Avahi MDNS Multicast on KVM guest

Issues related to configuring your network
Post Reply
swallowtail
Posts: 96
Joined: 2009/04/18 04:48:27

Avahi MDNS Multicast on KVM guest

Post by swallowtail » 2012/11/30 01:23:32

I have a CentOS 6.2 KVM host, running bridged networking with several CentOS guests (5.8, 6.3).

One of the 6.3 guests runs CUPS print services, which works fine across the network.

This same server also uses avahi-daemon to advertise the CUPS printers as AirPrint printers for Apple devices on the network.

This is working - sort of....

The printers are 100% successfully advertised on the local host - avahi-browse -at shows them, all the time.
The printers are NOT advertised across the remainder of the network. avahi-browse -at on the KVM host does NOT show them, and I believe that I should be able to see these devices using avahi-browse on other devices?

"touch"ing the .service files used by avahi seems to prod them into some sort of life and they can be "seen" by Apple devices for a few seconds if you fluke the search timing right.

Discussion here - http://blog.mornati.net/2011/09/28/linux-as-airprint-server/ pointed me to making some iptables changes to allow mDNS multicast in addition to just letting 5353 through:

1 -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT

That makes no difference, and neither does (temporarily!) disabling iptables completely.

It seems that there may be an issue with the mdns multicast traffic through the KVM bridge, but I am uncertain where to go from here to troubleshoot or fix. There are a few comments about KVM and multicast not playing well on the web, but would appreicate if anyone can point me in the right direction.

swallowtail
Posts: 96
Joined: 2009/04/18 04:48:27

Re: Avahi MDNS Multicast on KVM guest

Post by swallowtail » 2012/11/30 02:54:52

Just found something here http://www.tumblr.com/tagged/avahi

"I had some trouble with printers not being advertised. Since my local network is on br1 instead of eth1 (a KVM thing), I had to add the following to /etc/avahi-daemon.conf:

allow-interfaces=br1

If you had to add that, restart avahi-daemon.

And that’s it. Printers should start showing up on your iOS devices."

I think that's something to try this evening...

swallowtail
Posts: 96
Joined: 2009/04/18 04:48:27

Re: Avahi MDNS Multicast on KVM guest

Post by swallowtail » 2012/11/30 12:03:35

I don't think that's going to help me. The guest has the following:

[code]
eth0 Link encap:Ethernet HWaddr 52:54:00:D9:B2:CE
inet addr:192.168.1.205 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:196937266 errors:0 dropped:0 overruns:0 frame:0
TX packets:329119774 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:20358786378 (18.9 GiB) TX bytes:98566026212 (91.7 GiB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:131181 errors:0 dropped:0 overruns:0 frame:0
TX packets:131181 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:9569287 (9.1 MiB) TX bytes:9569287 (9.1 MiB)
[/code]

avahi-daemon.conf on the guest is binding to eth0 fine... but no advertisements pass the bridge. (Reminds me of Gandalf - "You shall not pass!!!!")

Starts and registers to eth0 no problem:

[code]
Nov 30 22:01:27 emp01 avahi-daemon[25032]: Found user 'avahi' (UID 70) and group 'avahi' (GID 70).
Nov 30 22:01:27 emp01 avahi-daemon[25032]: Successfully dropped root privileges.
Nov 30 22:01:27 emp01 avahi-daemon[25032]: avahi-daemon 0.6.25 starting up.
Nov 30 22:01:27 emp01 avahi-daemon[25032]: WARNING: No NSS support for mDNS detected, consider installing nss-mdns!
Nov 30 22:01:27 emp01 avahi-daemon[25032]: Successfully called chroot().
Nov 30 22:01:27 emp01 avahi-daemon[25032]: Successfully dropped remaining capabilities.
Nov 30 22:01:27 emp01 avahi-daemon[25032]: Loading service file /services/AirPrint-HPLJ2300dtn.service.
Nov 30 22:01:27 emp01 avahi-daemon[25032]: Loading service file /services/AirPrint-MG6150.service.
Nov 30 22:01:27 emp01 avahi-daemon[25032]: Loading service file /services/ssh.service.
Nov 30 22:01:27 emp01 avahi-daemon[25032]: Joining mDNS multicast group on interface eth0.IPv4 with address 192.168.1.205.
Nov 30 22:01:27 emp01 avahi-daemon[25032]: New relevant interface eth0.IPv4 for mDNS.
Nov 30 22:01:27 emp01 avahi-daemon[25032]: Network interface enumeration completed.
Nov 30 22:01:27 emp01 avahi-daemon[25032]: Registering new address record for 192.168.1.205 on eth0.IPv4.
Nov 30 22:01:27 emp01 avahi-daemon[25032]: Registering HINFO record with values 'X86_64'/'LINUX'.
Nov 30 22:01:27 emp01 avahi-daemon[25032]: Server startup complete. Host name is emp01.local. Local service cookie is 1109489023.
Nov 30 22:01:28 emp01 avahi-daemon[25032]: Service "emp01" (/services/ssh.service) successfully established.
Nov 30 22:01:28 emp01 avahi-daemon[25032]: Service "AirPrint MG6150 @ emp01" (/services/AirPrint-MG6150.service) successfully established.
Nov 30 22:01:28 emp01 avahi-daemon[25032]: Service "AirPrint HPLJ2300dtn @ emp01" (/services/AirPrint-HPLJ2300dtn.service) successfully established.
[/code]

So why can't I see these outside the KVM bridge anyone??

swallowtail
Posts: 96
Joined: 2009/04/18 04:48:27

Re: Avahi MDNS Multicast on KVM guest

Post by swallowtail » 2012/11/30 12:08:02

Disabling iptables doesn't fix anything, but for ref this is my iptables output:

[code]
[root@emp01 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- 192.168.1.0/24 anywhere udp dpt:mdns
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh state NEW
ACCEPT tcp -- 192.168.1.0/24 anywhere tcp dpt:ndmp
ACCEPT tcp -- 192.168.1.0/24 anywhere tcp dpt:bacula-fd
ACCEPT udp -- 192.168.1.0/24 anywhere udp dpt:bacula-fd
ACCEPT tcp -- 192.168.1.0/24 anywhere tcp dpt:ipp
ACCEPT tcp -- 192.168.1.0/24 anywhere tcp dpt:ldap
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[/code]

swallowtail
Posts: 96
Joined: 2009/04/18 04:48:27

Re: Avahi MDNS Multicast on KVM guest

Post by swallowtail » 2012/12/01 04:50:14

Nobody got any ideas?

