|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] xen 4.3 - bridge with bonding under Debian Wheezy
On Wed, Aug 21, 2013 at 9:23 AM, Alexandre Kouznetsov <alk@xxxxxxxxxx> wrote: > Hello. > > El 21/08/13 09:11, Shane Johnson escribió: > >> On Tue, Aug 20, 2013 at 3:52 PM, Alexandre Kouznetsov <alk@xxxxxxxxxx> >> wrote: >> <snip> >>> >>> >>> If you are asking me, I do have a working setup, but on Debian Squeeze >>> (see >>> no hurry to upgrade). I would not expect it to be different on Wheezy. >>> >>> The thing that might be different, is that are at least two ways of doing >>> link aggregation with Xen (AFAIK). One is to create the bond with >>> ifenslave >>> (ifupdown serves as a nice wrapper to it), and then attach it to a >>> bridge, >>> this is the one I use. The other is to incorporate the physical >>> interfaces >>> directly to a bridge and manage them via Open vSwitch, this is the one I >>> have not played with yet. For example, XenServer (and XCP) uses Open >>> vSwitch. >>> >>> Greetings. >>> >>> -- >>> Alexandre Kouznetsov >>> >>> >>> _______________________________________________ >>> Xen-users mailing list >>> Xen-users@xxxxxxxxxxxxx >>> http://lists.xen.org/xen-users >> >> >> Alexandre, >> Thank you for the information. >> If you don't mind I have a couple of questions. >> What level did you set up your bond for? > > Don't mind at all. I use "mode 4" aka 802.3ad. > > >> Is your DOMU PV or HVM? > > It works with PV DomUs, but I recall using HVM DomUs with this setup as > well. > > >> Did you have to do anything special to make your method work? > > Not really, was little bit surprising. There is even another layer on top of > this, VLAN over bond. > > >> I created my bond and bridge in /etc/network/interfaces with eht0-eth3 >> in bond0(level 6) and then used bond0 for the bridge. From what you >> said, this sounds like I did it right. But every time I tried, the >> DOMU said it was connected to the internet, but wouldn't communicate >> with anything on the network. DOM0 worked fine. > > Sounds like to blame the firewall, but I guess it works with plain > interfaces without special netfilter configuration. I use a custom iptables > script to set the policy to DROP and allow only specific things. This are > the lines relevant for bridge forwarding on my Dom0: > iptables -A FORWARD -m physdev --physdev-in vif+ -j ACCEPT > iptables -A FORWARD -m physdev --physdev-out vif+ -j ACCEPT > The DomUs has their own firewalling rules. > > The console complains about it: > "physdev match: using --physdev-out in the OUTPUT, FORWARD and POSTROUTING > chains for non-bridged traffic is not supported anymore." > But since it's intended for bridged traffic, it works fine. > > Have you tried to debug your setup with tcpdump? > > > -- > Alexandre Kouznetsov > > > _______________________________________________ > Xen-users mailing list > Xen-users@xxxxxxxxxxxxx > http://lists.xen.org/xen-users Nope haven't had time to dig that far into it. I will see what comes up when I try it again. Hopefully I will get to it within the next day or so. Thank you for the information. Wish me luck. -- Shane D. Johnson IT Administrator Rasmussen Equipment _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxx http://lists.xen.org/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |