Multiple Network Devices in KVM

Recently I needed to build a test system at work which required a client to communicate with a server through a NAT router. I decided to assemble the system from three KVM-based virtual machines with tap networking. The router would get two network interfaces, and two bridge interfaces on the host connect server and client to it on either side. So the plan was this:

Client linked to virbr1, Router linked to virbr1 and virbr0, Server linked to virbr0

I wanted to create all interfaces as virtio network devices inside the virtual machines and tap devices on the host, so I used -net parameter pairs like these when starting qemu-kvm (up/down scripts for the tap device not shown):

-net nic,model=virtio,macaddr=52:54:00:12:34:56 -net tap

On client and server this worked as expected. The router, however, needed two pairs of network interfaces, and strangely packets were leaking between the bridges. This became especially obvious because of the NAT: When capturing packets, I could see the same packet twice: Once NATed and once unmodified. I spent quite a while debugging this, at first suspecting a problem with my NAT configuration, although NAT is extremely simple with the iptables MASQUERADE target. In the end, I found the solution in a mailing list archive.

You have assumed (as I did, when I first tried this) that the first “-net nic” and “-net tap” are automatically associated with each other. They aren’t – you have to tell KVM explicitly.

— Jarrod Lowe, Re: Packet “leakage” between two bridges

Host and Router-VM, each with two network interfaces, all interconnected

This is indeed the same mistake I made. I had specified the interfaces in the order nic/tap/nic/tap and assumed they would get paired in order, but they acted like they were all connected to the same switch as shown on the right.

Luckily, this problem could be solved very easily, because this virtual “switch” is a VLAN switch. The network interface configuration for qemu-kvm takes an optional vlan parameter, like this:

-net nic,model=virtio,macaddr=52:54:00:12:34:56,vlan=1 -net tap,vlan=1 -net nic,model=virtio,macaddr=52:54:00:12:34:57,vlan=2 -net tap,vlan=2

The result can be seen in the next figure. The red and green parts each represent one of the numbered VLANs.

Host and Router-VM with two interfaces each. All are connected, but each interface on the host is connected to one of the VM interfaces with a VLAN link,

With this change, the virtual networks work as expected. 🙂

That’s Not Bad News

Time and time again I get annoyed at how the German media report on the Fukushima Daiichi nuclear disaster. Reports are frequently imprecise in a way that exaggerates dangers, while positive developments tend to go unreported. Here’s a recent example from WDR 5, a public radio station in Germany.

On September 26, TEPCO created an opening through the X100B penetration into reactor 1 and subsequently inserted various measurement tools. Among other things, the atmospheric radiation dose in various heights was measured on October 10. You can find the data released by TEPCO here. WDR 5 reported on the topic a week later. The full radio program (in German) is available here, the relevant part starts at 12:54.

Here’s a quote from the end of the segment on Fukushima (original German, translation below):

“Die Strahlung von bis zu 11 Sievert pro Stunde tötet einen Menschen in 40 Minuten. Der Höchstwert wurde in knapp 9 Metern Höhe gemessen, daß widerspricht der bisherigen Vermutung, daß sich der geschmolzene Brennstoff am Behälterboden gesammelt hat. Auf erschreckende Weise zeigt die Inspektion, daß TEPCO den Zustand im Reaktorinneren bisher nicht verstanden hat.”

WDR 5 Politikum, Millisievert der Woche, 2012-10-17

Translation by me:

“The radiation of up to 11 Sievert per hour kills a human within 40 minutes. The maximum was measured in at almost 9 meters height [author’s note: above containment dry well bottom], contrary to the previous assumption that the melted fuel gathered at the bottom of the pressure vessel. This shows in an alarming way that TEPCO still doesn’t understand the conditions inside the reactor.”

Diagram of the side of Fukushima Daiichi Unit 1 containment vessel, showing the measurement points below X100B
Measurement points below X100B, picture from TEPCO presentation “Investigation Results of the Inside of Unit 1 PCV at Fukushima Daiichi Nuclear Power Station“, October 10, 2012

The first problem is that the most emphasized point isn’t news at all: TEPCO doesn’t really know what’s going on inside the reactors. That’s status quo since about one and a half year, and the new measurements are part of the efforts to change that. Still these non-news are said to be particularly alarming.

