ubridge FortiGate VM 5.4.4 with 802.1q sub-interface not work

Hi~

Sub-interface with 802.1q tag in FortiGate VM 5.4.4 (KVM) on GNS3 1.5.3 doesn't work. I upgrade ubridge to version 0.9.11, but it still doesn't work. I try to create two 5.4.4 VM instances with same config in KVM by virt-manager, then connect them to same bridge. And It works well. My OS is Ubuntu 16.04. I am not sure if this issue is related to ubridge function?

Mar 09 '17 09:03 skyjou

Are you using the same virtual hardware for the network interface?

Mar 09 '17 12:03 julien-duponchelle

Yes, I try virtio and e1000. I also try to create VM on GNS3 virtual appliance, but it doesn't work too.

Mar 09 '17 12:03 skyjou

Do you see the packet when you use wireshark on the link?

Mar 09 '17 12:03 julien-duponchelle

Yes, I can capture packet on link.

Mar 09 '17 13:03 skyjou

And you see the 802.1q tags?

Mar 09 '17 13:03 julien-duponchelle

Yes, but device on the other end cannot see those packets.

Mar 09 '17 13:03 skyjou

Your two node are directly connected? Nothing in the middle like a switch?

On Thu, Mar 9, 2017 at 2:05 PM skyjou [email protected] wrote:

Yes, but device on the other end cannot see those packets.

— You are receiving this because you commented.

Reply to this email directly, view it on GitHub https://github.com/GNS3/ubridge/issues/27#issuecomment-285345919, or mute the thread https://github.com/notifications/unsubscribe-auth/AAVFXWzE1VkdXoPJ141S9OMYvaEMnTmnks5rj_kIgaJpZM4MX0Rv .

Mar 09 '17 13:03 julien-duponchelle

If I need to capture packet between two FortiGate VM, I need to insert a dynamips switch between them. Whether there is a switch between them or not, I get the same result. I use 'diag sniffer packet' command on FortiGate VM see if I can get any incoming packet, but nothing appear. When I connect FortiGate VM to IOU, on the IOU device I cannot see packet on the connected port too (Using EPC to capture).

Mar 09 '17 13:03 skyjou

With 1.5.3 ubridge is not use it's a direct UDP connection between the two qemu. We start to use ubridge with 2.0.

What is the command line use by virtmanager to start your VMs?

Mar 09 '17 14:03 julien-duponchelle

I try 2.0RC1 too, and I see the same problem. :(

I just click 'Power On' on GUI. How can I find the command?

Mar 09 '17 14:03 skyjou

Try to start virt-manager with LIBVIRT_DEBUG=1 virt-manager --no-fork

Mar 09 '17 14:03 julien-duponchelle

I am not sure which line will be helpful. So I upload my log and dumpxml on internet.

http://cht.tw/h/uf59l

If you do not read Chinese, just click the blue button at the bottom to download log file.

Thank you.

Mar 09 '17 15:03 skyjou

This bug is already reported. The uBridge does not allow any packets larger than 1518 bytes. You will need to lower MTU an all devices on both sides of the cloud.

Mar 10 '17 12:03 bpozdena

There are only Pings in my traffic (with some ARPs), and the packet size is small than 102 bytes. So, I think it might be two different issues?

Mar 10 '17 12:03 skyjou

I believe the uBridge crashes after first large packet passes through. Try to lower the MTU and see if it helps. https://github.com/GNS3/gns3-gui/issues/1867#issuecomment-284185291

Mar 11 '17 06:03 bpozdena

What i don't understand is ubridge 0.9.11 should have fixed all the MTU issues because we support larger packet inside, but you seem to have the old behavior. How do you install install ubridge from packet or from source?

Mar 13 '17 11:03 julien-duponchelle

Is this issue really related to MTU size? There should be no large packet in my environment. One interesting thing is FortiGate 5.2.X VM works well with GNS 1.5.3 or 2.0rc1. I have no idea why FortiGate 5.4 VM doesn't work.

I install ubridge 0.9.11 from source.

Mar 13 '17 13:03 skyjou

I upload the packets which are captured from bridge between two KVM which are created by virt-manager.

http://cht.tw/h/0n8xf

Mar 13 '17 13:03 skyjou