Hi.
I''ve a Debian6 server, running kernel 2.6.32-5-xen-amd64, Xen
hypervisor 4.0.1-2.
It runs 2VM, an HVM firewall and a PV Ubuntu 10.04.
I''m experiencing terrible network performances on the main interface,
shared on both VMs and used as br0 on the dom0.
At first, I''m seeing the issue that network is stuck for some 20/30
seconds when the HVM machine boots. But that''s not a big deal, since
hopefully it won''t boot often.
Now I''m having this trouble that causes the VM not to answer to network
requests, i.e. samba locked, other web services not responding... After some
time everything comes back to normal.
The network card is an onboard Broadcom Corporation NetXtreme II BCM5716 Gigabit
Ethernet.
I see no error on syslog, dmesg, xend.log, xend-debug.log, and I don''t
know where else to search!
Any adivce on where to look at?
thanks
# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.9ef9b09dd270 no eth0
tap-vif-1.0
vif-1.0
vif4.0
br1 8000.2edf8e9d2372 no eth1
tap-vif-1.1
vif-1.1
br2 8000.001b218e9df1 no eth2
tap-vif-1.2
vif-1.2
vif4.1
br3 8000.001b218e9df0 no eth3
tap-vif-1.3
vif-1.3
vif4.2
br4 8000.001b2199ecdf no eth4
xend-config.sxp:
(xend-http-server yes)
(xend-unix-server yes)
(xend-relocation-server yes)
(xend-port 8000)
(xend-relocation-port 8002)
(vif-script ''vif-bridge name=br0'')
(dom0-min-mem 196)
(enable-dom0-ballooning yes)
(total_available_memory 0)
(dom0-cpus 0)
(vnc-listen ''0.0.0.0'')
(vncpasswd '''')
PV config:
name = "fileserver"
uuid = "e5791118-e139-1f87-1aa1-98b010e3ba9b"
maxmem = 5120
memory = 5120
vcpus = 4
bootloader = "/usr/lib/xen-4.0/bin/pygrub"
on_poweroff = "destroy"
on_reboot = "restart"
on_crash = "restart"
vfb = [ "type=vnc,vncunused=1,keymap=it" ]
disk = [ "phy:/dev/drbd/by-res/fileserver,xvda,w" ]
vif = [ "mac=00:16:36:4a:81:f6,bridge=br0,script=vif-bridge",
"mac=00:16:3e:48:93:eb,bridge=br2,script=vif-bridge",
"mac=00:16:3e:6a:bd:cd,bridge=br3,script=vif-bridge" ]
HVM config:
name = "efw"
uuid = "729db6a8-72e5-5205-02b6-6da26dbe5723"
maxmem = 1024
memory = 1024
vcpus = 1
builder = "hvm"
kernel = "/usr/lib/xen-default/boot/hvmloader"
boot = "dc"
pae = 1
acpi = 1
apic = 0
hap = 0
localtime = 0
on_poweroff = "destroy"
on_reboot = "restart"
on_crash = "restart"
device_model = "/usr/lib64/xen/bin/qemu-dm"
vfb = [ "type=vnc,vncunused=1,keymap=it" ]
disk = [ "phy:/dev/drbd/by-res/firewall,hda,w" ]
vif = [
"mac=00:16:36:49:81:97,bridge=br0,script=vif-bridge,vifname=vif-1.0",
"mac=00:16:36:da:8a:09,bridge=br1,script=vif-bridge,vifname=vif-1.1",
"mac=00:16:3e:6a:e0:be,bridge=br2,script=vif-bridge,vifname=vif-1.2",
"mac=00:16:3e:6a:a3:72,bridge=br3,script=vif-bridge,vifname=vif-1.3"
]
parallel = "none"
serial = "none"
--
Lorenzo Milesi - lorenzo.milesi@yetopen.it
YetOpen S.r.l. - http://www.yetopen.it/
Via Carlo Torri Tarelli 19 - 23900 Lecco - ITALY -
Tel 0341 220 205 - Fax 178 6070 222
GPG/PGP Key-Id: 0xE704E230 - http://keyserver.linux.it
-------- D.Lgs. 196/2003 --------
Si avverte che tutte le informazioni contenute in questo messaggio sono
riservate ed a uso esclusivo del destinatario. Nel caso in cui questo
messaggio Le fosse pervenuto per errore, La invitiamo ad eliminarlo
senza copiarlo, a non inoltrarlo a terzi e ad avvertirci non appena
possibile.
Grazie.
