[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Dom0 gateway

  • To: "Sergio Maffioletti (CSCS)" <sergio.maffioletti@xxxxxxx>
  • From: Rob Dyke <robdyke@xxxxxxxxx>
  • Date: Fri, 25 Nov 2005 12:51:06 +0000
  • Cc: xen-users@xxxxxxxxxxxxxxxxxxx
  • Delivery-date: Fri, 25 Nov 2005 12:51:09 +0000
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:references; b=hwgNrmNY+McBCuDG9DDOBZ6Tbn803LXDUk4nrfn6jvF1vBg/lgwRuBXmfl09sTmDuxhsvQ4HwssxbSbQiIbZYVh+RU9M7D8tzBVlIqndz31FR1Nmkwz2uFblEylIb2hWblZcl+doHhr1wxHlGOHM7026Sxece9rHHdVLixLhsvM=
  • List-id: Xen user discussion <xen-users.lists.xensource.com>
Sergio, All,

This is very similar to the question I posted a couple of days ago regarding the networking setup on a colo server with public IPs.

My settings are similar - but I have not got an IP assigned to eth0 on domU....

On domU (FC4):
[root@dellserver ~]# brctl show xen-br0
bridge name     bridge id               STP enabled     interfaces
xen-br0         8000.00142272e278       no              eth0
                                                        vif1.0

[root@dellserver ~]# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:14:22:72:E2:78 
          inet6 addr: fe80::214:22ff:fe72:e278/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:15940810 errors:0 dropped:0 overruns:0 frame:0
          TX packets:42 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:4185960609 (3.8 GiB)  TX bytes:3566 (3.4 KiB)
          Base address:0xecc0 Memory:dfde0000-dfe00000

eth1      Link encap:Ethernet  HWaddr 00:14:22:72:E2:79 
          inet addr:85.234.137.34  Bcast:85.234.137.255  Mask:255.255.255.0
          inet6 addr: fe80::214:22ff:fe72:e279/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1117214 errors:0 dropped:0 overruns:0 frame:0
          TX packets:62116 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:81320608 (77.5 MiB)  TX bytes:86637157 (82.6 MiB)
          Base address:0xdcc0 Memory:df9e0000-dfa00000

eth1:0    Link encap:Ethernet  HWaddr 00:14:22:72:E2:79 
          inet addr:85.234.137.35  Bcast:85.234.137.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Base address:0xdcc0 Memory:df9e0000-dfa00000

eth1:1    Link encap:Ethernet  HWaddr 00:14:22:72:E2:79 
          inet addr:85.234.137.36  Bcast:85.234.137.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Base address:0xdcc0 Memory:df9e0000-dfa00000

lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:3591 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3591 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:290872 (284.0 KiB)  TX bytes:290872 (284.0 KiB)

vif1.0    Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF 
          inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:35 errors:0 dropped:0 overruns:0 frame:0
          TX packets:467698 errors:0 dropped:4424 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:2702 (2.6 KiB)  TX bytes:26353434 (25.1 MiB)

xen-br0   Link encap:Ethernet  HWaddr 00:14:22:72:E2:78 
          inet6 addr: fe80::200:ff:fe00:0/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1081281 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:62848349 (59.9 MiB)  TX bytes:378 (378.0 b)

[root@dellserver ~]# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
85.234.137.0    *               255.255.255.0   U     0      0        0 eth1
169.254.0.0     *               255.255.0.0     U     0      0        0 eth1
default         85-234-137-1.po 0.0.0.0         UG    0      0        0 eth1
[root@dellserver ~]#


on my dom0 (FC4 also)
[root@dellserver ~]# xm console vm-colo1
************ REMOTE CONSOLE: CTRL-] TO QUIT ********

[root@vm-colo1 ~]# ifconfig
eth0      Link encap:Ethernet  HWaddr BA:D0:C0:FF:EE:01 
          inet addr:85.234.137.244  Bcast:85.234.137.255  Mask:255.255.255.0
          inet6 addr: fe80::b8d0:c0ff:feff:ee01/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:560282 errors:0 dropped:0 overruns:0 frame:0
          TX packets:35 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:31647509 (30.1 MiB)  TX bytes:2702 (2.6 KiB)

lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:560 (560.0 b)  TX bytes:560 (560.0 b)

[root@vm-colo1 ~]# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
85.234.137.0    *               255.255.255.0   U     0      0        0 eth0
169.254.0.0     *               255.255.0.0     U     0      0        0 eth0
default         dellserver.comw 0.0.0.0         UG    0      0        0 eth0
[root@vm-colo1 ~]#

What happens with this network configuration? Well I can ping eth1 on domU but I am not able to ping e.g. the network gateway.

