[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] xenbr0 / domU static IPs



And that's where the ghost comes alive :-D

Dne 20.5.2013 15:47, Simon Jones napsal(a):

It looks like one of my network admins has carved up this address space and pointed the numbers I was trying to use elsewhere, I’m getting them to find out what’s going on.  Anyway, I changed the static IP to 139.25 ifdown eth0 && ifup eth0 and hey presto, can ping out and all is good!  Thanks for your help guys, really appreciated.

 

From: Jan Hejl [mailto:jh@xxxxxxxxxx]
Sent: 20 May 2013 14:42
To: Simon Jones
Cc: xen-users@xxxxxxxxxxxxx
Subject: Re: [Xen-users] xenbr0 / domU static IPs

 

So far so good. And eth1 configuration?

Did you try tcpdump on dom0 to see what's happening there when you're pinging from domU?

Dne 20.5.2013 15:38, Simon Jones napsal(a):

#route –n

 

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

192.168.2.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0

195.2.139.0     0.0.0.0         255.255.255.0   U     0      0        0 xenbr0

0.0.0.0         195.2.139.1     0.0.0.0         UG    0      0        0 xenbr0

 

 

#ip route

 

192.168.2.0/24 dev eth0  proto kernel  scope link  src 192.168.2.4

195.2.139.0/24 dev xenbr0  proto kernel  scope link  src 195.2.139.4

default via 195.2.139.1 dev xenbr0

 

From: Jan Hejl [mailto:jh@xxxxxxxxxx]
Sent: 20 May 2013 14:35
To: Simon Jones
Cc: xen-users@xxxxxxxxxxxxx
Subject: Re: [Xen-users] xenbr0 / domU static IPs

 

No you don't have to, for now. Firewall looks clear, contains only irrelevant rules.

It's definately a network problem. Probably on dom0. Can you please check your dom0 routing table? With:

 
ip route show


And how is the eth1 on dom0 configured?

Dne 20.5.2013 15:25, Simon Jones napsal(a):

No firewall in the way;

 

root@xen-1:/etc/xen/scripts# iptables -L

Chain INPUT (policy ACCEPT)

target     prot opt source               destination        

 

Chain FORWARD (policy ACCEPT)

target     prot opt source               destination        

ACCEPT     all  --  anywhere             anywhere            PHYSDEV match --physdev-out vif4.0 --physdev-is-bridged

ACCEPT     udp  --  anywhere             anywhere            PHYSDEV match --physdev-in vif4.0 --physdev-is-bridged udp spt:bootpc dpt:bootps

ACCEPT     all  --  anywhere             anywhere            PHYSDEV match --physdev-out vif4.0 --physdev-is-bridged

ACCEPT     all  --  10.0.0.101           anywhere            PHYSDEV match --physdev-in vif4.0 --physdev-is-bridged

ACCEPT     all  --  anywhere             anywhere            PHYSDEV match --physdev-out vif3.0 --physdev-is-bridged

ACCEPT     all  --  anywhere             anywhere            PHYSDEV match --physdev-in vif3.0 --physdev-is-bridged

 

Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination        

 

it looks like it’s remembered a 10.0.0 address from when I set it up and hooked it in to the office dhcp server though, I’ll tidy that later.

 

It’s my network so there are no weird routing or blocked mac addresses other than the security stuff on the routers and core switches.

 

Do I have to restart Dom0 when changing the ip forwarding?

 

 

From: Jan Hejl [mailto:jh@xxxxxxxxxx]
Sent: 20 May 2013 14:20
To: Simon Jones
Cc: xen-users@xxxxxxxxxxxxx
Subject: Re: [Xen-users] xenbr0 / domU static IPs

 

Weird. What about your firewall? Specially FORWARD chain. Is somethnig there what can block traffic?

Are you sure that there's nothing (router / switch) that can block your traffic? Some hosting providers allow traffic only from dom0 MAC address everything else is dropped. Then you should set up routed network inside you dom0.