Secondly, the most important implication of the unexpected radiation distribution is not mentioned. To the right, you can see a diagram showing the measurement points inside the containment vessel. At the highest point, D9, the atmospheric dose rate was about 9.8 Sv/h. D3 near the water level had about half that at 4.7 Sv/h, and D2 at the approximate water surface 0.5 Sv/h. The main source of radiation inside the reactor is, obviously, the fuel and especially the fission products contained in it. Despite the previous assumption that most of the molten fuel moved to the bottom of the reactor vessel if not into the containment, the radiation level actually is lower in the lower parts of the containment. This indicates that most of the fuel is still further up in the reactor, the meltdown was not as complete as feared, and the fuel did not melt through the bottom head of the reactor vessel.

At this point, that conclusion isn’t certain either, but I think it would have deserved some attention, especially compared to “we don’t know what exactly is going on inside the reactors”. It makes me sad to see how kind of bad non-news are emphasized beyond proportion while potentially good news are ignored.

(I’ve ignored other inaccuracies in the radio report to focus on the important points.)

The Price of Fear

“Radiation can’t be seen, but if you use a dosimeter you can see it in the form of numbers. By measuring radiation, you can remove unnecessary fear, and properly fear what should be feared.”

— Hirotoshi Sano, quoted in The Mainichi

Recently my Japanese teacher mentioned that people from Fukushima prefecture still suffer discrimination in Japan, because some people fear they might somehow distribute radiation. One of her relatives has observed this first hand when collaborating with a teacher from Fukushima for a series of lectures. I had heard about such discrimination before, but hearing that it is still happening pushed me to write about the topic again. While I was working on this post, The Economist published an article about the “Fukushima 50”, the workers who remained at the Fukushima Daiichi NPP at the peak of the crisis, and their troubles. I’ll add a post about the situation in Germany, which also makes me angry, when I find the right words for it.

Hirotoshi Sano survived the nuclear bombing of Hiroshima and later did research on radioactivity. Back in 1945, after the nuclear attacks on Hiroshima and Nagasaki, many survivors sought help from family and friends outside the cities, but those were often reluctant to take them in. News of the terrible illness that many survivors were suffering from had spread quickly, and as terrible as refusing help is, I can understand that people feared getting infected. However, today we know that the problem wasn’t a mysterious new illness, but radiation poisoning. The only way to get it is to receive a huge dose of ionizing radiation, and because there is no infectious material involved, it cannot be passed on. “Ionizing radiation” is a scientific term for radioactive radiation and some other kinds of radiation with similar effects.

Contamination, on the other hand, means that radioactive material is sticking to or inside one’s body. If it is on the skin or clothes (external contamination) it can be washed off easily. While internal contamination is more serious for the person concerned, it poses no threat to others. Actually, carefully controlled ingestion or infusion of radioactive isotopes is sometimes used to combat cancer, this is called radioisotope therapy.

The serious issue here is that people lack education on the matter, and then act out of fear. I want to be very clear that this is not a Japanese issue, but an international problem. At the end of World War II few people had heard of radioactivity. Today they could easily learn what radioactivity is and how it can affect the human body. But they often don’t. Many people don’t know that natural radioactivity (“background radiation“) is everywhere, and that the human body naturally contains certain radioactive isotopes. A few are even surprised to learn that our world is made of atoms. Yet they know radiation can be dangerous. Such an invisible danger easily causes fear, instead of a calm analysis of what is going on and what the danger is — if any. And this fear is a danger of its own: It can cause discrimination, stress, and psychological problems, which can lead to other medical conditions.

I’m not saying radioactivity is never dangerous. But if you don’t know already, please take the time to learn what it is and what it does!

Some numbers for perspective

When the earthquake that caused the crisis at Fukushima Daiichi happened on March 11, 2011, I was in Sendai, about 100 kilometers from the nuclear power plant. Three days later I left Sendai for western Japan to get some safety distance. When I returned in April the monitoring data from the Tohoku University Cyclotron and Radioisotope Center showed a radiation level around 0.08-0.09 µSv/h (microsieverts per hour). Now what does that mean? Before the disaster at Fukushima Daiichi NPP, the radiation level in Sendai was around 0.04 µSv/h. 0.09 µSv/h is more than twice that amount. Sounds scary? Actually, 0.09 µSv/h is the perfectly normal radiation level in Dortmund, Germany, where I currently live. Still many international students were scared of radiation and fled from Japan. By the time of this writing, the radiation level in Sendai has fallen further to about 0.06-0.07 µSv/h.

