[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-users] Re: [XCP] vlan from guests


  • To: xen-users@xxxxxxxxxxxxxxxxxxx
  • From: Tundra Slosek <ivoryring@xxxxxxxxx>
  • Date: Wed, 22 Sep 2010 08:27:24 -0400
  • Delivery-date: Wed, 22 Sep 2010 05:28:49 -0700
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=pnIFzcae40eaBRcszbN9a0/eZdm8t2dxTk4zEs4lVpwvYBGYdcj1s7V2wKu9m2egON hgA0jtJhDVp6OZHkd8bx9VT+w2F7PY4BmIXK4yaSuZROIB73DDgtxhnxf7AxSMcGYxC2 EVPR/cIj+CIEoggSPMO+tzerLGIei/rxpkE3Y=
  • List-id: Xen user discussion <xen-users.lists.xensource.com>

Further update on this - if I assign xapi7 an actual IP address (192.168.30.201) manually in dom0, I am able to ping the guest (192.168.30.200) without any difficulty:

[root@nnexen1 ~]# ifconfig xapi7
xapi7     Link encap:Ethernet  HWaddr 00:18:71:78:0A:3E 
          inet addr:192.168.30.201  Bcast:192.168.30.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:411465 errors:0 dropped:0 overruns:0 frame:0
          TX packets:35 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:17283426 (16.4 MiB)  TX bytes:1526 (1.4 KiB)

[root@nnexen1 ~]# ping -c 3 192.168.30.200
PING 192.168.30.200 (192.168.30.200) 56(84) bytes of data.
64 bytes from 192.168.30.200: icmp_seq=1 ttl=64 time=1.13 ms
64 bytes from 192.168.30.200: icmp_seq=2 ttl=64 time=0.286 ms
64 bytes from 192.168.30.200: icmp_seq=3 ttl=64 time=0.267 ms

And if I set up a second guest (running sysrescueCD, but it isn't important what) on the #7 VLAN, I'm able to ping the first guest without problems.

I moved the physical connection to a different switch (but same VLAN configuration for that port) in order to monitor traffic and what I found is that the traffic OUTBOUND from the domU looks fine (for example, arp requests look fully formed and are tagged for VLAN7), but responses don't appear to make it from the network to the domU (the do go down the wire to the dom0 actual physical NIC). With dom0 having an active IP on VLAN7, I see that dom0 is also unable to communicate over VLAN7 to the outside world either.

Partial tcpdump on dom0 xapi7:

08:22:27.674617 arp who-has 192.168.30.237 tell 192.168.30.200
08:22:28.675624 arp who-has 192.168.30.237 tell 192.168.30.200
08:22:29.676596 arp who-has 192.168.30.237 tell 192.168.30.200

Partial tcpdump on 192.168.30.237 against the same VLAN (these clocks are not in sync as dom0 doesn't have NTP connectivity, but .237 does)

08:22:29.139872 ARP, Request who-has 192.168.30.237 tell 192.168.30.200, length 42
08:22:29.139895 ARP, Reply 192.168.30.237 is-at 00:16:36:7e:56:cb, length 28
08:22:30.140866 ARP, Request who-has 192.168.30.237 tell 192.168.30.200, length 42
08:22:30.140885 ARP, Reply 192.168.30.237 is-at 00:16:36:7e:56:cb, length 28
08:22:31.141864 ARP, Request who-has 192.168.30.237 tell 192.168.30.200, length 42
08:22:31.141886 ARP, Reply 192.168.30.237 is-at 00:16:36:7e:56:cb, length 28

So I'm assuming there is something I'm doing wrong with the openvswitch setup within dom0, but I have no idea what it is.

On Fri, Sep 17, 2010 at 2:33 PM, Tundra Slosek <ivoryring@xxxxxxxxx> wrote:
Setting up XCP 0.5, I've used OpenXenCenter to create our VLANs. The network switch has the admin VLAN set to untagged, all others set to tagged (for our Xen 3.1/3.2 Debian dom0 machines we set all VLANs tagged - but they use vconfig/brctl not openvswitch so my experience from them doesn't seem to be helpful).

