Networking community,
Question:
How do you disable IGMP-snooping on virtual nic macvtap?
Background:
We have noticed that Juniper vSRX 15.1X49-D60 (Running on Ubuntu 16.04LTS Server KVM) is constantly reforming the neighbor relationships (~ ever 40 seconds) when connected to *any physical router (Juniper or Cisco).
We have narrowed this down to fact that 'igmp-snooping' needs to be disabled on the virtual nic "macvtap."
Our temporary work-around for this is to set the virtual interfaces to 'promiscuous' mode, however this is not preferable.
To diagnose this issue, we have three instances of virtual SRX running on Ubuntu 16.04 KVM with a p2p connection to a physical Cisco SRX240 and Cisco 3750G (configured for routing).
Attached is a log-adjacency from the Cisco router and a pcap from the virtual srx.
Thank you all in advance,
Best Answer
This is actually a known issue and there are a couple of ways to fix it.
The best one is actually to edit the XML definition for the libvirt network and add
to the opening network definition stanza. The default is "no" - which, unfortunately, breaks both IPv6 and multicast for IPv4. This is actually laid out in a RedHat Bug Report.
Here's a good reference on the format that even includes the description.
The other option is instead of setting promiscuous mode (which brings with it other issues) you can set the macvtap interface to support multicast with the command
Some folks have scripted this such that all the macvtap interfaces are set as such during initial setup and some integrate at other points.
Hope this helps-