[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Xen-users] Network-bridge with VLAN

  • To: "Gael Reignier" <gael@xxxxxxxxxx>, <xen-users@xxxxxxxxxxxxxxxxxxx>
  • From: "James Harper" <james.harper@xxxxxxxxxxxxxxxx>
  • Date: Sat, 8 Nov 2008 13:34:23 +1100
  • Cc:
  • Delivery-date: Fri, 07 Nov 2008 18:35:04 -0800
  • List-id: Xen user discussion <xen-users.lists.xensource.com>
  • Thread-index: AclA2ZK+AsN+wFnlQVuQFB/LZTTRGwAbtWKA
  • Thread-topic: [Xen-users] Network-bridge with VLAN
> 
> Javier Guerra wrote:
> > On Thu, Nov 6, 2008 at 3:08 PM, Gael Reignier <gael@xxxxxxxxxx>
wrote:
> >> I managed to have a VLAN running on dom0 and they work well, I can
ping
> >> other hosts in the same VLAN.
> >>
> >> But when I am trying to ping other hosts from my domU, it just does
not
> >> work (From 10.10.2.12 icmp_seq=2 Destination Host Unreachable)
> >
> > it seems you're adding the the VLAN device to the bridge; therefore
> > the DomU shouldn't use another layer of VLAN.  all the tagging
should
> > be done on Dom0
> >
> Well actually, I tried both:
> 
> - - I tried to do the tagging on Dom0 then not do any tagging on the
DomU
> 
> - - Then after reading more from a book called 'Xen Virtualization', I
> did the tagging on Dom0 and on DomU
> 
> So maybe I should try not to do any tagging on the Dom0 and do all the
> tagging in the DomU.
> What do you reckon?
> 

I haven't been following this thread so maybe you already know this, but
depending on what you want to do you may need to involve ebtables. Also,
your hardware adapter may do vlan offloading for you, which could make
things not work.

When a packet comes in on an Ethernet interface with a VLAN tag on it,
Linux has to decide what to do with it - route it onto the bridge or
make it appear on a vlan interface (eg eth0.2). ebtables can force the
situation in the way you want... I'm not sure what the default is.

Last time I tried, you couldn't 'split' a packet so that one copy went
to Dom0's local interface (eg eth0.2) and another copy remained tagged
and went onto the bridge. I did find a workaround for this via creative
use of Dom0's vif0.X/vethX interfaces, but it always crashed after a few
hours. This was a while back though.

Using ebtables you can say 'packets with vlan tag 2 go to eth0.2,
packets with vlan tag 3 go to eth0.3, all other tagged packets remain
tagged and go onto the bridge'.

If the hardware adapter supports 802.1q offload though, when you define
local interfaces eth0.2 and eth0.3, the kernel tells the adapter 'we are
interested in untagged packets, and packets with tags of 2, or 3, but
throw the rest away'. If your intention is to route other tagged packets
onto your bridge then you won't get what you expect. I'm not sure if
there is a way to turn this off either.

James

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.