Dne 20.5.2013 15:09, Simon Jones napsal(a):

Aha! It’s set to 0,

 

echo "1"> /proc/sys/net/ipv4/ip_forward  has changed it to 1, still can’t ping anything other than Dom0 ip on both guests though.

 

 

 

From: Jan Hejl [mailto:jh@xxxxxxxxxx]
Sent: 20 May 2013 14:02
To: Simon Jones
Cc: xen-users@xxxxxxxxxxxxx
Subject: Re: [Xen-users] xenbr0 / domU static IPs

 

Thanks. It's more clearer now. :)

What "/proc/sys/net/ipv4/ip_forward" contains? 0 or 1? Should be set to 1.

Dne 20.5.2013 14:57, Simon Jones napsal(a):

The windows guest can also ping dom0 but again, can’t ping the gateway or anything else other than Dom0’s IP.  I can only get vnc to the windows machine and as such can’t copy/paste the output from ipconfig /all but it is all correct, static IP 195.2.139.196 / 255.255.255.0 / gateway 195.2.139.1 and our public recursor dns servers 195.2.130.8 / 200, should I check for something in particular?

 

Here’s how dom0 is configured;

 

# The loopback interface

auto lo

iface lo inet loopback

 

# Bridge Static Configuration

# (network, broadcast and gateway are optional)

auto xenbr0

iface xenbr0 inet static

        bridge_ports eth1

        address 195.2.139.4

        broadcast 195.2.139.255

        netmask 255.255.255.0

        network 195.2.139.0

        gateway 195.2.139.1

 

#Eth0 Static Configuration

auto eth0

iface eth0 inet static

        address 192.168.2.4

        netmask 255.255.255.0

 

Eth1 is the public port on the WAN and Eth0 is just our back-end admin lan so you can ignore that.  Dom0 works great, I can ping our and resolve DNS, ssh in from my office, all good.  The DomU’s just aren’t picking up the default gateway by the looks of it but CAN ping and reply to Dom0’s IP 195.2.139.4

 

When I try and ping the gateway 195.2.139.1 from the debian vm I get

 

From 195.2.139.170 icmp_seq=684 Destination Host Unreachable

 

195.2.139.170 is the static Ip given to the debian vm;

 

root@test-pv:~# ifconfig

eth0      Link encap:Ethernet  HWaddr 00:16:3e:14:d8:42 

          inet addr:195.2.139.170  Bcast:195.2.139.255  Mask:255.255.255.0

          inet6 addr: fe80::216:3eff:fe14:d842/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:3126 errors:0 dropped:0 overruns:0 frame:0

          TX packets:902 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:171271 (167.2 KiB)  TX bytes:85980 (83.9 KiB)

          Interrupt:17

 

lo        Link encap:Local Loopback 

          inet addr:127.0.0.1  Mask:255.0.0.0

          inet6 addr: ::1/128 Scope:Host

          UP LOOPBACK RUNNING  MTU:16436  Metric:1

          RX packets:6 errors:0 dropped:0 overruns:0 frame:0

          TX packets:6 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0

          RX bytes:672 (672.0 B)  TX bytes:672 (672.0 B)

 

Here’s some stuff from /var/log/messages so the bridge seems ok;

 

May 20 13:28:29 xen-1 kernel: [ 8367.944038] xenbr0: port 2(vif16.0) entering forwarding state

May 20 13:29:06 xen-1 kernel: [ 8403.989601] xenbr0: port 2(vif16.0) entering disabled state

May 20 13:29:06 xen-1 kernel: [ 8404.017006] xenbr0: port 2(vif16.0) entering disabled state

May 20 13:29:32 xen-1 kernel: [ 8430.910729] device vif17.0 entered promiscuous mode

May 20 13:29:32 xen-1 kernel: [ 8430.920869] xenbr0: port 2(vif17.0) entering learning state

May 20 13:29:33 xen-1 kernel: [ 8431.866548] blkback: ring-ref 8, event-channel 13, protocol 1 (x86_64-abi)

May 20 13:29:33 xen-1 kernel: [ 8431.894288] blkback: ring-ref 9, event-channel 14, protocol 1 (x86_64-abi)

May 20 13:29:47 xen-1 kernel: [ 8445.916079] xenbr0: port 2(vif17.0) entering forwarding state

 

From: Jan Hejl [mailto:jh@xxxxxxxxxx]
Sent: 20 May 2013 13:35
To: Simon Jones
Cc: xen-users@xxxxxxxxxxxxx
Subject: Re: [Xen-users] xenbr0 / domU static IPs

 

Thanks. So Debian domU works, that's good to know.

