[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] VM bridge doesn't pass traffic

On Mon, 2016-01-18 at 11:42 +0100, David Winterstein wrote:
> Am 18.01.2016 um 11:20 schrieb Ian Campbell:
> > On Mon, 2016-01-18 at 10:06 +0100, David Winterstein wrote:
> > > Hey guys,
> > > 
> > > I've got a really strange issue with the networking on Debian 8.2
> > > with
> > > Xen 4.4, probably particularly regarding the network bridge between
> > > the
> > > host machine and the vm.
> > > I recently set up a server cluster consisting of two Debian Jessie
> > > servers in a pretty basic configuration with Xen 4.4 from the
> > > official
> > > repositories. I then configured corosync, pacemaker and DRBD to sync
> > > a
> > > root partition between the two nodes and installed a Debian Jessie VM
> > > on
> > > the master node.
> > > Everything worked fine so far, but when I wanted to start configuring
> > > the vm two days ago, I found that though the eth0 interface was up
> > > and
> > > running a correctly configured IP the vm didn't have any access to
> > > the
> > > network.
> > > I then proceeded to check every possible thing I could think of and
> > > am
> > > now at my wit's end.
> > > The bridge is brought up by the default vif-bridge script and
> > > running,
> > > as brctl shows:
> > > 
> > > bridge nameÂÂÂÂÂbridge idÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂSTP enabledÂÂÂÂÂinterfaces
> > > xenbr0ÂÂÂÂÂÂÂÂÂÂ8000.0cc47a781e22ÂÂÂÂÂÂÂnoÂÂÂÂÂÂÂÂÂÂÂÂÂÂeth0
> > > ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂvif1.0
> > > 
> > > The required iptables rules are correctly generated:
> > > 
> > > Chain INPUT (policy ACCEPT 22281 packets, 3522K bytes)
> > > Âpkts bytes targetÂÂÂÂÂprot opt inÂÂÂÂÂoutÂÂÂÂÂsource
> > > destination
> > > 
> > > Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
> > > Âpkts bytes targetÂÂÂÂÂprot opt inÂÂÂÂÂoutÂÂÂÂÂsource
> > > destination
> > > ÂÂÂÂ0ÂÂÂÂÂ0 ACCEPTÂÂÂÂÂallÂÂ--ÂÂ*ÂÂÂÂÂÂ*ÂÂÂÂÂÂÂ0.0.0.0/0
> > > 0.0.0.0/0ÂÂÂÂÂÂÂÂÂÂÂÂPHYSDEV match --physdev-out vif1.0 --physdev-is-
> > > bridged
> > > ÂÂÂÂ0ÂÂÂÂÂ0 ACCEPTÂÂÂÂÂallÂÂ--ÂÂ*ÂÂÂÂÂÂ*ÂÂÂÂÂÂÂ0.0.0.0/0
> > > 0.0.0.0/0ÂÂÂÂÂÂÂÂÂÂÂÂPHYSDEV match --physdev-in vif1.0 --physdev-is-
> > > bridged
> > > 
> > > Chain OUTPUT (policy ACCEPT 18929 packets, 3285K bytes)
> > > Âpkts bytes targetÂÂÂÂÂprot opt inÂÂÂÂÂoutÂÂÂÂÂsource
> > > destination
> > > 
> > > Strangely, the vif interface is shown as DOWN in ip a on the dom0:
> > > 
> > > 5: vif1.0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq
> > > master
> > > xenbr0 state DOWN group default qlen 32
> > > ÂÂÂÂlink/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
> > Does this indicate that the xenbr0 device itself is down, but vif1.0 is
> > up?
> > 
> > Please can you post the full output of "ip addr show" in your dom0 and
> > the
> > contents of your dom0 /etc/network/interfaces.
> > 
> > Ian.
> 
> Hi Ian!
> No, the xenbr0 itself is UP. See the command output below:

Yes, that does seem to be the case.
> 
> [11:25:57] root@XXXXX-web-node02:~# ip addr show
> [...]
> 2: eth0:  mtu 1500 qdisc mq master
> xenbr0 state UP group default qlen 1000
> ÂÂÂÂlink/ether 0c:c4:7a:78:1e:22 brd ff:ff:ff:ff:ff:ff
> [...]
> 4: xenbr0:  mtu 1500 qdisc noqueue
> state UP group default
> ÂÂÂÂlink/ether 0c:c4:7a:78:1e:22 brd ff:ff:ff:ff:ff:ff
> ÂÂÂÂinet 10.41.16.236/24 brd 10.41.16.255 scope global xenbr0
> ÂÂÂÂÂÂÂvalid_lft forever preferred_lft forever
> ÂÂÂÂinet6 fe80::ec4:7aff:fe78:1e22/64 scope link
> ÂÂÂÂÂÂÂvalid_lft forever preferred_lft forever

These two look pretty normal.

> 5: vif1.0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq master
> xenbr0 state DOWN group default qlen 32
> ÂÂÂÂlink/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff

This one seems odd though. Compared with a random vif I have on a test box:

6: vif2.0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master xenbr0 
state UP group default qlen 32
ÂÂÂÂlink/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
ÂÂÂÂinet6 fe80::fcff:ffff:feff:ffff/64 scope linkÂ
ÂÂÂÂÂÂÂvalid_lft forever preferred_lft forever

Specifically "NO-CARRIER" and "xenbr0 state DOWN" differ between my working
setup and yours.

> 
> [11:26:01] root@XXXXX-web-node02:~# cat /etc/network/interfaces
> # This file describes the network interfaces available on your system
> # and how to activate them. For more information, see interfaces(5).
> 
> source /etc/network/interfaces.d/*
> 
> # The loopback network interface
> auto lo
> iface lo inet loopback
> 
> # The primary network interface
> auto xenbr0
> allow-hotplug xenbr0

I think this probably doesn't matter, but I typically use only auto _or_
allow-hotplug, not both. Specifically I usually use just "auto" for any
fixed interfaces.

> iface xenbr0 inet static
> ÂÂÂÂÂÂÂÂaddress 10.41.16.236
> ÂÂÂÂÂÂÂÂnetmask 255.255.255.0
> ÂÂÂÂÂÂÂÂgateway 10.41.16.1
> ÂÂÂÂÂÂÂÂbridge_ports eth0

FWIW I also use:
  bridge_fd 0
ÂÂÂÂbridge_stp off

Not clear if that makes a difference in the way you are seeing though. I
don't think it should.

I should have asked for these last time, sorry, but could you also post
your guest cfg file and the output of "xenstore-ls -fp".

Are you creating a PV or HVM guest?

Could you also post any relevant logs from under /var/log/xen, mostly the
ones with the domain's name in the filename, but also anything to do with
hotplug if you have any files like that.

Lastly while I'm fishing for potential clues please could you post the
output of of "xl -vvv create <cfg>", the -vvv makes it much more verbose.

Ian.

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
http://lists.xen.org/xen-users

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.