FortiGate VM 5.4.4 with 802.1q sub-interface not work

[skyjou]

Hi~

Sub-interface with 802.1q tag in FortiGate VM 5.4.4 (KVM) on GNS3 1.5.3 doesn't work. I upgrade ubridge to version 0.9.11, but it still doesn't work. I try to create two 5.4.4 VM instances with same config in KVM by virt-manager, then connect them to same bridge. And It works well. My OS is Ubuntu 16.04. I am not sure if this issue is related to ubridge function?

[julien-duponchelle]

Are you using the same virtual hardware for the network interface?

[skyjou]

Yes, I try virtio and e1000. I also try to create VM on GNS3 virtual appliance, but it doesn't work too.

[julien-duponchelle]

Do you see the packet when you use wireshark on the link?

[skyjou]

Yes, I can capture packet on link.

[julien-duponchelle]

And you see the 802.1q tags?

[skyjou]

Yes, but device on the other end cannot see those packets.

[julien-duponchelle]

Your two node are directly connected? Nothing in the middle like a switch?

On Thu, Mar 9, 2017 at 2:05 PM skyjou notifications@github.com wrote:

Yes, but device on the other end cannot see those packets.

— You are receiving this because you commented.

Reply to this email directly, view it on GitHub https://github.com/GNS3/ubridge/issues/27#issuecomment-285345919, or mute the thread https://github.com/notifications/unsubscribe-auth/AAVFXWzE1VkdXoPJ141S9OMYvaEMnTmnks5rj_kIgaJpZM4MX0Rv .

[skyjou]

If I need to capture packet between two FortiGate VM, I need to insert a dynamips switch between them. Whether there is a switch between them or not, I get the same result. I use 'diag sniffer packet' command on FortiGate VM see if I can get any incoming packet, but nothing appear. When I connect FortiGate VM to IOU, on the IOU device I cannot see packet on the connected port too (Using EPC to capture).

[julien-duponchelle]

With 1.5.3 ubridge is not use it's a direct UDP connection between the two qemu. We start to use ubridge with 2.0.

What is the command line use by virtmanager to start your VMs?

[skyjou]

I try 2.0RC1 too, and I see the same problem. :(

I just click 'Power On' on GUI. How can I find the command?

[julien-duponchelle]

Try to start virt-manager with LIBVIRT_DEBUG=1 virt-manager --no-fork

[skyjou]

I am not sure which line will be helpful. So I upload my log and dumpxml on internet.

http://cht.tw/h/uf59l

If you do not read Chinese, just click the blue button at the bottom to download log file.

Thank you.

[bpozdena]

This bug is already reported. The uBridge does not allow any packets larger than 1518 bytes. You will need to lower MTU an all devices on both sides of the cloud.

[skyjou]

There are only Pings in my traffic (with some ARPs), and the packet size is small than 102 bytes. So, I think it might be two different issues?

[bpozdena]

I believe the uBridge crashes after first large packet passes through. Try to lower the MTU and see if it helps. https://github.com/GNS3/gns3-gui/issues/1867#issuecomment-284185291

[julien-duponchelle]

What i don't understand is ubridge 0.9.11 should have fixed all the MTU issues because we support larger packet inside, but you seem to have the old behavior. How do you install install ubridge from packet or from source?

[skyjou]

Is this issue really related to MTU size? There should be no large packet in my environment. One interesting thing is FortiGate 5.2.X VM works well with GNS 1.5.3 or 2.0rc1. I have no idea why FortiGate 5.4 VM doesn't work.

I install ubridge 0.9.11 from source.

[skyjou]

I upload the packets which are captured from bridge between two KVM which are created by virt-manager.

http://cht.tw/h/0n8xf