Current (October 5, 2012) measurement results published by Fukushima City vary between 0.13 µSv/h and 1.22 µSv/h. I’m not giving an average here because the data reflects various areas of the city (some of which have been decontaminated) and different kinds of ground and is thus hard to compare.

A study by the United Nations Scientific Committee on the Effects of Atomic Radiation (UNSCEAR) says this about the radiation dose during flights, which is significantly higher than on the ground due to cosmic radiation:

“The more recent review of the exposure of aircrew [E1] indicates that the effective dose rate at an altitude of 8 km in temperate latitudes is typically up to about 3 μSv h-1. At 12 km, the value would be about twice this.”

UNSCEAR 2000 Report to the General Assembly, Annex E

On my flights to and from Japan the plane moved at an altitude above 10 km most of the time. Of course, I didn’t carry a dosimeter, but from the study I think is reasonable to assume a dose rate of about 5 µSv/h, which is about five times the highest level measured in Fukushima City, and more than 50 times the one in Dortmund. Still most people aren’t particularly scared of flying, and those who are usually fear height, not radiation.

Sadly, there is no clear answer to the question how much radiation is dangerous.

“Although radiation may cause cancer at high doses and high dose rates, public health data do not absolutely establish the occurrence of cancer following exposure to low doses and dose rates — below about 10,000 mrem (100 mSv). Studies of occupational workers who are chronically exposed to low levels of radiation above normal background have shown no adverse biological effects. Even so, the radiation protection community conservatively assumes that any amount of radiation may pose some risk for causing cancer and hereditary effect, and that the risk is higher for higher radiation exposures.”

U.S. NRC website on Radiation Exposure and Cancer

The evacuation zone in Fukushima is designed to prevent exposure to more than 20 mSv per year, which is similar to the dose received from a full body CT scan. The highest level of natural background radiation in the world occurs in Ramsar (Iran) with an average of 1.16 µSv/h (source), which leads to an annual exposure of about 10 mSv.

No Laptops allowed? Break out the typewriters!

Today, two Pirate Party representatives in the Schleswig-Holstein (northernmost state of Germany) state parliament did something quite unusual: Breaking out typewriters in plenary.

Angelika Beer with typewriter in the Schleswig-Holstein state paliament
Angelika Beer with typewriter, photo provided by the Pirate parliamentary group

This rather surprising behavior was a response to a change of the state parliament’s rules of procedure that forbids members to use laptops in plenary. :mrgreen: Seriously though, trying to ban representatives from using laptops in plenary is as ridiculous as banning pens and paper. To me, this looks like an attempt to obstruct the Pirate representatives’ work, which was countered with epic trolling. We’ll see how long the ban lasts.

The change of the rules of procedure also makes the discussions in the state parliament’s Council of Elders secret by default, which is not funny at all. The public has a right to know what is going on in parliament.

They lied, all the time

Last week, TEPCO released about 150 hours of video documenting the proceedings at the Fukushima Daiichi Nuclear Power Plant during the first few days after the disaster. The videos were only released after intense public and media pressure, are still incomplete, and two thirds of it lack sound (TEPCO claims technical issues). Hiroko Tabuchi wrote an analysis in The New York Times that’s very much worth reading, I just want to comment on a few things here.

The really shocking part is how the TEPCO management treated the workers at the plant and deliberately lied to the public. The footage doesn’t leave any doubt:

Soon after, an announcement over the loudspeakers states bluntly what the government and the company will refuse to confirm for weeks despite increasing alarm from outside experts: “The fuel has been exposed for some time now, so there is a possibility of a fuel meltdown,” it says. “Repeat, there is a possibility of a fuel meltdown.”

Hiroko Tabuchi in The New York Times

So, people at the NPP knew a meltdown was likely, although not sure. Yet it took a long time until TEPCO admitted just the possibility. They knew, they had to know, and they lied to us all the time. I don’t know how far the government was in on the game, but either way I have no (publishable) words to describe how despicable that is. Of course there were always strong suspicions that TEPCO was downplaying the accident, but there’s a difference between downplaying and a flat out lie on such a critical issue. The lies also increased the overall damage done, because it led people to doubt any positive news, including safe radiation readings far away from the NPP.

