|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] xen 4.3 - bridge with bonding under Debian Wheezy
Hello. El 21/08/13 09:11, Shane Johnson escribió: On Tue, Aug 20, 2013 at 3:52 PM, Alexandre Kouznetsov <alk@xxxxxxxxxx> wrote: <snip>If you are asking me, I do have a working setup, but on Debian Squeeze (see no hurry to upgrade). I would not expect it to be different on Wheezy. The thing that might be different, is that are at least two ways of doing link aggregation with Xen (AFAIK). One is to create the bond with ifenslave (ifupdown serves as a nice wrapper to it), and then attach it to a bridge, this is the one I use. The other is to incorporate the physical interfaces directly to a bridge and manage them via Open vSwitch, this is the one I have not played with yet. For example, XenServer (and XCP) uses Open vSwitch. Greetings. -- Alexandre Kouznetsov _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxx http://lists.xen.org/xen-usersAlexandre, Thank you for the information. If you don't mind I have a couple of questions. What level did you set up your bond for? Don't mind at all. I use "mode 4" aka 802.3ad. It works with PV DomUs, but I recall using HVM DomUs with this setup as well.Is your DOMU PV or HVM? Not really, was little bit surprising. There is even another layer on top of this, VLAN over bond.Did you have to do anything special to make your method work? Sounds like to blame the firewall, but I guess it works with plain interfaces without special netfilter configuration. I use a custom iptables script to set the policy to DROP and allow only specific things. This are the lines relevant for bridge forwarding on my Dom0:I created my bond and bridge in /etc/network/interfaces with eht0-eth3 in bond0(level 6) and then used bond0 for the bridge. From what you said, this sounds like I did it right. But every time I tried, the DOMU said it was connected to the internet, but wouldn't communicate with anything on the network. DOM0 worked fine. iptables -A FORWARD -m physdev --physdev-in vif+ -j ACCEPT iptables -A FORWARD -m physdev --physdev-out vif+ -j ACCEPT The DomUs has their own firewalling rules. The console complains about it:"physdev match: using --physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for non-bridged traffic is not supported anymore." But since it's intended for bridged traffic, it works fine. Have you tried to debug your setup with tcpdump? -- Alexandre Kouznetsov _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxx http://lists.xen.org/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |