[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-users] Dom0 domU bridge problem - virtualizing ISC DHCP server

  • To: xen-users <Xen-users@xxxxxxxxxxxxx>
  • From: Jakub Kulesza <jakkul@xxxxxxxxx>
  • Date: Sat, 20 Jul 2013 18:08:59 +0200
  • Delivery-date: Sat, 20 Jul 2013 16:10:50 +0000
  • List-id: Xen user discussion <xen-users.lists.xen.org>
Here's the thing.

I want to virtualize DHCP server off one of physical servers to a dedicated domU under XEN. And the thing does not respond to DHCP requests sent over broadcast.

The setting:

test - a test server with debian7
togusa - the old physical DHCP server (ISC) with gentoo 
dom0 - the dom0 with debian7
domU - the domU with ubuntu 12.04

I have ISC DHCP server installed on every machine. With the same configuration file. I test it with:
A dhcpcd -T
B dhcping without specifying target DHCP server
C dhcping with target DHCP server specified

With the DHCP server on the togusa server, all four machines can contact the DHCP server. 
With the DHCP server on the "test" server, everything goes as above.
If I start it on the domU or dom0 server, all 4 servers can only contact the DHCP server with method C.

I have tried it on a numer of XEN dom0/domU servers. All the same. I use mostly debian 6 or 7 for dom0 with xen 4.1 I believe.

The network card of the physical machine is combined into a bridge with eth0 on dom0 and corresponding vif interface of the domU. No problems with TCP/UDP connectivity.

Funny thing - if I ping the broadcast of the network, the dom0 and domU do not respond. 

I have no iptables rules on dom0 or domU. Only the basic provided by debian (iptables-save from dom0):
-A FORWARD -m state --state RELATED,ESTABLISHED -m physdev --physdev-out vif17.0 -j ACCEPT 
-A FORWARD -p udp -m physdev --physdev-in vif17.0 -m udp --sport 68 --dport 67 -j ACCEPT 
-A FORWARD -m state --state RELATED,ESTABLISHED -m physdev --physdev-out vif17.0 -j ACCEPT 
-A FORWARD -s 192.168.0.134/32 -m physdev --physdev-in vif17.0 -j ACCEPT 

(0.134 is the address of the domU, I have a feeling that the -dport 67 is added when xen detects the dhcpserver there)

I do not use etables to filter traffic over the bridge. 

Funny thing - If I start the DHCP server on dom0 or domU I can see, that some printers manage to get an IP address of the server. This seems ultra-strange.

Where should I start looking? What might be the connectivity problem?

--
Pozdrawiam
Jakub Kulesza 
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
http://lists.xen.org/xen-users

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.