_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users
On Thu, Jun 30, 2011 at 12:14 AM, Lorenzo Milesi <lorenzo.milesi@yetopen.it> wrote:> Hi. > > I''ve a Debian6 server, running kernel 2.6.32-5-xen-amd64, Xen hypervisor 4.0.1-2. > It runs 2VM, an HVM firewall and a PV Ubuntu 10.04. > > I''m experiencing terrible network performances on the main interface, shared on both VMs and used as br0 on the dom0. > At first, I''m seeing the issue that network is stuck for some 20/30 seconds when the HVM machine boots. But that''s not a big deal, since hopefully it won''t boot often. > > Now I''m having this trouble that causes the VM not to answer to network requests, i.e. samba locked, other web services not responding... After some time everything comes back to normal. > > The network card is an onboard Broadcom Corporation NetXtreme II BCM5716 Gigabit Ethernet. > > I see no error on syslog, dmesg, xend.log, xend-debug.log, and I don''t know where else to search! > Any adivce on where to look at?The first place I''d look would be the switch. Some switches are set so that if there''s arp change on a port, it would re-learn the topology to prevent loop, and possibly causing all traffic to stop being forwarded temporarily. The EASIEST way to check this: - install libvirt-bin, which would provide virbr0 and NAT - set your HVM guest to use virbr0 The point is to make sure that you do NOT add a new MAC address to the port (in this case by using NAT provided by virbr0). If that works, than you can decide either to use virbr0, or setup such bridge manually (e.g. through manual use of brctl and iptables), or try to make vif-nat work (which, in some case, can be a PITA). -- Fajar _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Thanks for your reply!> The first place I''d look would be the switch.> The EASIEST way to check this: > - install libvirt-bin, which would provide virbr0 and NAT > - set your HVM guest to use virbr0NAT means that the VM won''t have an IP of the local lan, and cannot be reached by other hosts. I have running services there (smb, web)... thanks -- Lorenzo Milesi - lorenzo.milesi@yetopen.it YetOpen S.r.l. - http://www.yetopen.it/ Via Carlo Torri Tarelli 19 - 23900 Lecco - ITALY - Tel 0341 220 205 - Fax 178 6070 222 GPG/PGP Key-Id: 0xE704E230 - http://keyserver.linux.it -------- D.Lgs. 196/2003 -------- Si avverte che tutte le informazioni contenute in questo messaggio sono riservate ed a uso esclusivo del destinatario. Nel caso in cui questo messaggio Le fosse pervenuto per errore, La invitiamo ad eliminarlo senza copiarlo, a non inoltrarlo a terzi e ad avvertirci non appena possibile. Grazie. _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
> > > NAT means that the VM won''t have an IP of the local lan, and cannot be > reached by other hosts. I have running services there (smb, web)... > >Actually this is not true. The VM will have a different IP and will not be accessed directly from physical hosts. But there is a thing called "port redirection". I don''t know if you are familiar with it, but the basics are that you link a port of the "outside" interface to a port on your VM. That way if you want to access port 80 on the VM, you can redirect, for example, port 34564 of the host to port 80 to the VM (you can also redirect 80 to 80, just different IPs). If you have a just a few ports that you need to do this for it will work, but if there is something that dynamically opens ports it will be difficult. Hope this helps you! Regards, Vasil Valchev _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
hi> The first place I''d look would be the switch. Some switches are set so > that if there''s arp change on a port, it would re-learn the topology > to prevent loop, and possibly causing all traffic to stop being > forwarded temporarily.I tried changing the switch, but sadly this didn''t solve the issue. I''m still not totally sure it''s Xen related. Another VM, the firewall, running on the same interface where I have problems, doesn''t seem to suffer the same, on this subnet. Instead, I''m having issues on another interface, the one facing the router, because I get OpenVPN reset every minute. Both VMs have very low cpu and network load according to stats, so I''d exclude performance problems. Any advice is welcome! thanks -- Lorenzo Milesi - lorenzo.milesi@yetopen.it YetOpen S.r.l. - http://www.yetopen.it/ Via Carlo Torri Tarelli 19 - 23900 Lecco - ITALY - Tel 0341 220 205 - Fax 178 6070 222 GPG/PGP Key-Id: 0xE704E230 - http://keyserver.linux.it -------- D.Lgs. 196/2003 -------- Si avverte che tutte le informazioni contenute in questo messaggio sono riservate ed a uso esclusivo del destinatario. Nel caso in cui questo messaggio Le fosse pervenuto per errore, La invitiamo ad eliminarlo senza copiarlo, a non inoltrarlo a terzi e ad avvertirci non appena possibile. Grazie. _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Do you have a MAC or IP conflict? Do "ifconfig -a" on all affected VMs. Check if there are any duplications. Lorenzo Milesi <lorenzo.milesi@yetopen.it> wrote:>hi > >> The first place I''d look would be the switch. Some switches are set so >> that if there''s arp change on a port, it would re-learn the topology >> to prevent loop, and possibly causing all traffic to stop being >> forwarded temporarily. > >I tried changing the switch, but sadly this didn''t solve the issue. >I''m still not totally sure it''s Xen related. Another VM, the firewall, running on the same interface where I have problems, doesn''t seem to suffer the same, on this subnet. Instead, I''m having issues on another interface, the one facing the router, because I get OpenVPN reset every minute. > >Both VMs have very low cpu and network load according to stats, so I''d exclude performance problems. > >Any advice is welcome! >thanks >-- >Lorenzo Milesi - lorenzo.milesi@yetopen.it > >YetOpen S.r.l. - http://www.yetopen.it/ >Via Carlo Torri Tarelli 19 - 23900 Lecco - ITALY - >Tel 0341 220 205 - Fax 178 6070 222 > >GPG/PGP Key-Id: 0xE704E230 - http://keyserver.linux.it > >-------- D.Lgs. 196/2003 -------- > >Si avverte che tutte le informazioni contenute in questo messaggio sono >riservate ed a uso esclusivo del destinatario. Nel caso in cui questo >messaggio Le fosse pervenuto per errore, La invitiamo ad eliminarlo >senza copiarlo, a non inoltrarlo a terzi e ad avvertirci non appena >possibile. >Grazie. > > >_______________________________________________ >Xen-users mailing list >Xen-users@lists.xensource.com >http://lists.xensource.com/xen-users_______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users