[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-users] One nic in dom0, two nics in domU



Hi,

I have got a problem with network bridging. Maybe somebody sees, where 
my fault is. 

My physical host has one nic (eth0). But in my first domU I want to 
setup two nics (eth0, eth1).
If I understood it correct eth1@domU#1 is connected to vif1.1@dom0 
which is connected to xenbr0@dom0.

So I thought something like this should work:

peth0 <-> xenbr0 <-> vif0.0 <-> eth0 @ dom0   (00:04:75:FA:CF:C9, 
               |                               172.22.8.33, em-becker)
               |
               + <-> vif1.0 <-> eth0 @ domU#1 (aa:00:00:00:00:02, 
               |                               172.22.8.2, em-vsrv2)
               |
               + <-> vif1.1 <-> eth1 @ domU#1 (aa:00:00:00:00:22, 
                                               172.22.8.22, em-vsrv2b)

But this did not work, as I expect.
While I can ping eth0@domU#1 from everywhere I want, I cannot ping
eth1@domU#1 from a host that is not in the same network.

I setup some iptables LOG rules in dom0 and domU#1 INPUT, OUTPUT and 
FORWARD chains to see what happens:

If I send a ping to domU#1's eth0 from a host within the same network 
(em-stigler, 172.22.8.29), everything looks good:
em-stigler$ ping -c 1 em-vsrv2
-- messages at dom0 --
Mar 15 14:24:00 em-becker kernel: IN=xenbr0 OUT=xenbr0 PHYSIN=peth0 
PHYSOUT=vif1.0 SRC=172.22.8.29 DST=172.22.8.2 LEN=84 TOS=0x00 PREC=0x00 TTL=64 
ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=21297 SEQ=1 
Mar 15 14:24:00 em-becker kernel: IN=xenbr0 OUT=xenbr0 PHYSIN=vif1.0 
PHYSOUT=peth0 SRC=172.22.8.2 DST=172.22.8.29 LEN=84 TOS=0x00 PREC=0x00 TTL=64 
ID=397 PROTO=ICMP TYPE=0 CODE=0 ID=21297 SEQ=1 
-- messages at domU#1 --
Mar 15 14:24:00 em-vsrv2 kernel: IN=eth0 OUT= 
MAC=aa:00:00:00:00:02:00:0a:5e:20:10:89:08:00 SRC=172.22.8.29 DST=172.22.8.2 
LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=21297 
SEQ=1 
Mar 15 14:24:00 em-vsrv2 kernel: IN= OUT=eth0 SRC=172.22.8.2 DST=172.22.8.29 
LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=397 PROTO=ICMP TYPE=0 CODE=0 ID=21297 SEQ=1 

Same behaviour occours if the ping sending host is on another network.
So with eth0 everything is fine.

If I send a ping to domU#1's eth1 from em-stigler, I get a pong,
but the packet flow looks weird:
em-stigler$ ping -c 1 em-vsrv2b
-- messages at dom0 --
Mar 15 14:30:52 em-becker kernel: IN=xenbr0 OUT=xenbr0 PHYSIN=peth0 
PHYSOUT=vif1.0 SRC=172.22.8.29 DST=172.22.8.22 LEN=84 TOS=0x00 PREC=0x00 TTL=64 
ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=5428 SEQ=1 
Mar 15 14:30:52 em-becker kernel: IN=xenbr0 OUT=xenbr0 PHYSIN=vif1.0 
PHYSOUT=peth0 SRC=172.22.8.22 DST=172.22.8.29 LEN=84 TOS=0x00 PREC=0x00 TTL=64 
ID=400 PROTO=ICMP TYPE=0 CODE=0 ID=5428 SEQ=1 
-- messages at domU#1 --
Mar 15 14:30:52 em-vsrv2 kernel: IN=eth0 OUT= 
MAC=aa:00:00:00:00:02:00:0a:5e:20:10:89:08:00 SRC=172.22.8.29 DST=172.22.8.22 
LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=5428 SEQ=1 
Mar 15 14:30:52 em-vsrv2 kernel: IN= OUT=eth0 SRC=172.22.8.22 DST=172.22.8.29 
LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=400 PROTO=ICMP TYPE=0 CODE=0 ID=5428 SEQ=1 

Now, if I ping domU#1's eth1 from a host within another network
(em-pnueli, 172.22.10.40) I don't get a pong:
-- messages at dom0 --
Mar 15 14:33:47 em-becker kernel: IN=xenbr0 OUT=xenbr0 PHYSIN=peth0 
PHYSOUT=vif1.1 SRC=172.22.10.40 DST=172.22.8.22 LEN=84 TOS=0x00 PREC=0x00 
TTL=63 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=53508 SEQ=0 
Mar 15 14:33:47 em-becker kernel: IN=xenbr0 OUT=xenbr0 PHYSIN=peth0 
PHYSOUT=vif1.0 SRC=172.22.10.40 DST=172.22.8.22 LEN=84 TOS=0x00 PREC=0x00 
TTL=63 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=53508 SEQ=0 
Mar 15 14:33:47 em-becker kernel: IN=xenbr0 OUT=xenbr0 PHYSIN=peth0 
PHYSOUT=vif0.0 SRC=172.22.10.40 DST=172.22.8.22 LEN=84 TOS=0x00 PREC=0x00 
TTL=63 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=53508 SEQ=0 
-- no messages at domU#1 appear --

On both xen domains my FORWARD chain looks like that:
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
LOG        icmp --  0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 
4 
Also the other chains do nothing spectecular.

So, I do not understand, why the ping packet does not show up in
domU#1.
Any hint would be appreciated.

Regards,
        heinzel

-- 
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GCS d- s-:-- a- C++(---) UL++++$ P--- L+++ E--- W(--) N++ o? K? w---
O M- !V PS+++ PE Y+ PGP+ t 5- X- R* tv-- b++ DI-- D---- G e h++ r@ !y
------END GEEK CODE BLOCK------

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.