Enabling VM communication - Part 1

Scenario

The virtual machines exercise10-a and exercise10-b are operational and with their IP addresses correctly configured. However, they are not communicating with each other as expected.

10 break01

  • Your task is to identify and troubleshoot the issue preventing communication between the VMs.

  • Resolve it to restore connectivity.

The steps to fix exercise10 are:

Console

  1. Login to Openshift console using the assigned user account

{openshift_console_url}

Username
userx
Password
{password}

  1. Go to virtualization → Virtual Machines - select project for the assigned user account

10 break02

  1. Click on exercise10-a virtual machine, Configuration and Network, verify it’s using exercise10-nad as secondary network

10 break03

  1. Click on exercise10-b virtual machine, Configuration and Network, verify it’s using exercise10-nad as secondary network

10 break04

  1. On left side menu click NetworkingNetworkAttachmentDefinition

10 break05

  1. Click exercise10-nad and check it’s using Linux Bridge

10 break06

  1. O left side menu click NetworkingNodeNetworkConfigurationPolicy and verify that it is empty

10 break07

  1. O left side menu click NetworkingNodeNetworkConfiguration -→ click on the list button on the top right, and check there’s a linux bridge interface on nodes

10 break08

  1. Click linux bridgebr-userx

10 break09

  1. Verify that there are only veth interfaces. It means that there is no physical network attached on this linux bridge

10 break10

  1. On left side menu click NetworkingNetworkAttachmentDefinitions and Create Network Attachment Definition button.

10 break11

  1. Type exercise10-nad-layer2 as name and select OVN Kubernetes L2 overlay network on Network Type and click on Create button

10 break12

  1. On left side menu click VirtualizationVirtualMachines and stop virtual machine exercise10-a

10 break13

  1. On left side menu click VirtualizationVirtualMachines and stop virtual machine exercise10-b

10 break14

  1. Click on exercise10-a virtual machine, Configuration and Network,

10 break15

  1. Edit the virtual machine network

10 break16

  1. Change Network from exercise10-nad to exercise10-nad-layer2

10 break17

  1. Start the virtual machine exercise10-a

10 break18

Repeat steps 15, 16, 17, and 18 for the exercise10-b virtual machine

Run grade to validate the exercise
lab grade exercise10

Command line (CLI)

  1. Login to Openshift server API using the assigned user account with oc command if not logged in.

OpenShift login command
{login_command}

  1. Go to the assigned namespace-userx

oc project namespace-userx

  1. List the virtual machines

oc get virtualmachine

  1. Check the virtual machines are running on different nodes

oc get pods -o wide

  1. Check communication is not working

virtctl ssh lab-user@exercise10-a \
-c 'ping -c 5 192.168.0.11'

  1. Get the secondary network used on vms a and b

oc get vmi exercise10-a -n namespace-userx \
-o jsonpath='{.spec.networks[?(@.multus)].multus.networkName}'
oc get vmi exercise10-b -n namespace-userx \
-o jsonpath='{.spec.networks[?(@.multus)].multus.networkName}'

  1. Get the secondary network yaml

oc get network-attachment-definitions.k8s.cni.cncf.io exercise10-nad -o yaml

  1. Ensure that the NaD (NetworkAttachmentDefinition) is configured to use a br-userx interface. Verify that this Linux bridge is not attached to any physical port (one or more veth* port are used), meaning virtual machines will only be able to communicate if they are running on the same node. Therefore, you must recreate the NaD to use layer2 networking instead of Linux bridge. Create layer2-nad.yaml and apply it.

oc get nns -o yaml | grep -A 2 -B 73 br-userx | grep -A4 port
vim layer2-nad.yaml
apiVersion: k8s.cni.cncf.io/v1
kind: NetworkAttachmentDefinition
metadata:
  name: exercise10-nad-layer2
  namespace: namespace-userx
spec:
  config: '{"name":"exercise10-nad-layer2","type":"ovn-k8s-cni-overlay","cniVersion":"0.3.1","topology":"layer2","netAttachDefName":"namespace-userx/exercise10-nad-layer2"}'
oc apply -f layer2-nad.yaml

  1. shutdown the virtual machines exercise10-a and exercise10-b

virtctl stop exercise10-a
virtctl stop exercise10-b

  1. change the virtual machines secondary network

oc patch vm exercise10-a -n namespace-userx --type='json' \
-p='[{"op": "replace", "path": "/spec/template/spec/networks/1/multus/networkName", "value": "exercise10-nad-layer2"}]'
oc patch vm exercise10-b -n namespace-userx --type='json' \
-p='[{"op": "replace", "path": "/spec/template/spec/networks/1/multus/networkName", "value": "exercise10-nad-layer2"}]'

11.Start the virtual machines

virtctl start exercise10-a
virtctl start exercise10-b

  1. After virtual machines starts wait some time and check the communication again

virtctl ssh lab-user@exercise10-a \
-c 'ping -c 3 192.168.0.11'

What you learned

In this exercise, you learned that to enable communication between virtual machines, a secondary network using OVN layer2 must be configured instead of a Linux Bridge. The OVN localnet and Linux Bridge options are not viable because no NodeNetworkConfigurationPolicy has been defined, which means the bridge does not have a physical port attached.