[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] HELP: xenbr on vlan if --> tcp checksum error

To: xen-users@xxxxxxxxxxxxxxxxxxx
From: "luc@xxxxxxxxxxx" <luc@xxxxxxxxxxx>
Date: Thu, 15 Dec 2005 21:49:14 +0100
Cc: "Lockenvitz, Jan \(EXT\)" <Jan.Lockenvitz.extern@xxxxxxxxxxxxxx>
Delivery-date: Thu, 15 Dec 2005 20:51:27 +0000
List-id: Xen user discussion <xen-users.lists.xensource.com>

Lockenvitz, Jan (EXT) wrote:

Hi

I'm testing around with xen 3.0 snapshot from last week. And i'm now
having a problem with a xenbr which is based on a vlan if (dot1q).

this is all in dom0

os: debian testing network: tg3

I can start the bridge based on my normal physical eth0 which is
working without any problems. My clan without bridge is also working.
 I can start the bridge based on a vlan if with help of the following
command:

# network-bridge start netdev=vlan100 bridge=xenbr0

The bridge is started (as i think) correctly. My interfaces and
bridge looks like this:

# ifconfig


 [ ... ]

# brctl show

bridge name bridge id STP enabled interfacesxenbr0 8000.feffffffffff no pvlan100vif0.0


a ping to an other machine is fine

But i can't ssh to any other machine. I started tracing on another
machine and ethereal shows an incorrect TCP checksum. And the TCP
checksum is this case seems to depend on the packet size. I also
traced in dom0 on the following IF: vlan100, pvlan100 and eth0 (where
the vlan is bound to) On vlan100 i can see the same packets as on the
destination machine, but on pvlan100 and eth0 the TCP checksum is
correct.

Is this problem known?

This sounds like an issue we found in our test-lab when using twophysical ethernetcards in a machine (and bridges on both). When the 1thdomainU is configured as a NAT-firewall, a 2nd domainU on the insidenetwork, behind this firewall can succesfully ping through theNAT-firewall to an other physical machine in the outside network.However, from this 2nd domainU it is not possible to ssh/telnet throughthis NAT-firewall to the machine on the outside network.

When the firewall is only routing, the issue does not occur.



 ----xen-br1          outside network
       |
      eth0
      xxxxx            1th domainU (firewall/router)
      eth1
       |
 ----xen-br2          inside network
       |
      eth0
      xxxxx            2nd domainU

The issue does also not occur when a second physical machine is usedwhich is connected to the inside network. Then, the NAT-firewall doesit's job succesfully.

We found this in both in the three weeks old testing, the releasedstable of this week, the 32 and the 64 bit version. Distribution isDebian stable(sarge)


[root@dom0]# brctl show
bridge name     bridge id               STP enabled     interfaces
xen-br0         8000.000e2e333b62       no              eth0
                                                        vif1.0
...
xen-br1         8000.0000212fecc1       no              eth1
xen-br2         8000.0011091e4b64       no              eth2

Can someone help to solve this? I can post some traces if necessary

Thanx in advance, Jan



Regards,
Luc

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

References:
- [Xen-users] HELP: xenbr on vlan if --> tcp checksum error
  - From: Lockenvitz, Jan \(EXT\)

Prev by Date: Re: [Xen-users] PXE installation of domU
Next by Date: Re: [Xen-users] Device 2049 (vbd) could not be connected. Backenddevice not found.
Previous by thread: [Xen-users] HELP: xenbr on vlan if --> tcp checksum error
Next by thread: [Xen-users] xen and vlans
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.