[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Re: [Xen-devel] xen 4.1.2* dhcp issue/bug when installing/booting HVM domU domains (CentOS 6, unbuntu 11.04 server). Debian/OpenSolaris work fine.

Am 16.08.2011 09:43, schrieb Pasi Kärkkäinen:

On Tue, Aug 16, 2011 at 01:16:18AM +0200, Mark Schneider wrote:

Am 16.08.2011 00:57, schrieb Mark Schneider:

Am 16.08.2011 00:23, schrieb Pasi Kärkkäinen:

On Mon, Aug 15, 2011 at 11:58:24PM +0200, Mark Schneider wrote:

      Pings from *centos-hvm* to default gateway *no ip-traffic
on peth0*



So here's your problem. Your bridge in dom0 is NOT forwarding the
packets out to peth0..




      root@xen411dom0:/ftp/HVM# tcpdump  -i eth0 'icmp[icmptype]
= icmp-echo and
      icmp[icmptype] != icmp-echoreply'
      tcpdump: verbose output suppressed, use -v or -vv for full
protocol decode
      listening on eth0, link-type EN10MB (Ethernet), capture
size 65535 bytes
      19:54:00.770442 IP 192.168.1.180>    192.168.1.1: ICMP echo
request, id 518,
      seq 23, length 64
      19:54:01.770958 IP 192.168.1.180>    192.168.1.1: ICMP echo
request, id 518,
      seq 24, length 64


So where are these packets going to ? They're not getting out of
dom0..

Do you have a firewall rule in dom0 that drops them?

Try these:
- In the HVM guest: run "arp -an" and check what MAC address you
see for the gateway-IP.
- In dom0: run "brctl showmacs eth0" and verify which port has
the MAC of the gateway.


[root@centoshvm ~]# arp -an
? (192.168.1.102) auf 00:1c:25:7e:fb:b7 [ether] auf eth0
? (192.168.1.124) auf b4:99:ba:c1:27:36 [ether] auf eth0


So the HVM guest has NOT received a MAC address for the gateway..
so ARP requests are not working from the HVM guest.

Do this:
- Shutdown the VM.
- Start the VM.
- Run tcpdump in dom0 (tcpdump -i tap<x>   -nn)
- Try pinging the gateway from the HVM guest.
- Paste the whole tcpdump output here.



root@xen411dom0:~# brctl showmacs eth0
port no mac addr                is local?       ageing timer
    6     00:16:3e:27:17:67       no                 3.22
    3     00:16:3e:27:20:67       no                40.85
    1     00:1c:25:7e:fb:b7       no                 0.00
    1     00:1d:7e:ad:35:a8       no                12.66
    1     b4:99:ba:c1:27:36       yes                0.00
    2     fe:ff:ff:ff:ff:ff       yes                0.00
root@xen411dom0:~# arp -an
? (192.168.1.102) auf 00:1c:25:7e:fb:b7 [ether] auf eth0
? (192.168.1.180) auf 00:16:3e:27:17:67 [ether] auf eth0
? (192.168.1.1) auf 00:1d:7e:ad:35:a8 [ether] auf eth0


Are you running some firewall (iptables or ebtables) in dom0 ?

No. It is plane wheezy with 3.0.1 kernel


and "iptables -L -n -v" does not list any rules?


root@xen411dom0:~# iptables -L -n -v
Chain INPUT (policy ACCEPT 232 packets, 25984 bytes)
pkts bytes target prot opt in out source destination 

Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in peth0 

Chain OUTPUT (policy ACCEPT 184 packets, 24528 bytes)
pkts bytes target prot opt in out source destination 
root@xen411dom0:~#


Trace inside HVM (s. default gateway: 192.168.1.1 is-at 00:1d:7e:ad:35:a8)
# ---------------------------
[root@centoshvm ~]# tcpdump -i eth0 -nn | tee /tmp/tcpdum-eth0.txt
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
01:05:31.996278 IP 192.168.1.180.22>  192.168.1.124.40173: Flags [P.],
seq 1128465923:1128466115, ack 1021543041, win 135, options [nop,nop,TS
val 1036128 ecr 3459996], length 192
01:05:31.998526 IP 192.168.1.124.40173>  192.168.1.180.22: Flags [.],
ack 192, win 176, options [nop,nop,TS val 3460006 ecr 1036128], length 0
01:05:55.401107 ARP, Request who-has 192.168.1.1 tell 192.168.1.180,
length 28
01:05:55.402608 ARP, Reply 192.168.1.1 is-at 00:1d:7e:ad:35:a8, length 46
01:05:55.402681 IP 192.168.1.180>  192.168.1.1: ICMP echo request, id
5894, seq 1, length 64
01:05:56.399192 IP 192.168.1.180>  192.168.1.1: ICMP echo request, id

So the HVM domU gets the correct MAC of the gateway,
and starts sending packets to it.

The next step would be to dump on eth0 on dom0.. do you see the same packets 
there?

At the same time also dump on peth0, do the packets go out there to the 
physical network?


# Requests and reply on peth0 are there:
18:06:00.324825 ARP, Request who-has 192.168.1.1 tell 192.168.1.180, length 28 
18:06:00.325012 ARP, Reply 192.168.1.1 is-at 00:1d:7e:ad:35:a8, length 46

# Requests and reply on eth0 are *also* there:
18:06:00.324825 ARP, Request who-has 192.168.1.1 tell 192.168.1.180, length 28 
18:06:00.325012 ARP, Reply 192.168.1.1 is-at 00:1d:7e:ad:35:a8, length 46
# There are ICMP requests on eth0 but look like that there are *not forwarded* to peth0. 18:06:00.334350 IP 192.168.1.180 > 192.168.1.1: ICMP echo request, id 55045, seq 1, length 64 18:06:01.324098 IP 192.168.1.180 > 192.168.1.1: ICMP echo request, id 55045, seq 2, length 64 

Any idea why? I have attached both tpcdumps.
I use the same dom0 domain for other HVMs like squeeze, wheezy or OpenSolaris and the work as expected. 

Thank you / regards, Mark

--
ms@xxxxxxxxxxxxxxxxxxxxxx

Attachment: tcpdump-dom0-eth0.txt.gz
Description: application/gzip

Attachment: tcpdump-dom0-peth0.txt.gz
Description: application/gzip

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.