[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] "routed" networking under Xen 3.2.1 / HVM?

  • To: "Nick Craig-Wood" <nick@xxxxxxxxxxxxxx>
  • From: "Ray Barnes" <tical.net@xxxxxxxxx>
  • Date: Thu, 29 May 2008 16:08:40 -0400
  • Cc: Xen-users@xxxxxxxxxxxxxxxxxxx
  • Delivery-date: Thu, 29 May 2008 13:09:18 -0700
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=TN2hh3GZxO2/9vigUrzMM9c4aq+fqTLejl5MUg+SdrPZHtunLKTx3CFPW+WIEa0hy4P93GsLI0Yud/MW8lYfE9OKEm6HkhH2mds/jWeRssZdZO+7WYrLyoftR/hs3LUbZM305E3pjndmjU3I3fpCPeOeiLKfz7Fem41s/1rLrVw=
  • List-id: Xen user discussion <xen-users.lists.xensource.com>

Thanks Nick.

To the general population:  I'm bumping into a problem which looks like a bug.  Perhaps it's for lack of knowledge (and _documentation_ of HVM).  If I do the following:

brctl addbr bmette31
ifconfig bmette31 netmask
xm create bmette31

Where "bmette31" has a config file that has a vif entry like: vif = [ 'type=ioemu, mac=00:16:3e:00:00:07, bridge=bmette31']  this works *just fine*.  I'm able to route through the host to the HVM domain which is set to  However, whenever I use a script which is loosely based on a vif-bridge script that I got from /etc/xen/scripts running Xen 3.2.1 compiled from source, it does not work.  Specifically, I can reach from the outside but not  As far as I can tell, the problem is that whenever 'brctl addbr bmette31' is invoked from outside the script, networking between the host and the HVM guest works fine, but when invoked from within the script, networking between the host and the HVM guest does not work.  Note that while the domain is running (and using the script below), 'brctl show' indicates that I have a bridge called bmette31 and that 'ifconfig bmette31' shows the right IP.  So just to recap - if I comment out 'brctl addbr bmette31' from the script below and run it manually then start the HVM guest, networking is fine, but if I run that from within the script it does not work.  Any ideas before I treat this as a bug and post to xen-devel?


#vif bridge script for HVMs
#invoke like this:
#vif = [ 'type=ioemu, mac=00:16:3e:00:00:07, bridge=bmette31, script=vif-bmette31' ]

/usr/sbin/brctl addbr bmette31

dir=$(dirname "$0")
. "$dir/vif-common.sh"

bridge=$(xenstore_read_default "$XENBUS_PATH/bridge" "$bridge")

ip link show $bridge 1>/dev/null 2>&1 || RET=1
if [ "$RET" -eq 1 ]
#       do_without_error brctl addbr "$bridge"
    fatal "Could not find bridge device $bridge"

case "$command" in
        setup_bridge_port "$vif"
        add_to_bridge "$bridge" "$vif"
        sleep 2
        ifconfig "$bridge" netmask

        do_without_error ifconfig "$bridge" down
        do_without_error brctl delbr "$bridge"

log debug "Successful vif-bridge $command for $vif, bridge $bridge."
if [ "$command" == "online" ]

On Tue, May 13, 2008 at 7:18 AM, Nick Craig-Wood <nick@xxxxxxxxxxxxxx> wrote:
Ray Barnes <tical.net@gmail.com> wrote:
> Understanding that HVM does not support routed networking in the
> sense that we're accustomed to with paravirtualized guests, I'm
> hoping there is some similar use-case scenario I've missed.

I made this work with Xen 3.1 and hvm guests.

Probably the easiest way is to hard code the routing you want in

The interface is passed in as argument $1 and the bridge name as
argument $2.  Since you aren't bridging you can use the bridge name to
decide how to configure the interface with a shell case statement.

Eg in your /etc/xen/MYDOMAIN file

vif = [ 'type=ioemu, ip=, bridge=MYDOMAIN' ]

Then in /etc/xen/qemu-ifup something like (untested)



case "$bridge" in
       ifconfig $if netmask up
       route add -host dev $if

echo 1 >/proc/sys/net/ipv4/conf/${if}/proxy_arp
echo 1 >/proc/sys/net/ipv4/conf/${if}/rp_filter

You need to make the usual changes for routing rather than bridging in
xen also.

I actually did this in a different very much more complicated way
which allowed the original routing scripts to work.  This way should
work and be a lot simpler though!

Nick Craig-Wood <nick@xxxxxxxxxxxxxx> -- http://www.craig-wood.com/nick

Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.