[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-users] Question regarding xen networking (bonding, xen-bridging)

To: <xen-users@xxxxxxxxxxxxx>
From: Jonas Meurer <jonas@xxxxxxxxxxxxxxx>
Date: Mon, 18 Feb 2013 12:47:15 +0100
Delivery-date: Mon, 18 Feb 2013 11:48:24 +0000
List-id: Xen user discussion <xen-users.lists.xen.org>

Hello,

I fail to fully understand the xen bridge networking concept. Inparticular, the relation between bonding, bridging and Vlans is notclear to me. I have to admit that I'm not a network/bridging/routingexpert at all. I'll try to explain setup and problem in detail. Pleaseapologize if anything sounds illegitimate or absurd to you, or if Imissed important information. My system is a Debian/Wheezy

Usually, we use a setup with different Vlan tags for each domU.Eth0/bond0 on the dom0 are untagged. For every domU, we create ainterface 'vlanXXX' with eth0/bond0 as raw device, and a bridge 'brXXX'with the vlan interface as bridge port. brXXX is the bridge used for thedomU:


auto vlanXXX
iface vlanXXX inet manual
    vlan_raw_device bond0

auto brXXX
iface brXXX inet manual
    bridge_ports vlanXXX
    bridge_stp off
    bridge_fd 0

This works quite well. But now I tried (and until now failed) to setupa Xen host with bridging, and dom0 + domUs in the same network (no Vlanmanagement on dom0). After quite some time I got it working half theway. The bond0 device is set up as manual, and a bridge 'xenbr0' iscreated with interface 'bond0' as bridge port. The domU uses 'xenbr0' asbridge:

On the dom0 LAN connection works as expected. Gateway responds,connection to the internet works. Dom0 and domU see each other.

But from domU, everything beyond the dom0 is unreachable, e.g. thegateway doesn't respond. MAC address from the domU is propagated toswitches and gateway, I can see it in the arp table. In other words, thepackets from domU find their way out, but the responding packets don'tfind their way back. A quick look at the iptables rules on dom0 give methe impression, that dom0 doesn't know how to handle packets for domU:


# iptables -L FORWARD
Chain FORWARD (policy ACCEPT)
target   prot opt source     destination

ACCEPT all -- anywhere anywhere PHYSDEV match --physdev-outvif1.0 --physdev-is-bridgedACCEPT udp -- anywhere anywhere PHYSDEV match --physdev-invif1.0 --physdev-is-bridged udp spt:bootpc dpt:bootpsACCEPT all -- anywhere anywhere PHYSDEV match --physdev-outvif1.0 --physdev-is-bridgedACCEPT all -- <DOMU-IP> anywhere PHYSDEV match --physdev-invif1.0 --physdev-is-bridged

The last rule seems to accept packets with domU-IP as source, but Icannot find a rule which handles incoming packets for domU. In otherwords, the dom0 doesn't know what to do with packets for the domU. Is myassumption correct? If yes, why is this the case? Is it related tointerface bonding?


I don't get the picture, maybe you can help me :)

Kind regards,
 jonas


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
http://lists.xen.org/xen-users

Follow-Ups:
- Re: [Xen-users] Question regarding xen networking (bonding, xen-bridging)
  - From: Alexandre Kouznetsov

Prev by Date: Re: [Xen-users] [Pkg-xen-devel] Recent hypervisor update on Debian Wheezy breaks domU networking
Next by Date: [Xen-users] Please question about xenstore
Previous by thread: [Xen-users] Xen 4.2.1 unable to get domain type for domid
Next by thread: Re: [Xen-users] Question regarding xen networking (bonding, xen-bridging)
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.