As you can see from my iptables output I have tried to use the rules as outlined in the xensource wiki.

root@dellserver ~]# iptables -L
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination        
ACCEPT     all  --  anywhere             anywhere            PHYSDEV match --physdev-in eth0 ! --physdev-out eth0
ACCEPT     all  --  anywhere             anywhere            PHYSDEV match ! --physdev-in eth0 --physdev-out eth0
RH-Firewall-1-INPUT  all  --  anywhere             anywhere           

Chain INPUT (policy ACCEPT)
target     prot opt source               destination        
RH-Firewall-1-INPUT  all  --  anywhere             anywhere           

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination        

Chain RH-Firewall-1-INPUT (2 references)
target     prot opt source               destination        
ACCEPT     all  --  anywhere             anywhere           
ACCEPT     icmp --  anywhere             anywhere            icmp any
ACCEPT     ipv6-crypt--  anywhere             anywhere           
ACCEPT     ipv6-auth--  anywhere             anywhere           
ACCEPT     udp  --  anywhere             224.0.0.251         udp dpt:5353
ACCEPT     udp  --  anywhere             anywhere            udp dpt:ipp
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:imap
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:smtp
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:http
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited
[root@dellserver ~]#


Any thoughts on how I should be structuring my networking to resolve this problem please?

Thanks.
Rob



On 11/25/05, Sergio Maffioletti (CSCS) <sergio.maffioletti@xxxxxxx> wrote:
Dear All

I'm getting little bit confuse with networking settings for Dom0 when domUs
are configured with public IP addresses.

I'm not really sure whether dom0 really needs to setup any particular iptable
or not.

basically each domU I have uses the subnet gateway and the default DNS as they
were "ordinary" nodes.

on dom0 (debian 2.4.30) : ifconfig
-----------------
eth0      Link encap:Ethernet  HWaddr 00:0F:1F:D8:3B:59
          inet addr:148.187.33.171  Bcast:148.187.33.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:11167773 errors:0 dropped:0 overruns:0 frame:0
          TX packets:12111328 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:932153715 (888.9 MiB)  TX bytes:3032069910 (2.8 GiB)
          Interrupt:16

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask: 255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:28372 errors:0 dropped:0 overruns:0 frame:0
          TX packets:28372 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:2153493 (2.0 MiB)  TX bytes:2153493 (2.0 MiB)

vif1.0    Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:28703 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2897647 errors:0 dropped:124 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:2278631 (2.1 MiB)  TX bytes:182743341 (174.2 MiB)

vif4.0    Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:45984 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2879171 errors:0 dropped:207 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:6263702 (5.9 MiB)  TX bytes:179213789 (170.9 MiB)

xen-br0   Link encap:Ethernet  HWaddr 00:0F:1F:D8:3B:59
          inet addr:148.187.33.171  Bcast:148.187.33.255  Mask:255.255.255.255
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:11149307 errors:0 dropped:0 overruns:0 frame:0
          TX packets:12099488 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:709590887 (676.7 MiB)  TX bytes:2982270139 (2.7 GiB)
-----------------

on domU vif4.0 (slc-3.0.5 kernel 2.4.30) ifconfig
eth0      Link encap:Ethernet  HWaddr AA:14:00:00:00:03
          inet addr:148.187.33.220  Bcast:148.187.33.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2891601 errors:0 dropped:0 overruns:0 frame:0
          TX packets:46389 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:179968772 (171.6 Mb)  TX bytes:6352167 (6.0 Mb)

on domU vif1.0 (slc-3.0.5 kernel 2.4.30) ifconfig
eth0      Link encap:Ethernet  HWaddr AA:14:00:00:00:01
          inet addr:148.187.33.168  Bcast:148.187.33.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2910674 errors:0 dropped:0 overruns:0 frame:0
          TX packets:28838 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:183542936 (175.0 Mb)  TX bytes:2288739 (2.1 Mb)


and everything seems to work beside that vif4.0 cannot ping vif1.0 (vice versa
works indeed)

I'm also experiencing temporary (order of 10 seconds) domUs unreachable.
does this has anything to do with the scheduler ?
or am I just lucky that with a screwed up configuration things are randomly
working ?

thanks for any suggestion
Regards
Sergio :)

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.