Article ID: 117740, created on Oct 6, 2013, last review on May 11, 2014

  • Applies to:
  • Virtuozzo
  • Virtuozzo containers for Linux
  • Virtuozzo hypervisor

Symptoms

After the replacement of the network card on the hardware node, containers are not pinging from the outside world.

Capturing traffic with tcpdump on the physical interface on the hardware node reveals that router sends packets to the wrong MAC address, associated with the IP address of the container :

~# tcpdump -i eth0 -e -n icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
15:45:24.721684 00:15:17:d0:f4:9c > 40:4a:03:02:df:5b, ethertype IPv4 (0x0800), length 98: 10.10.10.11 > 4.2.2.4: ICMP echo request, id 7182, seq 1, length 64
15:45:24.748717 40:4a:03:02:df:5b > 00:18:51:d6:35:0a, ethertype IPv4 (0x0800), length 98: 4.2.2.4 > 10.10.10.11: ICMP echo reply, id 7182, seq 1, length 64

It shows the traffic flow to and from the container via the physical interface of the node eth0. What we see here :

15:45:24.721684 00:15:17:d0:f4:9c > 40:4a:03:02:df:5b, ethertype IPv4 (0x0800), length 98: 10.10.10.11 > 4.2.2.4: ICMP echo request, id 7182, seq 1, length 64

This line shows the ICMP request sent from the container 10.10.10.11 to the Google IP address 4.2.2.4, the correct MAC of the container is reflected : 00:15:17:d0:f4:9c

15:45:24.748717 40:4a:03:02:df:5b > 00:18:51:d6:35:0a, ethertype IPv4 (0x0800), length 98: 4.2.2.4 > 10.10.10.11: ICMP echo reply, id 7182, seq 1, length 64

This line shows the reply from 4.2.2.4, and we can see that the packet arrives from the router with a different destination MAC address 00:18:51:d6:35:0a.

So, it appears that the router, which the hardware node is connected to, associates 10.10.10.11 IP address with 00:18:51:d6:35:0a MAC address. When such traffic arrives at the node, it's fairly dropped by the kernel.

Cause

Stale ARP entries, associated with the old network card, are present on the router.

Resolution

Fix ARP table of the router and remove any entries, related to the old NIC.

Search Words

no network

arp

not pinging

tcpdump

arp table

a26b38f94253cdfbf1028d72cf3a498b 2897d76d56d2010f4e3a28f864d69223 e8e50b42231236b82df27684e7ec0beb d02f9caf3e11b191a38179103495106f 0dd5b9380c7d4884d77587f3eb0fa8ef

Email subscription for changes to this article
Save as PDF