Ask Your Question

igmp queries are blocked somewhere between bridge and tap?

asked 2014-04-04 10:56:44 -0500

jan.krause gravatar image

updated 2014-04-09 10:07:34 -0500

we have an virtual openswitch router, which we are using to communicate from our virtual vm“s to an external network, currently unicast based into the vms. now we wanna switch to multicast.

i was able to setup an multicast router in the netns, so that we are able to join an multicast group from the vms into the right switch over the router. but this runs into an timeout, because the impg queries are not available in the netns.

is there an way to manage this? dev qg-552ffdec-c1  proto kernel  scope link  src dev qr-f46ee891-ec  proto kernel  scope link  src

is see:

 17:42:24.710978 IP > igmp query v2

but inside the vm there is no query, only initial three igmp reports

 15:53:37.084064 IP > igmp v2 report

We see the traffic on the qbr interface, but the queries are blocked somehow. there are not forwarded to the tap device on the virtual machine.

we set the querier for the qbr to 1. and set the rules for libvirt network filter, but still no success.


Actually we broke down the problem to the igmp query part. when we send igmp queries from one virtual instance to the network we will not recieve them on the other instances:

we see the igmp queries on the linux bridge device:

 tcpdump -v -n -i qbrd4d83fa8-d5 igmp

but not on the tap device:

tcpdump -v -n -i tapd4d83fa8-d5 igmp

we are using kvm.

we added:

echo 1 >> /sys/devices/virtual/net/qbrd4d83fa8-d5/bridge/multicast_querier

on the bridge, and did no changes on the virsh network filter yet.

some system informations:

Linux compute007 3.8.0-29-generic #42~precise1-Ubuntu SMP Wed Aug 14 16:19:23 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux


bridge-utils  1.5-2ubuntu7 Utilities for configuring the Linux Ethernet bridge

for any hint, i would be thankful.

edit retag flag offensive close merge delete

2 answers

Sort by » oldest newest most voted

answered 2014-08-29 12:11:24 -0500

cnkcb gravatar image

Add a firewall rule to allow IGMP protocol;

In Havana/Horizon Access & Security, edit default rules and add a new rule;

  • Rule: Other Protocol
  • Direction: Ingress
  • IP Protocol: 2
  • Remote: CIDR
  • CIDR:
edit flag offensive delete link more

answered 2014-04-10 01:25:36 -0500

SGPJ gravatar image

You need to disable anti-ip-spoofing to go through to VM. You can follow link:

and in comments section, it has mentioned how to configure.

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2014-04-04 10:56:44 -0500

Seen: 2,301 times

Last updated: Aug 29 '14