OK, more troubleshooting... when I open avahi port 5353 UDP on the HOST, avahi-browse run on the host now shows:

[code]
[root@emp00 ~]# avahi-browse -at
+ virbr0 IPv4 Virtualization Host emp00 _libvirt._tcp local
+ br0 IPv4 Virtualization Host emp00 _libvirt._tcp local
+ virbr0 IPv4 emp00 [e2:50:43:22:47:82] Workstation local
+ br0 IPv4 emp01 [52:54:00:d9:b2:ce] Workstation local
+ br0 IPv4 emp00 [14:da:e9:03:e2:d3] Workstation local
+ virbr0 IPv4 emp00 SSH Remote Terminal local
+ br0 IPv4 emp01 SSH Remote Terminal local
+ br0 IPv4 emp00 SSH Remote Terminal local
+ br0 IPv4 AirPrint HPLJ2300dtn @ emp01 Internet Printer local
+ br0 IPv4 AirPrint MG6150 @ emp01 Internet Printer local
[/code]

So the service advertisements are making it out of the guest. I didn't know that an avahi-browse client needed the ports opened. The last two lines are the AirPrint printers on the KVM guest.

But... most of the time iOS devices don't see them. If I restart avahi-daemon the printers appear to iOS for about a minute, then no longer...

If I restart avahi-daemon every minute, then some of the time they can be seen, but that's a pretty ugly hack of a work-around (and only effective some of the time). From what I have read this problem is normally caused by the multicast aspects not correctly working.

Ideas?

User avatar
toracat
Forum Moderator
Posts: 7386
Joined: 2006/09/03 16:37:24
Location: California, US
Contact:

Avahi MDNS Multicast on KVM guest

Post by toracat » 2012/12/01 13:54:18

You have done impressive troubleshooting. I am no expert on multicast but will try to pass on to you what I've found.

- Do a 'man brctl' and you will see things like setmcrouter or setmcsnoop that you may want to set.

- [url=http://www.linuxfoundation.org/collaborate/workgroups/networking/bridge#Snooping]This page[/url] seems to have some hints in the 'Multicast (IGMP) snooping' section.
[quote]
multicast_router

This allows the user to forcibly enable/disable ports as having multicast routers attached. A port with a multicast router will receive all multicast traffic.

The value 0 disables it completely. The default is 1 which lets the system automatically detect the presence of routers (currently this is limited to picking up queries), and 2 means that the ports will always receive all multicast traffic.[/quote]

You probably want to set /sys/devices/virtual/net/br0/bridge/multicast_snooping to 2.

- Are you using the virtio driver for network?

User avatar
toracat
Forum Moderator
Posts: 7386
Joined: 2006/09/03 16:37:24
Location: California, US
Contact:

Re: Avahi MDNS Multicast on KVM guest

Post by toracat » 2012/12/01 14:07:11

Although you cannot read the whole content unless you login, this [url=https://access.redhat.com/knowledge/articles/216453]upstream knowledgebase article[/url] says, "... when multicast is used in conjunction with KVM VMs, the requirement for additional memory copies will impact performance (for example, throughput and latency of multicast packets)."

Do you have enough memory?

swallowtail
Posts: 96
Joined: 2009/04/18 04:48:27

Re: Avahi MDNS Multicast on KVM guest

Post by swallowtail » 2012/12/03 01:38:05

Thanks toracat. I'll check out some of those tips this evening and come back with more info.

I am using virtio net driver yes.

swallowtail
Posts: 96
Joined: 2009/04/18 04:48:27

SOLVED Re: Avahi MDNS Multicast on KVM guest

Post by swallowtail » 2014/10/22 01:34:56

toracat wrote:You have done impressive troubleshooting. I am no expert on multicast but will try to pass on to you what I've found.

- Do a 'man brctl' and you will see things like setmcrouter or setmcsnoop that you may want to set.

- This page seems to have some hints in the 'Multicast (IGMP) snooping' section.
multicast_router

This allows the user to forcibly enable/disable ports as having multicast routers attached. A port with a multicast router will receive all multicast traffic.

The value 0 disables it completely. The default is 1 which lets the system automatically detect the presence of routers (currently this is limited to picking up queries), and 2 means that the ports will always receive all multicast traffic.
You probably want to set /sys/devices/virtual/net/br0/bridge/multicast_snooping to 2.

- Are you using the virtio driver for network?
Holy late reply batman....

I didn't worry about this too much for a while as Apple seemed to change their AirPrint printing support to be less reliant on multicast visibility, so the problem kind of went away. But then more recently I installed Plex on a KVM guest, and it advertises as a DLNA server - and needs multicast.

So I had to dig all of this out again.

For posterity, the piece of the puzzle that solved it was "You probably want to set /sys/devices/virtual/net/br0/bridge/multicast_snooping to 2".

With that done, multicast is successfully visible across the host / guest bridged network, and clients on my physical network can see guests advertising services using multicast.

Post Reply

Return to “CentOS 6 - Networking Support”