Nerd blog.

12 Apr 2015

virtio NIC on OpenBSD under KVM

I’ve been running at a new location for about a month now. My setup is a little different than it was previously. Instead of a 2nd physical server in front of my VM host as firewall/ACLs, I’ve now got a virtual machine doing the same thing. The setup is the same other than that, OpenBSD firewall in front of Linux service VMs.

An issue which has occasionally popped up is that the internal side NIC of the firewall VM (which is a vio(4) interface) stops having access to its network. A quick ifconfig down; ifconfig up fixes it for a while. I mentioned the issue to a colleague of mine, and he said there was a magic flag that was known to fix this issue. I found this blog post entitled “virtio NIC on OpenBSD 5.5-current” which documented how to set the flag on a /bsd.rd for an in-place upgrade. My needs were slightly different, to fix the running kernel’s flag. Instead of running config -ef /bsd.rd I ran config -ef /bsd:

# config -ef /bsd
OpenBSD 5.6 (GENERIC) #310: Fri Aug  8 00:14:24 MDT 2014
Enter 'help' for information
ukc> find vio
204 vio* at virtio* flags 0x0
ukc> change 204
204 vio* at virtio* flags 0x0
change [n] y
flags [2] ? 2
204 vio* changed
204 vio* at virtio* flags 0x2
ukc> quit
Saving modified kernel.

When you reboot you will see the following in dmesg:

$ dmesg | grep vio0
vio0 at virtio2: address c6:82:da:26:a6:5b
vio0 at virtio2: address c6:82:da:26:a6:5b
vio0 at virtio2: RingEventIdx disabled by UKC: address c6:82:da:26:a6:5b

This confirms that you’ve got the flag activated.

I will update this if I notice anything peculiar.

External References

Theodore Baschak - Theo is a network engineer with experience operating core internet technologies like HTTP, HTTPS and DNS. He has extensive experience running service provider networks with OSPF, MPLS, and BGP.