Patrick Finnegan
2008-Feb-18 23:57 UTC
[Xen-users] Arp problem with network bridging and VLANs
I''m attempting to put together a Xen box, which has multiple VLANs running into it, on one bridged interface. I mostly copied the way it was done here: http://renial.net/weblog/2007/02/27/xen-vlan/ I basically have: bond0 is the bond device (composed of eth0 and eth1), vlan757 is the vlan device for vlan 757 on bond0, and "xen757" is a bridge created by the above scripts, which has the vlan757 device in it, and which I am using for the Xen VM''s bridge interface. from ip addr show: -------- 2: eth0: <BROADCAST,MULTICAST,SLAVE,UP,10000> mtu 1500 qdisc pfifo_fast master bond0 qlen 1000 link/ether 00:14:4f:7d:8a:46 brd ff:ff:ff:ff:ff:ff 3: eth1: <BROADCAST,MULTICAST,SLAVE,UP,10000> mtu 1500 qdisc pfifo_fast master bond0 qlen 1000 link/ether 00:14:4f:7d:8a:46 brd ff:ff:ff:ff:ff:ff 6: bond0: <BROADCAST,MULTICAST,PROMISC,MASTER,UP,10000> mtu 1500 qdisc noqueue link/ether 00:14:4f:7d:8a:46 brd ff:ff:ff:ff:ff:ff inet 172.18.6.25/24 brd 172.18.6.255 scope global bond0 10: vlan757@bond0: <BROADCAST,MULTICAST,NOARP,MASTER,UP,10000> mtu 1500 qdisc noqueue link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff 24: xen757: <BROADCAST,MULTICAST,NOARP,UP,10000> mtu 1500 qdisc noqueue link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff --- (There''s a few more vlan and xen bridge devices than I show, but they all look the same as these, and aren''t currently being used.) from brctl show: ---- xen757 8000.feffffffffff no vlan757 vif10.0 ---- and on the domU guest: ---- eth0 Link encap:Ethernet HWaddr 00:16:3E:45:AD:38 inet addr:128.211.157.78 Bcast:128.211.157.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:11588 errors:0 dropped:0 overruns:0 frame:0 TX packets:373 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:863098 (842.8 KiB) TX bytes:24161 (23.5 KiB) --- The problem seems to be that arp replies don''t get passed through the bridge device (xen757) from vlan757 to vif10.0. I''ve messed around running tcpdump on the various interfaces, and I can see arp queries going out ok (and coming in ok, as other machines on the VLAN can send arp requests through to the domU guest, and replies go back ok). However, I can see the who-has arp replies on vlan757 and xen757, but they don''t show up when I have tcpdump listening to vif10.0 on the dom0 host. I''ve also noticed that (1) manually setting the arp entries on domU makes the domU host be able to talk to the other hosts ok, and (2) occasionally (but infrequently), arp replies do get all the way through to the domU guest. It seems that replies from the router (which is on a Cisco Cat 6509 FWIW) get through just fine, but replies from other hosts on the same subnet do not. Does anyone have any ideas? I''m running Debian/etch on the dom0 and domU hosts. Thanks, Pat -- Purdue University Research Computing -- http://www.itap.purdue.edu/rcac _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users