuration looks like (“Mostek” means bridge):
One normal access interface for managing without trunk (EIGHR/multicast is working and trunking/vlans is not working):
http://zapisz.net/images/696_normalinterface.png](http://zapisz.net/view.php?filename=696_normalinterface.png)
Second interface with trunk on switch and subinterfaces on router (vlans are working but EIGRP/multicasts are not working):
http://zapisz.net/images/385_bridgeinterface.png](http://zapisz.net/view.php?filename=385_bridgeinterface.png)

I saw this Cisco pages but they are not writing much about trunks. Only in one place whe vSwitch is used but it is VMWare vSwitch I think.

Generally I have enough interfaces for every guest virtual router, so the easiest way to attach physical interface to guest is what I need.
Unfortunately I see that everywhere are bridge interfaces which (if I understand well) are controlled by kernel, so he is inspecting if package should be forwarded to guest or not - am I right?

I configured openvswitch this way:

linux-xj5t:/etc/sysconfig/network # ovs-vsctl show
cd2c0b39-d332-4a3c-a087-db665d872412
    Bridge "ovsbr_eno1"
        Port "ovsbr_eno1"
            Interface "ovsbr_eno1"
                type: internal
        Port "vmport1"
            Interface "vmport1"
        Port "eno1"
            Interface "eno1"
    ovs_version: "2.5.0"
linux-xj5t:/etc/sysconfig/network # cat ifcfg-eno1 
 STARTMODE='auto'
 BOOTPROTO='none'
linux-xj5t:/etc/sysconfig/network # cat ifcfg-vmport1 
 STARTMODE='auto'
 BOOTPROTO='none'
linux-xj5t:/etc/sysconfig/network # cat ifcfg-ovsbr_eno1 
STARTMODE='auto'
 BOOTPROTO=dhcp
 OVS_BRIDGE='yes'
 OVS_BRIDGE_PORT_DEVICE='eno1'


But how can I now connect it to guest?
When I chose vmport1 interface then I see this error:

interface macvtap0@vmport1 (52:54:00:46:9e:37): Device or resource busy

I found this: https://www.suse.com/documentation/sles-12/book_sle_admin/data/sec_ovs.html


linux-xj5t:/etc/sysconfig/network # cat ifcfg-bridger1 
DEVICE=bridger1
STARTMODE='auto'
BOOTPROTO='dhcp'
OVS_BRIDGE='yes'
OVS_BRIDGE_PORT_DEVICE_1='eno1'
OVS_BRIDGE_PORT_DEVICE_2='tap0'
linux-xj5t:/etc/sysconfig/network # cat ifcfg-eno1 
 DEVICE=eno1
 BOOTPROTO=none
 IPV6INIT=no
 NM_CONTROLLED=no
 ONBOOT=yes
 TYPE=OVSPort
 DEVICETYPE=ovs
 OVS_BRIDGE=bridger1
linux-xj5t:/etc/sysconfig/network # cat ifcfg-tap0 
DEVICE=tap0
STARTMODE='auto'
BOOTPROTO='none'
TUNNEL='tap'

but the same error with busy interface tap0.

Although still possibly on-topic with your original Forum Subject line,
you appear to have drastically changed the content of your Discussion thread, ordinarily when this happens I’d recommend opening a new thread with perhaps a more specific Subject line.

Your choice of Open VSwitch is good, it’s a popular way provide a virtual switch for virtual networks.

I haven’t heard of multicast issues, and a quick Google search returns some, but not many hits. That probably means that a problem may sometimes exist, but is not often encountered.

Skimming a few of the results, I didn’t find any reliable solutions. One was resolved simply by rebooting which should always be tried.

Because there aren’t many posted multicast issues, you may need to find a VSwitch forum or IRC and ask your questions there.

I would repeat that you should deploy on a LEAP instead of Tumbleweed because there may be some unidentified bleeding edge component that may be causing your problem as well. When you deploy on LEAP, you can be relatively assured that you’re running on well-tested components, and anyone who helps you will have a better understanding of how you are set up. Tumbleweed is for those who are willing to experience problems and are willing to do the extra work to troubleshoot problems, sometimes fundamental issues but also issues which might be the result of new components not yet fully vetted.

Some additional:
There are a great many Open VSwitch labs, you may want to set up one of those for initial learning instead of trying to build your own.

Although there is nothing I can find about multicasts in the existing SUSE KVM documentation, I highly recommend it as a reference. Although the documentation is written for SLES/SLED, once you have KVM set up on openSUSE (any version), everything in the documentation applies to openSUSE as well.
https://www.suse.com/documentation/sles11/singlehtml/book_kvm/book_kvm.html

TSU

OK, I’ll reinstall my OpenSUSE to Leap 42.1, install KVM + openvswitch to make it right and open new thread.

Or I’ll try Pass-through netowrk configuration (direct interface connection?) but I don’t know how to verify if my network interfaces are supporting SR-IOV.

linux-m797:/home/kamil # lspci | grep Eth
03:00.0 Ethernet controller: Broadcom Corporation NetXtreme BCM5719 Gigabit Ethernet PCIe (rev 01)
03:00.1 Ethernet controller: Broadcom Corporation NetXtreme BCM5719 Gigabit Ethernet PCIe (rev 01)
03:00.2 Ethernet controller: Broadcom Corporation NetXtreme BCM5719 Gigabit Ethernet PCIe (rev 01)
03:00.3 Ethernet controller: Broadcom Corporation NetXtreme BCM5719 Gigabit Ethernet PCIe (rev 01)
04:00.0 Ethernet controller: Broadcom Corporation NetXtreme BCM5719 Gigabit Ethernet PCIe (rev 01)
04:00.1 Ethernet controller: Broadcom Corporation NetXtreme BCM5719 Gigabit Ethernet PCIe (rev 01)
04:00.2 Ethernet controller: Broadcom Corporation NetXtreme BCM5719 Gigabit Ethernet PCIe (rev 01)
04:00.3 Ethernet controller: Broadcom Corporation NetXtreme BCM5719 Gigabit Ethernet PCIe (rev 01)
07:00.0 Ethernet controller: Broadcom Corporation NetXtreme II BCM5709 Gigabit Ethernet (rev 20)
07:00.1 Ethernet controller: Broadcom Corporation NetXtreme II BCM5709 Gigabit Ethernet (rev 20)