[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Xen-users] xen bridged network config woes [repost w/apology]


  • To: "Ali Roze" <xen@xxxxxxxxxxxxxxxxxxxxx>, <xen-users@xxxxxxxxxxxxxxxxxxx>
  • From: "Gary W. Smith" <gary@xxxxxxxxxxxxxxx>
  • Date: Mon, 5 Feb 2007 16:58:46 -0800
  • Delivery-date: Mon, 05 Feb 2007 16:59:21 -0800
  • List-id: Xen user discussion <xen-users.lists.xensource.com>
  • Thread-index: AcdJh7oqaAURUgOJSLeEpQ3e4KB2UQAAWvJQ
  • Thread-topic: [Xen-users] xen bridged network config woes [repost w/apology]

Ali, 

What does the iptables scripts look like on the Dom0.  I know that when
I originally configured my Fedora6 server I forgot to disable it and a
lot of things broke.

Gary

-----Original Message-----
From: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
[mailto:xen-users-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Ali Roze
Sent: Monday, February 05, 2007 4:42 PM
To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] xen bridged network config woes [repost w/apology]

My profuse apologies if you've already read this-it is a repost. I
accidentally replied to a different thread, and I fear it was buried as
a reply to that thread and may not get read by anyone but those who were
paying attention to that one. My problem is unrelated to that one, other
than that both involve xen's networking, and I happened to be reading
that one when I decided to write my own plea for help.

Hi, I've been bashing my head over Xen networking for about a week now,
and I'd love to get some help from the list. I've read the Wiki, the
manual, the mailing list archives, and Googled my fingers to the bone.
I'll try to describe my problem as best as I can; if I've left anything
relevant out, please let me know what you need. In a nutshell:

-The server is at a colo facility, and I have no physical access to it,
just ssh. 

-I have the IP addresses A.B.94.226 through 94.230. The gateway is at
94.225.

-Dom0 is configured with A.B.94.226. I've only set up a single DomU,
with A.B.94.227. I'm using Xen's bridging scripts.

-Dom0 can ping DomU. DomU can ping Dom0. Dom0 can reach the internet and
be reached by it, but DomU cannot.

DomU's /etc/network/interfaces:

root@domU:~# cat /etc/network/interfaces
# Used by ifup(8) and ifdown(8). See the interfaces(5) manpage or
# /usr/share/doc/ifupdown/examples for more information.
# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
# Uncomment this and configure after the system has booted for the first
time
auto eth0
iface eth0 inet static
        address A.B.94.227
        netmask 255.255.255.248
        gateway A.B.94.225

DomU config file:

root@dom0:~# cat /etc/xen/domU
#  -*- mode: python; -*-
kernel = "/boot/vmlinuz-2.6.16.29-xen"
ramdisk = "/boot/initrd.img-2.6.16-29-xen"
memory = 128
name = "domU"
vif = ['bridge=xenbr0,ip=A.B.94.227']
disk =
['phy:/dev/xenvolume/domU,sda1,w','phy:/dev/xenvolume/domU-swap,sda2,w']
netmask = "255.255.255.248"
gateway = "A.B.94.225"
hostname = "domU"
root = "/dev/sda1 ro"

Some more info from Dom0:

root@dom0:~# brctl show
bridge name     bridge id               STP enabled     interfaces
xenbr0          8000.feffffffffff       no              vif0.0
                                                        peth0
                                                        vif1.0
root@dom0:~# brctl showmacs xenbr0
port no mac addr                is local?       ageing timer
  1     00:14:85:f7:ea:67       no                 0.00
  2     00:19:56:5a:e9:d5       no                 1.03
  2     00:60:3e:0b:9c:48       no                 0.00
  1     fe:ff:ff:ff:ff:ff       yes                0.00

dom0 xend-config.sxp:

root@dom0:~# cat /etc/xen/xend-config.sxp | grep -v "^#" | grep "[a-z]"
(xend-relocation-server yes)
(xend-relocation-hosts-allow '^localhost$ ^localhost\\.localdomain$')
(network-script network-bridge)
(vif-script vif-bridge)
(dom0-min-mem 196)
(dom0-cpus 0)