Can you please post "ipconfig /all" from Windows 8 domU? Can you also please check your logs (/var/log/xen/qemu-..., dmesg, syslog, windows event viewer) for errors?

Dne 20.5.2013 14:23, Simon Jones napsal(a):

ID 7 is a debian test vm I set up, I just reconfigured the networking on it and rebooted, now this one can ping dom0 static IP and receives a reply.  No reply when I try and ping the other windows guest, also get a reply when pinging the default gateway, all are on the same network.

 

root@test-pv:~# ifconfig

eth0      Link encap:Ethernet  HWaddr 00:16:3e:14:d8:42 

          inet addr:195.2.139.213  Bcast:195.2.139.255  Mask:255.255.255.0

          inet6 addr: fe80::216:3eff:fe14:d842/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:545 errors:0 dropped:0 overruns:0 frame:0

          TX packets:36 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:29480 (28.7 KiB)  TX bytes:3016 (2.9 KiB)

          Interrupt:17

 

From: Jan Hejl [mailto:jh@xxxxxxxxxx]
Sent: 20 May 2013 13:15
To: Simon Jones
Cc: xen-users@xxxxxxxxxxxxx
Subject: Re: [Xen-users] xenbr0 / domU static IPs

 

I suppose domU ID you described is 7, isn't it? Is the other domU - id 14 - able to reach the dom0 with ping?

Dne 20.5.2013 14:09, Simon Jones napsal(a):

Hi Jan,

 

Thanks – I should have included that but here you go;

 

bridge name     bridge id               STP enabled     interfaces

xenbr0          8000.00e081465f38       no              eth1

                                                        tap14.0

                                                        vif14.0

                                                        vif7.0

 

From: xen-users-bounces@xxxxxxxxxxxxx [mailto:xen-users-bounces@xxxxxxxxxxxxx] On Behalf Of Jan Hejl
Sent: 20 May 2013 12:52
To: xen-users@xxxxxxxxxxxxx
Subject: Re: [Xen-users] xenbr0 / domU static IPs

 

Hi Simon,

what does "brctl show" show? It should show xenbr0 and some vifX.Y (which is domU interface) device.

Jan

Dne 20.5.2013 13:36, Simon Jones napsal(a):

Hi,  I have a new xen hosting platform.  I have given the bridge a static IP which I can ping/ssh to etc, when I create a new vm all works well apart from the networking.  If I give DomU a static IP I can’t ping out from the box, Dom0 can’t ping the vm.  I’m suspecting it just isn’t seeing the bridge but am unsure where to start looking.  This is a very standard setup, 1 bridge: xenbr0

 

Here’s a config file for a windows guest but I get the same with windows or debian guests.

 

cat windows8.cfg

kernel = "/usr/lib/xen-4.0/boot/hvmloader"

builder='hvm'

memory = 4096

vcpus=1

name = "Windows8"

vif = ['bridge=xenbr0']

disk = ['phy:/dev/vg0/windows8,hda,w','file:/usr/src/windows8_x64.iso,hdc:cdrom,r']

acpi = 1

device_model = 'qemu-dm'

boot="d"

sdl=0

serial='pty'

vnc=1

vnclisten="0.0.0.0"

vncpasswd=""

usbdevice='tablet'

 










_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
http://lists.xen.org/xen-users

 

 

 

 

 

 

 


Attachment: smime.p7s
Description: Elektronicky podpis S/MIME

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
http://lists.xen.org/xen-users

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.