I have been trying to convert an existing CentOS 5.4 / Gitco Xen 3.4.1 box to use bonded interfaces and have run into some problems. Before the change the box was a fairly standard config and had 2 x NICs, with eth0 being used by the Xen network-bridge script. I wanted to add a dual port NIC card and create two bonded interfaces: bond0 (storage and management): eth0, eth1 bond1 (public interface): eth2, eth3 I shutdown the box, added the card and brought it up in with the normal, non-xen kernel in single user mode. I added the bonds to modules.conf, added the interface and bond configs as required. I opted to reboot and go back into a non-Xen kernel and test out the bonds in runlevel 2 - all working and no errors. I edited the xend-config.sxp file and changed this line: (network-script ''network-bridge netdev=eth0 antispoof=yes'') to this: (network-script ''network-bridge netdev=bond1 antispoof=yes'') I then rebooted into the Xen dom0 kernel. I immediately started to see errors regarding the bonds. Something along the lines of "MAC address already in use". After googling I saw this was an issue in the past but not any more in CentOS 5.4 with Xen 3.4.1. The domUs started OK, but were not bridged to the external network (I could ping the dom0 address and other domUs, but the network gateway was unreachable). I tried various things to no avail, so I removed the bonds and simply set the network-bridge script to use eth3 (this was the easiest thing to do since I had already changed the switches over and didn''t want to remove the network card I had installed). Can anybody give me some pointers as to what the issue is and how to resolve it? - I currently use antispoofing with iptables and ebtables which is driven by the xen scripts, so I would prefer to keep that feature regardless of how the bonds are handled. Many thanks, Matt. _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
On Mon, Mar 22, 2010 at 12:39:20PM -0000, Matthew Law wrote:> I have been trying to convert an existing CentOS 5.4 / Gitco Xen 3.4.1 box > to use bonded interfaces and have run into some problems. > > Before the change the box was a fairly standard config and had 2 x NICs, > with eth0 being used by the Xen network-bridge script. I wanted to add a > dual port NIC card and create two bonded interfaces: > > bond0 (storage and management): eth0, eth1 > > bond1 (public interface): eth2, eth3 > > I shutdown the box, added the card and brought it up in with the normal, > non-xen kernel in single user mode. I added the bonds to modules.conf, > added the interface and bond configs as required. I opted to reboot and > go back into a non-Xen kernel and test out the bonds in runlevel 2 - all > working and no errors. > > I edited the xend-config.sxp file and changed this line: > > (network-script ''network-bridge netdev=eth0 antispoof=yes'') > > to this: > > (network-script ''network-bridge netdev=bond1 antispoof=yes'') > > I then rebooted into the Xen dom0 kernel. > > I immediately started to see errors regarding the bonds. Something along > the lines of "MAC address already in use". After googling I saw this was > an issue in the past but not any more in CentOS 5.4 with Xen 3.4.1. The > domUs started OK, but were not bridged to the external network (I could > ping the dom0 address and other domUs, but the network gateway was > unreachable). > > I tried various things to no avail, so I removed the bonds and simply set > the network-bridge script to use eth3 (this was the easiest thing to do > since I had already changed the switches over and didn''t want to remove > the network card I had installed). > > Can anybody give me some pointers as to what the issue is and how to > resolve it? - I currently use antispoofing with iptables and ebtables > which is driven by the xen scripts, so I would prefer to keep that feature > regardless of how the bonds are handled. > >I prefer disabling Xen network-script from xend-config.sxp (comment out the line), and then set up the bonds/bridges using the distro default /etc/sysconfig/network-scripts/ifcfg* scripts. -- Pasi _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
On Mon, March 22, 2010 1:11 pm, Pasi Kärkkäinen wrote:> I prefer disabling Xen network-script from xend-config.sxp (comment out > the line), > and then set up the bonds/bridges using the distro default > /etc/sysconfig/network-scripts/ifcfg* scripts.Hi Pasi, I forgot to mention, in my desperation I tried that too - I created a bridge, br0 manually, attached bond1 and did as you say above, but xen appears not to be using it. I think this may point to a config error on my part with the bonds (especially since the box was already running with two NICs). I am still looking into it now. If anyone could provide an example I would be very grateful -I am frustrated and somewhat embarrassed that I haven''t been able to get this to work. It is such a simple thing! Thanks, Matt. _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
On Mon, Mar 22, 2010 at 08:32:40PM -0000, Matthew Law wrote:> > On Mon, March 22, 2010 1:11 pm, Pasi Kärkkäinen wrote: > > I prefer disabling Xen network-script from xend-config.sxp (comment out > > the line), > > and then set up the bonds/bridges using the distro default > > /etc/sysconfig/network-scripts/ifcfg* scripts. > > Hi Pasi, > > I forgot to mention, in my desperation I tried that too - I created a > bridge, br0 manually, attached bond1 and did as you say above, but xen > appears not to be using it. >You need to configure the guest vms to use the ''br0'' bridge then! Edit /etc/xen/<guest> cfgfiles, and specify the correct bridge for the vifs.> I think this may point to a config error on my part with the bonds > (especially since the box was already running with two NICs). I am still > looking into it now. > > If anyone could provide an example I would be very grateful -I am > frustrated and somewhat embarrassed that I haven''t been able to get this > to work. It is such a simple thing! >In /etc/xen/<guest>: vif = [ "mac=00:16:46:24:3d:f3,bridge=br0,script=vif-bridge" ] -- Pasi> > Thanks, > > Matt. >_______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Hello, Am 22.03.2010 um 13:39 Uhr schrieb "Matthew Law" <matt@webcontracts.co.uk>: [..]> bond0 (storage and management): eth0, eth1 > bond1 (public interface): eth2, eth3[..]> Can anybody give me some pointers as to what the issue is and how to > resolve it? - I currently use antispoofing with iptables and ebtables > which is driven by the xen scripts, so I would prefer to keep that feature > regardless of how the bonds are handled.which bonding mode did you choose? I had trouble setting up a bridge ontop of an active/active bonding. There seems to be layer 2 problems. I choosed to use active/passive bonding instead which works fine for me. -- greetings eMHa _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
On Fri, March 26, 2010 2:35 pm, Markus Hochholdinger wrote:> Hello, > > Am 22.03.2010 um 13:39 Uhr schrieb "Matthew Law" > <matt@webcontracts.co.uk>: > [..] >> bond0 (storage and management): eth0, eth1 >> bond1 (public interface): eth2, eth3 > [..] >> Can anybody give me some pointers as to what the issue is and how to >> resolve it? - I currently use antispoofing with iptables and ebtables >> which is driven by the xen scripts, so I would prefer to keep that >> feature >> regardless of how the bonds are handled. > > which bonding mode did you choose? I had trouble setting up a bridge ontop > of > an active/active bonding. There seems to be layer 2 problems. I choosed to > use active/passive bonding instead which works fine for me.I used mode4 (active/active) LACP as the switches supported it. Running under the normal linux kernel the bonding and aggregation worked fine. Under Xen it didn''t. I still have to address it but haven''t had time to look at it yet. Thank you to everyone who replied -I will figure out what it is and let the list know for reference. Cheers, Matt. _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users