[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Dom0 seeing traffic on br0 but it's not routing


  • To: xen-users@xxxxxxxxxxxxx
  • From: Alexandre Kouznetsov <alk@xxxxxxxxxx>
  • Date: Fri, 22 Nov 2013 15:09:19 -0600
  • Delivery-date: Fri, 22 Nov 2013 21:10:08 +0000
  • List-id: Xen user discussion <xen-users.lists.xen.org>

El 22/11/13 14:05, Glenn E. Bailey III escribió:
Iptables is off, and I've tried dropping the e1000 w/no luck.
"off", you mean, "iptables -L -v" displays no rules and the default policy is ACCEPT, right? iptables can't be "off" as is, it's just a tool to control netfilter, which is part of the kernel. It is normally on and permissive by default. By kernel's default, not necessarily by the OS default.

You might be on to something w/the switch idea. So are you saying
clone Dom0's MAC to DomU's and then see if I can ping the gateway from
DomU (You stated Dom0)?
Actually, quite opposite. I meant to state Dom0.

I'm assuming that the only difference the switch (and rest of your network) can see between traffic from Dom0 and DomU is the MAC address. So, since Dom0 is the one who has a known working configuration, let's see is the change we want to prove or discard as relevant, breaks things there. I would take DomU's MAC address, shut down DomU, assign that MAC to Dom0 and see if the rest of your network still want to play with it. If this break network for Dom0, you will have to talk to your network administrator. If the new MAC works fine, then you'll have to keep troubleshooting.

I guess it's possible to do this from the other end, borrowing dom0's MAC and giving it to DomU, but this will force you to get a new MAC for Dom0 anyway, since they can't share the same physical address. You also can't leave Dom0 without MAC at all. More steps, more complex, more things to keep in mind. Proof of concept tests shall be simple.

My own past experience I have referenced, had to do with VLAN misconfiguration in one case. In other case it was unusually long arp cache (around 4 hours) on a L3 switch (or a more robust router, maybe? it was out of my scope). That one took me days to troubleshoot and blame the network administrator.

BTW, you might consider to set up a fixed MAC address for your DomU.
http://wiki.xen.org/wiki/Xen_Networking#MAC_addresses

Greetings.

--
Alexandre Kouznetsov


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
http://lists.xen.org/xen-users


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.