I've got a setup where a windows 2008R2 VM runs under KVM on a bridged network and captures a lot of multicast UDP data (from videosurveillance cameras). Strangely, the VM network drops packets after a number of concurrent connections ( more than 128 apparently).
kernel is 2.6.35.11 amd64, kvm 0.76 (Debian Lenny).
However if I setup two different tap0 and tap1 interfaces, bridged through the same br0 to eth0 and eth1, the second interface never drops a single packet. The first interface tap0, however, drops lots of packets even if most connections go to the other one.
But if I keep using eth0 for the host, and dedicate eth1 to the VM, eth1 (the VM) will still drops tons of packets (about 20 to 25%). Apparently only the second interface behaves correctly.
Does anyone have any idea about what may be happening here? I can't make sense of it. I don't understand why the fist interface always drop packets.
Here is the kvp-ifup script :
#!/bin/sh
INTERFACE_LAN=bond0
INTERFACE_BRIDGE=br0
# set address to "DHCP" for DHCP
BRIDGE_ADDRESS=192.168.1.1
BRIDGE_BROADCAST=192.168.1.255
BRIDGE_NETMASK=255.255.255.0
echo "Configure $1 interface..."
/usr/sbin/tunctl -u 'root' -t $1
echo "Activating link for $1..."
/sbin/ip link set $1 up
sleep 1
echo "Configure $INTERFACE_BRIDGE bridge..."
/usr/sbin/brctl addbr $INTERFACE_BRIDGE
/usr/sbin/brctl addif $INTERFACE_BRIDGE $1
/usr/sbin/brctl addif $INTERFACE_BRIDGE $INTERFACE_LAN
echo "Activating promiscuous mode on $1 and $INTERFACE_LAN..."
/sbin/ifconfig $1 0.0.0.0 promisc up
/sbin/ifconfig $INTERFACE_LAN 0.0.0.0 promisc up
sleep 2
echo "IP address on $INTERFACE_BRIDGE..."
if [ "DHCP" == "$BRIDGE_ADDRESS" ]; then
/sbin/pump -i br0
else
# static
/sbin/ifconfig $INTERFACE_BRIDGE $BRIDGE_ADDRESS broadcast $BRIDGE_BROADCAST netmask $BRIDGE_NETMASK
fi
echo "Done."
I tried both with a bond (different modes) and no bonding.
The physical NICS are Ethernet controller: Intel Corporation 82574L Gigabit Network Connection (e1000e linux driver)
the VM are using the e1000 driver (better results than virtio)
iptables is perfectly empty.
As for offloading, I cannot check but it should be the defaults :
- rx-checksumming: on
- tx-checksumming: on
- scatter-gather: on
- tcp segmentation offload: on
- udp fragmentation offload: off
- generic segmentation offload: on
- large receive offload: off
I see there's a bond in place there, is that true? What bonding mode?
What NIC type and driver is used?
What offloading is enabled?
Is the traffic for the bridge also redirected through the hosts' iptables?
What type of virtual NIC does the VM get attached?
After weeks of tinkering, the problem was solved by... replacing the network switch. I guess the one we had wasn't powerful enough or something.