Bug #3163

ARP cache poisoning does not work with L2 networks

Added by EOLE Team almost 7 years ago. Updated over 6 years ago.

Status:ClosedStart date:08/26/2014
Priority:NormalDue date:
Assignee:Jaime Melis% Done:

0%

Category:Drivers - Network
Target version:Release 4.10
Resolution:fixed Pull request:
Affected Versions:OpenNebula 4.8

Description

Hello,

Trying to instantiate a VM using a L2-only network, I got a failure because of ARP cache poisoning:

oneadmin@one:~$ onevnet show Internal
VIRTUAL NETWORK 0 INFORMATION
ID             : 0
NAME           : Internal
USER           : nebula
GROUP          : oneadmin
CLUSTER        : -
BRIDGE         : nebula
VLAN           : Yes
VLAN ID        : 4
USED LEASES    : 1

PERMISSIONS
OWNER          : um-
GROUP          : um-
OTHER          : u--

VIRTUAL NETWORK TEMPLATE
BRIDGE="nebula" 
DESCRIPTION="Internal Network" 
PHYDEV="" 
VLAN="YES" 
VLAN_ID="4" 

ADDRESS RANGE POOL
 AR TYPE    SIZE LEASES               MAC              IP          GLOBAL_PREFIX
  0 ETHER    254      1 02:00:53:84:99:72               -                      -

LEASES
AR  OWNER                    MAC              IP                      IP6_GLOBAL
0   VM : 0     02:00:53:84:99:72               -                               -

Tue Aug 26 15:39:03 2014 [Z0][DiM][I]: New VM state is ACTIVE.
Tue Aug 26 15:39:03 2014 [Z0][LCM][I]: New VM state is PROLOG.
Tue Aug 26 15:39:04 2014 [Z0][LCM][I]: New VM state is BOOT
Tue Aug 26 15:39:04 2014 [Z0][VMM][I]: Generating deployment file: /var/lib/one/vms/0/deployment.0
Tue Aug 26 15:39:04 2014 [Z0][VMM][I]: ExitCode: 0
Tue Aug 26 15:39:04 2014 [Z0][VMM][I]: Successfully execute network driver operation: pre.
Tue Aug 26 15:39:05 2014 [Z0][VMM][I]: ExitCode: 0
Tue Aug 26 15:39:05 2014 [Z0][VMM][I]: Successfully execute virtualization driver operation: deploy.
Tue Aug 26 15:39:05 2014 [Z0][VMM][I]: Command execution fail: /var/tmp/one/vnm/ovswitch/post PFZNPjxJRD4wPC9JRD48REVQTE9ZX0lELz48VEVNUExBVEU+PE5JQz48QVJfSUQ+PCFbQ0RBVEFbMF1dPjwvQVJfSUQ+PEJSSURHRT48IVtDREFUQVtuZWJ1bGFdXT48L0JSSURHRT48TUFDPjwhW0NEQVRBWzAyOjAwOjUzOjg0Ojk5OjcyXV0+PC9NQUM+PE5FVFdPUks+PCFbQ0RBVEFbU1ctRU9MRV1dPjwvTkVUV09SSz48TkVUV09SS19JRD48IVtDREFUQVswXV0+PC9ORVRXT1JLX0lEPjxORVRXT1JLX1VOQU1FPjwhW0NEQVRBW25lYnVsYV1dPjwvTkVUV09SS19VTkFNRT48TklDX0lEPjwhW0NEQVRBWzBdXT48L05JQ19JRD48VkxBTj48IVtDREFUQVtZRVNdXT48L1ZMQU4+PFZMQU5fSUQ+PCFbQ0RBVEFbNF1dPjwvVkxBTl9JRD48L05JQz48L1RFTVBMQVRFPjxISVNUT1JZX1JFQ09SRFM+PEhJU1RPUlk+PEhPU1ROQU1FPm5lYnVsYTEuZW9sZS5sYW48L0hPU1ROQU1FPjwvSElTVE9SWT48L0hJU1RPUllfUkVDT1JEUz48L1ZNPg== 'one-0'
Tue Aug 26 15:39:05 2014 [Z0][VMM][I]: post: Executed "sudo ovs-vsctl set Port vnet0 tag=4".
Tue Aug 26 15:39:05 2014 [Z0][VMM][I]: post: Executed "sudo ovs-ofctl add-flow nebula in_port=3,arp,dl_src=02:00:53:84:99:72,priority=45000,actions=drop".
Tue Aug 26 15:39:05 2014 [Z0][VMM][E]: post: Command "sudo ovs-ofctl add-flow nebula in_port=3,arp,dl_src=02:00:53:84:99:72,nw_src=,priority=46000,actions=normal" failed.
Tue Aug 26 15:39:05 2014 [Z0][VMM][E]: post: ovs-ofctl: priority=46000: invalid IP address
Tue Aug 26 15:39:05 2014 [Z0][VMM][E]: ovs-ofctl: priority=46000: invalid IP address
Tue Aug 26 15:39:05 2014 [Z0][VMM][E]: 
Tue Aug 26 15:39:05 2014 [Z0][VMM][I]: ExitCode: 1
Tue Aug 26 15:39:06 2014 [Z0][VMM][I]: error: failed to get domain 'one-0'
Tue Aug 26 15:39:06 2014 [Z0][VMM][I]: error: Domain not found: no domain with matching name 'one-0'
Tue Aug 26 15:39:06 2014 [Z0][VMM][I]: ExitCode: 0
Tue Aug 26 15:39:06 2014 [Z0][VMM][I]: Successfully execute virtualization driver operation: cancel.
Tue Aug 26 15:39:06 2014 [Z0][VMM][I]: Failed to execute network driver operation: post.
Tue Aug 26 15:39:06 2014 [Z0][VMM][E]: Error deploying virtual machine: ovs-ofctl: priority=46000: invalid IP address
Tue Aug 26 15:39:06 2014 [Z0][DiM][I]: New VM state is FAILED
  • edit /var/lib/one/remotes/vnm/OpenNebulaNetwork.conf:
    :arp_cache_poisoning: false
  • sync hosts
    oneadmin@one:~$ onehost sync -f
* Adding nebula1 to upgrade
* Adding nebula2 to upgrade
* Adding nebula3 to upgrade
[========================================] 3/3 nebula3
All hosts updated successfully.

And now it works.

Regards.

Associated revisions

Revision dfa21d6a
Added by Jaime Melis over 6 years ago

Bug #3163: ARP cache poisoning does not work with L2 networks

History

#1 Updated by Ruben S. Montero almost 7 years ago

  • Status changed from Pending to New
  • Target version set to 67

Thanks for the feedback!

#2 Updated by Ruben S. Montero almost 7 years ago

  • Target version changed from 67 to Release 4.10

#3 Updated by Ruben S. Montero over 6 years ago

  • Assignee set to Jaime Melis

#4 Updated by Jaime Melis over 6 years ago

  • Status changed from New to Closed
  • Resolution set to fixed

Also available in: Atom PDF