Dear,
I got a real strange problem with my Xen
installation.
When I setup a DomU with an interface with
a public IP, packets are droped by dom0 …
I got a bridged configuration with VLANs :
#
brctl show
bridge
name bridge id STP enabled interfaces
tmpbridge
8000.000000000000 no
xlan.20
8000.feffffffffff no eth1.20
xlan.30
8000.feffffffffff no GEV1lan
NSlan
OmegaBlog1lan
RMlan
SFlan
eth1.30
xwan
8000.0026b9835a88 no peth0
testWan
#
ip add sh dev xwan
6:
xwan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state
UNKNOWN
link/ether 00:26:b9:83:5a:88 brd ff:ff:ff:ff:ff:ff
inet 78.24.xx.yy/26 brd 78.24.xx.yy scope global xwan
inet6 fe80::226:b9ff:fe83:5a88/64 scope link
valid_lft forever preferred_lft forever
-When I try to ping my domU I get huge
amount of packet loss:
#
ping 78.24.xx.zz
PING
78.24.xx.zz (78.24.xx.zz) 56(84) bytes of data.
64
bytes from 78.24.xx.zz: icmp_seq=1 ttl=128 time=5.69 ms
^C
---
78.24.xx.zz ping statistics ---
5
packets transmitted, 1 received, 80% packet loss, time 4026ms
rtt
min/avg/max/mdev = 5.690/5.690/5.690/0.000 ms
Monitoring the xwan bridge :
#
tcpdump -n -e -ttt -i xwan icmp
tcpdump:
verbose output suppressed, use -v or -vv for full protocol decode
listening
on xwan, link-type EN10MB (Ethernet), capture size 96 bytes
…
00:00:01.006698
00:26:b9:83:5a:88 > 00:16:3e:52:89:d2, ethertype IPv4 (0x0800), length 98:
78.24.130.200 > 78.24.130.204: ICMP echo request, id 60001, seq 304, length
64
00:00:01.000464
00:26:b9:83:5a:88 > 00:16:3e:52:89:d2, ethertype IPv4 (0x0800), length 98:
78.24.130.200 > 78.24.130.204: ICMP echo request, id 60001, seq 305, length
64
00:00:01.008578
00:26:b9:83:5a:88 > 00:16:3e:52:89:d2, ethertype IPv4 (0x0800), length 98:
78.24.130.200 > 78.24.130.204: ICMP echo request, id 60001, seq 306, length
64
00:00:01.008262
00:26:b9:83:5a:88 > 00:16:3e:52:89:d2, ethertype IPv4 (0x0800), length 98:
78.24.130.200 > 78.24.130.204: ICMP echo request, id 60001, seq 307, length
64
00:00:01.009170
00:26:b9:83:5a:88 > 00:16:3e:52:89:d2, ethertype IPv4 (0x0800), length 98:
78.24.130.200 > 78.24.130.204: ICMP echo request, id 60001, seq 308, length
64
00:00:00.000642
00:16:3e:52:89:d2 > 00:26:b9:83:5a:88, ethertype IPv4 (0x0800), length 98:
78.24.130.204 > 78.24.130.200: ICMP echo reply, id 60001, seq 308, length 64
ß Sometime an echo
reply …
00:00:00.999149
00:26:b9:83:5a:88 > 00:16:3e:52:89:d2, ethertype IPv4 (0x0800), length 98:
78.24.130.200 > 78.24.130.204: ICMP echo request, id 60001, seq 309, length
64
00:00:01.000767
00:26:b9:83:5a:88 > 00:16:3e:52:89:d2, ethertype IPv4 (0x0800), length 98:
78.24.130.200 > 78.24.130.204: ICMP echo request, id 60001, seq 310, length
64
00:00:01.000895
00:26:b9:83:5a:88 > 00:16:3e:52:89:d2, ethertype IPv4 (0x0800), length 98:
78.24.130.200 > 78.24.130.204: ICMP echo request, id 60001, seq 311, length
64
00:00:00.999157
00:26:b9:83:5a:88 > 00:16:3e:52:89:d2, ethertype IPv4 (0x0800), length 98:
78.24.130.200 > 78.24.130.204: ICMP echo request, id 60001, seq 312, length
64
- Iptables settings looks fine :
#
iptables -L
Chain
INPUT (policy ACCEPT)
target
prot opt source destination
Chain
FORWARD (policy ACCEPT)
target
prot opt source destination
ACCEPT
all -- anywhere anywhere state RELATED,ESTABLISHED PHYSDEV
match --physdev-out testWan
ACCEPT
all -- some.host.com anywhere PHYSDEV match --physdev-in testWan
…
Chain
OUTPUT (policy ACCEPT)
target
prot opt source destination
I did notice something weird : Lots of
multicast ICMPv6 packets sent :
#
tcpdump -n -e -ttt -i BurdaWan
tcpdump:
WARNING: BurdaWan: no IPv4 address assigned
tcpdump:
verbose output suppressed, use -v or -vv for full protocol decode
listening
on BurdaWan, link-type EN10MB (Ethernet), capture size 96 bytes
00:00:00.000000
00:16:3e:52:89:d2 > 33:33:00:00:00:16, ethertype IPv6 (0x86dd), length 90:
fe80::2ccf:baab:b297:334b > ff02::16: HBH ICMP6, multicast listener report
v2, 1 group record(s), length 28
00:00:00.000168
00:16:3e:52:89:d2 > 33:33:00:00:00:16, ethertype IPv6 (0x86dd), length 90:
fe80::2ccf:baab:b297:334b > ff02::16: HBH ICMP6, multicast listener report
v2, 1 group record(s), length 28
00:00:00.000220
00:16:3e:52:89:d2 > 33:33:00:00:00:16, ethertype IPv6 (0x86dd), length 90:
fe80::2ccf:baab:b297:334b > ff02::16: HBH ICMP6, multicast listener report
v2, 1 group record(s), length 28
00:00:00.000175
00:16:3e:52:89:d2 > 33:33:00:00:00:16, ethertype IPv6 (0x86dd), length 90:
fe80::2ccf:baab:b297:334b > ff02::16: HBH ICMP6, multicast listener report
v2, 1 group record(s), length 28
00:00:00.000173
00:16:3e:52:89:d2 > 33:33:00:00:00:16, ethertype IPv6 (0x86dd), length 90:
fe80::2ccf:baab:b297:334b > ff02::16: HBH ICMP6, multicast listener report
v2, 1 group record(s), length 28
…
If someone could help me on this it would
be MUCH appreciated !
Thanks by advance,
Guillaume S.
