I have a problem with my virtual network and IPv6 network discovery (multicast traffic).
(The setup might seem a little bit involved and I don't remember the exact reasons for every design decision. Nevertheless the network proved to be stable and maintainable. Still possible there's room for optimization and simplification.)
My setup is this:
- qemu/kvm host ("qemu") is running Debian 10; I'm using virt-manager for administration where possible- one VM ("fw") is running a virtualized firewall/router with Ubuntu 18.04- NIC of fw is connected to "Bridge br0: Host device eno1":
# brctl show bridge name bridge id STP enabled interfaces br0 8000.f44d306689b5 no eno1 vnet0 vnet1
- inside of fw I have created several VLAN devices for my different subnets to be filtered by the firewall
- my other VM ("server") is connected to "Host device br0.10: macvtap (source mode: Bridge)" (br0.10 is the VLAN device for VLAN-id 10 on br0.
- I have configured a global unicast /64-subnet (from tunnelbroker.net) in which fw and server have an address of that subnet configured
- I could ping the link-local address of server from fw
The problem:
- I could not ping the global-unicast address of server from fw
- tcpdump on fw showed neighbor solicitations where going out, but no replies were coming in
- tcpdump on qemu on br0 also showed the neighbor solicitations and no replies
- (the workaround) switching macvtap0 to promiscous mode solved the problem. Neighbor solications where received by server and replied to.
My questions are: Why do I have to switch macvtap0 to promiscuous mode manually? Isnt't multicast a standard network feature that should work "out of the box" with a VM? (Or is my setup so untypical, that my use case is not covered?)