Masataka Shimizu, then Tepco’s president, also makes sporadic appearances, barking out orders via teleconference. “Gasoline before food!” he shouts at one point to workers organizing a supply run.

Hiroko Tabuchi in The New York Times

This is adding insult to injury, to say the least. Of course fuel was critical, but I’m sure the workers knew that, so instead of shouting nonsense, TEPCO management should have done their part to improve conditions instead of lying. The workers who were risking their lives to contain the disaster deserved the best available provisions, not contempt from their superiors.

With Japan currently in the process of establishing a new regulatory body for nuclear power, this once again shows the importance of transparency. Measures must be set up to make it impossible for plant operators to hide even the smallest incident. All relevant information must be published immediately. I also hope criminal charges will be brought against those who tried to hide what was really going on at Fukushima Daiichi.

Update 2016-08-15: I noticed that someone was quoting the last few sentences on Twitter in a misleading way. Just to be clear: This is not an anti-nuclear post. This is a post against handling dangerous things (no matter if radioactive, poisonous, explosive, or whatever) without proper care, and then trying to lie about the damage caused. TEPCO was warned years before the disaster that the tsunami protection was insufficient. If they had listened, the plant would probably have been fine, like Onagawa NPP which even provided shelter for people from the surrounding villages after the tsunami.

Sound of the Earthquake

A few days ago I saw an article called “Der Klang des Schreckens” (German, translates to “The Sound of Terror”) about an interesting project by Zhigang Peng, associate professor at the Georgia Institute of Technology. He took the seismic recordings from the Great East Japan Earthquake last year and wrote a program to create sound based on the seismic vibrations.

Now you might wonder what practical purpose these sounds serve. The article mentioned above quotes Peng saying “This makes it possible to listen to the changes in pitch and amplitude while watching the change in seismic frequency at the same time” (German: “Man kann sich die Höhen- und Amplitudenveränderungen anhören, während man gleichzeitig den Wechsel der seismischen Frequenzen beobachtet”). So the idea is to help look at and listen to multiple characteristics of earthquakes at the same time, hopefully leading to a better understanding. If you listen to the sounds, remember that they’re massively faster that the actual vibrations. What takes seconds to listen to, were minutes or even hours in real time.

Tsunami Memorials

On July 25, The Japan Times published an article “Tsunami-hit structures eyed as memorials“, which discussed the different opinions people have on whether to preserve some damaged buildings and other ruins left behind by the tsunami on March 11, 2011. I want to use this opportunity to give my opinion on the matter. From the article, about the ruins of the Minamisanriku disaster prevention office:

For local residents, however, the building is now a source of anxiety.

“My heart always aches at the site [sic!] of it. It’s preventing us from moving forward toward reconstruction,” said a 44-year-old woman who lost her nearby home in the tsunami triggered by the 9.0-magnitude Great East Japan Earthquake.

from The Japan Times

I can understand how she feels. I can get very sad when looking at pictures of the tsunami and the damage caused by it, and I vividly remember the earthquake and what I saw when I went for volunteering in the affected area. Seeing the ruins day-to-day must have a much larger impact. Still, there is another side to the memories and emotion:

In Miyako, Iwate Prefecture, Yuki Matsumoto, 55, hopes his tsunami-engulfed hotel in the coastal city’s Taro district will be kept as a monument.

The six-story hotel was submerged to the fourth floor and nothing but the bare iron frame remains.

Before the March 2011 catastrophe, Matsumoto had been told by his elders about past tsunami disasters that had laid waste to coastal areas of Iwate.

“I had no other way than to picture for myself what I heard. We need something that can show the horrors (of tsunami) clearly,” Matsumoto said.

from The Japan Times

This is why I’m very much in favor of preserving some ruins as memorials. I think it is crucial that future generations can see the destruction caused by the tsunami for themselves. No-one of us who experienced the earthquake will forget, but our children or grandchildren might, and if that happens, people will once again live too close to the sea, forget to prepare for possible tsunami, and many will die when the next big tsunami comes. “Memories for the Future” is a website that offers before and after photos from Google Street View, which provides a very strong impression of the damage.

