[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-users] XCP 1.6 don’t pass throug all traffic to (tpcdump) snort

  • To: Xen-users@xxxxxxxxxxxxx
  • From: Mustafa Karci <mk@xxxxxxxxxxxxxxx>
  • Date: Fri, 1 Mar 2013 09:51:58 +0100
  • Delivery-date: Fri, 01 Mar 2013 08:53:20 +0000
  • List-id: Xen user discussion <xen-users.lists.xen.org>
Hi all,

I have been troubled with the traffic flow on the XCP 1.6 and XCP 0.5.

  • I have 4 servers in VLAN2 on port b12,b13,b14,b15 (these servers work on a XCP 0.5)
  • on port a3 have have mirrort al ports from a1,a2,a4-b24
  • have a other HP server with XCP1.6 with (Debian 6.0.6 as host) and install snort. this has 2 eth carts in it. Eth0 is plugt in the VLAN2 network and configured with ip andn eth1 is in the a3 mirror port. The eth1 is not configured with any IP address. This is only for listing.
  • have a AP in VLAN 4 on port a13
  • And other 8 VLAN for other purpose.


 a1 | a3            a13                              b12  b14                        b23
|--------------------------------------------------------------------------------------------------|
|    VLAN1        LAN3                           VLAN2                               |
|--------------------------------------------------------------------------------------------------|                     HP switch
|                                                         VLAN2                               |
|--------------------------------------------------------------------------------------------------|
 a2 | a4                                               b13   b15                       b24

Now the problem:
When I install snort on the a3 mirror port I do not get ICMP packet’s. I tried tcpdum -n -i eth1 proto ICMP en ping in de VLAN 2 from one server to the other but without success.

I tried the tcpdump also on de XCP1.6 host 'tcpdump -n -i eth1 proto ICMP' no success
, also i tried this with the xenbr1 and vif2.5 but still not getting any ICMP packets through. So i tried the XEN bridge - promiscous mode
brctl setageing xenbr1 0
ifconfig eth1 promisc
Still not working.

I tried this also on pif-param-set uuid=xxxxxxxx other-config:promiscous=´on´
and the vif-param-set uuid = xxxxxxx other-config:promiscous=´on´

still I can not see any ICMP packet getting through the XCP1.6 server.

I plug in a laptop with Ubuntu 12.04 and give the same tcpdump -n -i eth1 proto ICMP and with this I see all the ICMP packet’s coming through.

What is see is the next. When I ping in the VLAN 2 network from one server tot the other I do not get any ICMP packets on the XCP1.6 but when I ping from the VLAN 2 server to the switch I get only the request from the x.x.x.x -> x.x.x.x
whit my own pc I`m in the companys network i have added a route to this testing servers. But when i ping from the VLAN 2 server to my own pc i see the ICMP request and replay.

output of brctl show :

xenbr0        0000.e4115b0db5b4    no        eth0
                                                              vif2.3
xenbr1        0000.e4115b0db5b5    no        eth1
                                                              vif2.5

output pif-param-list uud=xxxxxxxx

device ( RO): eth1
                 MAC ( RO): xx:xx:xx:xx:xx:
                 physical ( RO): true
                 currently-attached ( RO): true
                 MTU ( RO): 1500
                 VLAN ( RO): -1
                 bond-master-of ( RO):
                 bond-slave-of ( RO): <not in database>
                 tunnel-access-PIF-of ( RO):
                 tunnel-transport-PIF-of ( RO):
                 management ( RO): false
                 network-uuid ( RO): xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
                 network-name-label ( RO): Pool-wide network associated with eth1
                 host-uuid ( RO): xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
                 host-name-label ( RO): test
                 IP-configuration-mode ( RO): None
                 IP ( RO):
                 netmask ( RO):
                 gateway ( RO):
                 IPv6-configuration-mode ( RO): None
                 IPv6 ( RO):
                 IPv6-gateway ( RO):
                 Primary-address-type ( RO): IPv4
                 DNS ( RO):
                 io_read_kbs ( RO): 7.491
                 io_write_kbs ( RO): 0.000
                 carrier ( RO): true
                 vendor-id ( RO): 8086
                 vendor-name ( RO): Intel Corporation
                 device-id ( RO): 10d3
                 device-name ( RO): 82574L Gigabit Network Connection
                 speed ( RO): 1000 Mbit/s
                 duplex ( RO): full
                 disallow-unplug ( RW): false
                 pci-bus-path ( RO): 0000:03:00.0
                 other-config (MRW): promiscous=on

on the interface vif2.5 i see lot of packet lost

vif2.5  Link encap:Ethernet  HWaddr xx:xx:xx:xx:xx
          UP BROADCAST RUNNING NOARP PROMISC  MTU:1500  Metric:1
          RX packets:6 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2199450 errors:0 dropped:32233 overruns:0 carrier:0
          collisions:0 txqueuelen:32
          RX bytes:384 (384.0 b)  TX bytes:327882492 (312.6 MiB)

So what am I doing wrong?

kind regards

MK




   

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
http://lists.xen.org/xen-users

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.