[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] finding the source VM of local ip

Top-quoting is confusing.

Mofta7y wrote:
> I managed to see the MAC addresses of these local IPs using the brctl
> showmacs command.
> But these Macs are assigned to port 1.
> 
> looking at dmesg output it seems port 1 is the peth0 interface.
> 
> So I still couldnt find which VM/s is/are using those local IPs

Command output would be a lot more useful.  Are the MACs non-local, like 
I supposed they'd be?  That sounds like those MACs are elsewhere on the 
network.  I can't imagine why your machine would be processing them, 
then, unless you (mis)configured a bridge loop.

I'd need to see some output to make sense of this.  Start with the 
TCP_SYN communication, show some representative tcpdump output.  "brctl 
show" and the various "brctl showmacs", "ip link show", "ip address 
show", "ip route show".  /etc/network/interfaces.  Sounds like you're 
using the deprecated network-bridge script.  You haven't mentioned what 
OS distribution or version of Xen you're using.

> Mike wrote:
>> Mofta7y wrote:
>>> it seems that one or more VMs users in an Xen server has configured 
>>> a local ip range for communication between VMs
>>>
>>> now my main issue is to find out which VMs are using these local IPs
>>>
>>> I tried arping those ips and got their MAC address but this mac 
>>> address is not the mac address of any network interface in the server 
>> 
>> Not sure what you mean.  The MACs will probably be assigned to the 
>> domU-internal interfaces, not to any dom0 interface.
>> 
>>> we are using bridged domu networking
>>>
>>> anyone knows of any way to find which VMs are using these local IPs ? 
>> 
>> Try "brctl showmacs" on the domUs's bridge.  That should get you the 
>> port(s) of the MACs that you're seeing.  (I'd expect all those MACs to 
>> be non-local.)
>> 
>>> Also if there is no way to find who is using them can we just 
>>> prevent them from communicating with each other through dom0 ?
>> 
>> Iptables rules can handle that.  I find vif-bridge's handle_iptable 
>> rules to be too generous, so I use a modified script and code my own 
>> rules.

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
http://lists.xen.org/xen-users

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.