I have (pfSense 1.2.3) guest (for the purpose of this test, IP 192.168.30.200) on two VLANs, however the traffic doesn't seem to be leaving the XCP host (management IP is 192.168.31.51) correctly.

From the XCP command prompt, if I use tcpdump, I see network traffic on the interface named xapi7. tcpdump on eth0 definitely shows something strange, as if I ask it to filter to just arp traffic, it doesn't show traffic from the guest, but if I ask it to show all traffic and grep the output for arp, it shows traffic from the guest. I am suspecting two things but not sure how to prove them: a.) tcpdump on XCP 0.5 doesn't understand VLAN tags. b.) I am not passing the VLAN tags up to the network switch correctly so the packets are just falling on the floor.

Unless I'm misunderstanding something, tcpdump against xapi7 should show all traffic that the network switch hands down to the NIC that is tagged for VLAN 7 - my tcpdump of xapi7 shows this is not working as I expect.

[root@nnexen1 log]# xe vm-vif-list vm=cmgate3left
uuid ( RO)                  : 6889e3dc-aeb4-eb2d-3664-0af2f2ebd3c1
         vm-name-label ( RO): cmgate3left
                device ( RO): 2
                   MAC ( RO): 4a:f2:73:9c:6b:7b
          network-uuid ( RO): 7dcd9c10-87fd-2b51-ca1b-ab7b16ee8f2b
    network-name-label ( RO): cminternet0


uuid ( RO)                  : 641782d8-c752-97ae-9fdf-c806d8b5e775
         vm-name-label ( RO): cmgate3left
                device ( RO): 1
                   MAC ( RO): 7e:de:c8:f0:71:8e
          network-uuid ( RO): 548ade1a-4f24-ab08-9dbd-3ce7bd90f347
    network-name-label ( RO): cmguest0


[root@nnexen1 log]# xe network-param-list uuid=548ade1a-4f24-ab08-9dbd-3ce7bd90f347
uuid ( RO)                : 548ade1a-4f24-ab08-9dbd-3ce7bd90f347
          name-label ( RW): cmguest0
    name-description ( RW):
           VIF-uuids (SRO): 641782d8-c752-97ae-9fdf-c806d8b5e775
           PIF-uuids (SRO): dd30f6d6-cf69-4132-95bb-d3ccf31c86d4
                 MTU ( RW): 1500
              bridge ( RO): xapi7
        other-config (MRW): automatic: false
               blobs ( RO):


[root@nnexen1 log]# xe pif-list uuid=dd30f6d6-cf69-4132-95bb-d3ccf31c86d4
uuid ( RO)                  : dd30f6d6-cf69-4132-95bb-d3ccf31c86d4
                device ( RO): eth0
    currently-attached ( RO): true
                  VLAN ( RO): 7
          network-uuid ( RO): 548ade1a-4f24-ab08-9dbd-3ce7bd90f347

[root@nnexen1 log]# tcpdump -n -c 3 -i xapi7
tcpdump: WARNING: xapi7: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on xapi7, link-type EN10MB (Ethernet), capture size 96 bytes
14:22:30.031651 arp who-has 192.168.30.237 tell 192.168.30.200
14:22:31.032574 arp who-has 192.168.30.237 tell 192.168.30.200
14:22:32.033560 arp who-has 192.168.30.237 tell 192.168.30.200
3 packets captured
3 packets received by filter
0 packets dropped by kernel

[root@nnexen1 log]# tcpdump -n -i eth0 port not 22 and port not https | grep arp
tcpdump: WARNING: eth0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
14:24:14.065131 arp who-has 192.168.31.38 tell 192.168.31.51
14:24:14.136640 arp who-has 192.168.30.237 tell 192.168.30.200
14:24:15.065282 arp who-has 192.168.31.38 tell 192.168.31.51
14:24:15.137645 arp who-has 192.168.30.237 tell 192.168.30.200

[root@nnexen1 log]# tcpdump -n -i eth0 arp
tcpdump: WARNING: eth0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
14:24:26.095128 arp who-has 192.168.31.38 tell 192.168.31.51
14:24:27.095189 arp who-has 192.168.31.38 tell 192.168.31.51


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.