Also, while the memories are sad, I feel it is good to have something to remember by. For me, looking at the pictures and remembering is an important part of dealing with these difficult memories, and I wish I could visit a memorial some time when I’m in Japan again.

The reconstruction plan in Minamisanriku calls for destroying 36 public buildings.

“We have drawn up plans that include the use of the land vacated by the buildings,” a city officials said. “We will begin work as soon as we gain the consent of local residents and choose a demolition company.”

from The Japan Times

I don’t think preserving one or two buildings and a bit of free space to set up information panels would take up too much space. Sure, it is additional work and costs, but well worth it in the long run.

What I would like to see are small memorial parks, each including some kind of damaged structure, distributed along the coast. Not too many, to be considerate to survivors who don’t want to be reminded too often, but enough that everyone who wants a place to remember can easily reach one and that every child will visit as part of disaster preparedness training, either with school or with their parents (preferably both). Let us try to keep the memories for the future, and preserve places for mourning and remembering!

Victory, sweet victory: ACTA is dead

Today, the European Parliament rejected ACTA with 478 votes to 39,
and 165 abstentions. With the largest economy worldwide out, ACTA is effectively dead worldwide. This is an epic victory for all of us to fought against ACTA, tweeted, mailed and called MEPs, took to the streets, and so much more. Thanks to all of you! We defeated the European Commission, huge companies, a number of national governments (including the US), and more to defend our freedom. New threads to a free net and civil rights are rising (think IPRED2, TPP, INDECT, …), but today we celebrate out victory!

Rick Falkvinge of the Swedish Pirate Party has a great (longer) writeup over at his blog.

Dear European Parliament: Please reject ACTA!

The final vote on ACTA in the European Parliament is scheduled for July 4th. This vote is crucial: If the EP rejects ACTA, it is defeated in the EU and most likely worldwide as well.

A few minutes ago, I sent a mail to all Members of the European Parliament asking them to reject ACTA. If you want to do the same, Mr. Falkvinge of the Swedish Pirate Party set up a handy mailing list to reach all Members of the EP at the same time. Below is the body of the message I sent, which you’re welcome to use for your own mail. We can win this!

Dear Member of the European Parliament,

As a citizen of Europe, I urge you to reject the ACTA treaty in the plenary session on July 2-5. The reasons for this request lie both in the contents of the treaty and the way it was made.

I know many other European citizens and people from all over the world are contacting you and your fellow members of the European Parliament concerning this matter. I believe most of them focus on the terrible effects ACTA would have on the civil liberties, availability of medicine, innovation in small companies, and other things. I would like to bring something else to your attention: The contempt for the European Parliament, European citizens and democracy in general that was shown by the negotiating parties and other proponents of ACTA.

ACTA was negotiated in secret, and from the beginning efforts were made to avoid drawing public attention to the very fact of negotiations talking place. The European Commission ignored repeated calls from the European Parliament to release drafts and other relevant documents during the negotiations. When parts leaked to the public, it quickly became clear why: ACTA is not designed to benefit the people of Europe, or other countries for that matter, it is designed for the benefit of a few, powerful companies (particularly from the USA), against both their competitors and the people.

Kader Arif, rapporteur for ACTA in the European Parliament, resigned in protest, saying: “I want to denounce in the strongest possible manner the entire process that led to the signature of this agreement: no inclusion of civil society organisations, a lack of transparency from the start of the negotiations, repeated postponing of the signature of the text without an explanation being ever given, exclusion of the EU Parliament’s demands that were expressed on several occasions in our assembly.”

Five committees of the European Parliament gave recommendations in regard to ACTA, and all of them recommend the European Parliament should reject ACTA. In a speech before the last of these committee votes, the one in the International Trade committee, Commissioner Karel De Gucht stated that if the European Parliament were to reject ACTA, he would request another vote later. In other words, he does not care about your vote as a representative of the European people, or the opinion of the people.

In short: Those behind ACTA don’t want the you as MEP and much less the public to think about ACTA, and see the European Parliament vote and public protests as nuisances on the way to their goal.

Due to this contempt for the European Parliament, European citizens and democracy, in addition to the disastrous effects ACTA would have worldwide, I urge you to assert the power of the European Parliament and reject ACTA in the name of the people of Europe.

Design a site like this with WordPress.com
Get started