[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Cannot change MAC address of domU vif

  • To: xen-users@xxxxxxxxxxxxxxxxxxx
  • From: Peter Braun <xenware@xxxxxxxxx>
  • Date: Tue, 30 Mar 2010 22:59:05 +0200
  • Delivery-date: Tue, 30 Mar 2010 14:01:47 -0700
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=IOiKx2YRSGV9jDQO8w8OeAGjqm0nQq2VHfUZICHRkFoumV/IC/OA/0GZCP/hw5u1V0 C/TEnxfyAS61fUZL23WtgqiS3mm/psmz7VIUjCiRrZeoMggv1/Q1CGgY5txUH4qpGzoQ W+A5YGrnwf4mXOkIepp/s4qcNQ/dDIvlGKAHE=
  • List-id: Xen user discussion <xen-users.lists.xensource.com>


The problem was " enabled port security" on switch.



2010/3/30 Simon Hobson <linux@xxxxxxxxxxxxxxxx>:
> Peter Braun wrote:
>> xen 3.4.1 - several domUs - bridged networking.
>> 1) domU has not been MAC assigned in cfg file. Running for several
>> months without problem.
>>    Now domu has been shutdown. After starting again, vif MAC has been
>> randomly created new.
>>    Domu cannot communicate with gate - can ping only host IP and IPs
>> of domU which are on the same host.
>>    Located previous vif MAC in xend.log and assigned it to domu cfg
>> file - communication works without problem.
>> 2) domU vif MAC cannot be changed
>> 3) in the past we copied one domU accidentally including MAC address.
>> Both original and copy domu cannot
>>    communicate with outside world with any MAC address other then the
>> original.
>> 4) the problem is totaly associated to MAC address allocation. There
>> is no problem to change IP address of "working domU".
> The problem is likely to be ARP caching. Devices will cache MAC-IP pairs for
> some time so as to avoid having to keep making ARP requests. Different
> systems will behave differently in terms of how long they cache entries for,
> and whether they'll update the table based on unsolicited packets received.
> Another possible cause is switches. I believe some of these will snoop
> traffic and cache IP-MAC pairs as a security measure - blocking packets from
> what they perceive as 'rogue' devices with a different MAC address.
> Also, are you running any packet filtering on Dom0 ?
> The first thing I'd do is look at the ARP table on a host you can't
> communicate with - and delete any stale entries. If that doesn't work, then
> it's time to fire up a packet sniffer and see what packets are getting
> where.
> At work I have the reverse problem - if we move a device, then the HP
> switches won't forget the old MAC-Port pairing until it times out (5 mins by
> default) and so the minimum outage when moving something is 5 minutes
> without going into the switches and fiddling.
> --
> Simon Hobson
> Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
> author Gladys Hobson. Novels - poetry - short stories - ideal as
> Christmas stocking fillers. Some available as e-books.
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-users

Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.