I tried a tcpdump on dom0 while pinging an outside-the-network host from
domU, here's what I get:

domU:

root@domU:~# ping -c4 4.2.2.1
PING 4.2.2.1 (4.2.2.1) 56(84) bytes of data.
>From A.B.94.227 icmp_seq=1 Destination Host Unreachable
>From A.B.94.227 icmp_seq=2 Destination Host Unreachable
>From A.B.94.227 icmp_seq=3 Destination Host Unreachable
>From A.B.94.227 icmp_seq=4 Destination Host Unreachable

--- 4.2.2.1 ping statistics ---
4 packets transmitted, 0 received, +4 errors, 100% packet loss, time
3002ms
, pipe 3
root@domU:~# ping -c4 A.B.94.226
PING A.B.94.226 (A.B.94.226) 56(84) bytes of data.
64 bytes from A.B.94.226: icmp_seq=1 ttl=64 time=0.113 ms
64 bytes from A.B.94.226: icmp_seq=2 ttl=64 time=0.107 ms
64 bytes from A.B.94.226: icmp_seq=3 ttl=64 time=0.090 ms
64 bytes from A.B.94.226: icmp_seq=4 ttl=64 time=0.087 ms

--- A.B.94.226 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2997ms
rtt min/avg/max/mdev = 0.087/0.099/0.113/0.013 ms

Meanwhile in dom0:

root@dom0:~# tcpdump src host A.B.94.227 -vv -a
tcpdump: WARNING: vif0.0: no IPv4 address assigned
tcpdump: listening on vif0.0, link-type EN10MB (Ethernet), capture size
96 bytes
14:57:36.016831 arp who-has woc.gw.webhost.net tell woc-2.ce.webhost.net
14:57:37.016795 arp who-has woc.gw.webhost.net tell woc-2.ce.webhost.net
14:57:38.016804 arp who-has woc.gw.webhost.net tell woc-2.ce.webhost.net
14:57:39.026781 arp who-has woc.gw.webhost.net tell woc-2.ce.webhost.net
14:57:40.026796 arp who-has woc.gw.webhost.net tell woc-2.ce.webhost.net
14:57:41.026795 arp who-has woc.gw.webhost.net tell woc-2.ce.webhost.net
14:57:54.872056 IP (tos 0x0, ttl  64, id 0, offset 0, flags [DF], proto:
ICMP (1), length: 84) woc-2.ce.webhost.net > woc-1.ce.webhost.net: ICMP
echo request, id 30474, seq 1, length 64
14:57:55.871054 IP (tos 0x0, ttl  64, id 0, offset 0, flags [DF], proto:
ICMP (1), length: 84) woc-2.ce.webhost.net > woc-1.ce.webhost.net: ICMP
echo request, id 30474, seq 2, length 64
14:57:56.870039 IP (tos 0x0, ttl  64, id 0, offset 0, flags [DF], proto:
ICMP (1), length: 84) woc-2.ce.webhost.net > woc-1.ce.webhost.net: ICMP
echo request, id 30474, seq 3, length 64
14:57:57.869040 IP (tos 0x0, ttl  64, id 0, offset 0, flags [DF], proto:
ICMP (1), length: 84) woc-2.ce.webhost.net > woc-1.ce.webhost.net: ICMP
echo request, id 30474, seq 4, length 64
14:57:59.864254 arp reply woc-2.ce.webhost.net is-at 00:16:3e:39:f0:ab
(oui Unknown)

11 packets captured
25 packets received by filter
0 packets dropped by kernel
root@dom0:~# 

As you can see, when domU is trying to ping 4.2.2.1, it's sending ARP
who-has requests that apparently never get answered. When domU is trying
to ping dom0, it just pings it with no problems. So where should I start
looking for a misconfiguration? How can I troubleshoot this?

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.