Hello Nicolas,
Thanks for helping…! (Things are a “bit” busy here, sorry for the delay…)
ARP traffic seams to be going through, but not IP…:
root@xxxxxx:/proc/net/vlan# tcpdump -i one-89-0 -n -a -A
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on one-89-0, link-type EN10MB (Ethernet), capture size 262144 bytes
09:20:54.136493 ARP, Request who-has xxx.xxx.xxx.254 tell xxx.xxx.xxx.34, length 28
…j.".j."…j…
09:20:57.144571 ARP, Request who-has xxx.xxx.xxx.254 tell xxx.xxx.xxx.34, length 28
…j.".j."…j…
09:20:58.144414 ARP, Request who-has xxx.xxx.xxx.254 tell xxx.xxx.xxx.34, length 28
…j.".j."…j…
09:20:59.144385 ARP, Request who-has xxx.xxx.xxx.254 tell xxx.xxx.xxx.34, length 28
…j.".j."…j…
09:21:02.149850 ARP, Request who-has xxx.xxx.xxx.254 tell xxx.xxx.xxx.34, length 28
…j.".j."…j…
09:21:03.148319 ARP, Request who-has xxx.xxx.xxx.254 tell xxx.xxx.xxx.34, length 28
…j.".j."…j…
09:21:04.148303 ARP, Request who-has xxx.xxx.xxx.254 tell xxx.xxx.xxx.34, length 28
…j.".j."…j…
09:21:07.155082 ARP, Request who-has xxx.xxx.xxx.254 tell xxx.xxx.xxx.34, length 28
…j.".j."…j…
No, the VMs are completely isolated. The only way to get to them is from their console.
Yes, “mac_spoofing is” enabled on the vnet. But for the life of me, I could not find how to check that on virbr0.
I just double-checked, and “net.ipv4.ip_forward” is set to “1” on “/etc/sysctl.conf”.
(I’m still having my head wrap around VLAN tagging, so forgive me if my next questions make no sense whatsoever.)
The switches’ interfaces where the OpenNebula environment is connected are already associated to an existing VLAN tag (481) which is the same I’m defining within my vNet. Should I be using a different/non-used tag number?
And again: do I have to change any configuration on the bond0 interface regarding enabling 802.1Q?
And again, Thanks…!
Alex