Routing between networks appears to be broken in 5.4.1… same configuration works in 5.2
I’ve tried with both CentOS 7 and Ubuntu 16.04 with VXLAN (glad that’s fixed in 5.4.1 now) and 802.1Q with the same results
Example setup to reproduce
NetA - 192.168.1.0/24
VM1 - 192.168.1.2
NetB - 192.168.2.0/24
VM2 - 192.168.2.2
vrouter is .1 on both networks
cannot ping from 192.168.1.2 to 192.168.2.2 or vice versa
running tcpdump shows an ICMP request from VM1 successfully exits the router interface NetB interface as expected but does not traverse the bridge or arrive at VM2
I finally figured this out…
I had set the default NIC configuration in /etc/one/vmm_exec/vmm_exec_kvm.conf to NIC = [ filter = clean-traffic, model=virtio ] because I wanted to take advantage of 10G network connections with virtio.
Part of the “clean-traffic” filter in virsh blocks ip spoofing from any IP other than the defined IP passed to the xml. Removing the filter option from the config resolves this issue.
The reason it was working in 5.2.1 is because the default settings were not consistently being applied to new vms.