Xen devel - Nov 2004 - network access disappears in master on /etc/init.d/xend start

hi,

i have made zero changes to the setup of the xend 2.0 code - everything
is as-is compiled from source off the sf.net site.

i ping 192.168.0.4 before starting /etc/init.d/xend, it hunky-dory.

i start xend: ping stops working as does everything else.

if i ping ftp.uk.debian.org, i get:

	"eth0: received packet with  own address as source address"

[including there being two spaces between with and own.]

yes, bridge is installed (no, i couldn''t find any debian
packages for xen 2.0 so yes, i had to manually apt-get install
bridge.  sorry, it''s a debian thing: sometimes i can''t quite
get my head round not having automatic dependency installs
for from-source builds :)

ifconfig shows that eth0 has a network address, that xen-br0 does not,
that lo does.

when i start a guest OS, that OS cannot ping the outside world.

ifconfig shows that eth0 has a network address, that xen-br0 does not,
that lo does.

if i then run dhclient3, such that xen-br0 is allocated an IP address,
then YES, sometimes i can get external access from the guest OS
(and sometimes the client becomes inaccessible, probably because the
 network is taken down and back up).

the xen "master" OS still has no network access.

help?

all my experiences with this bridging thing (previously i tried
setting up tinc) have proved fruitless or demonstrated that something
was not quite right and beyond my ability to fix.


other than the networking weirdness i am genuinely impressed with xen,
esp. as i''m running an selinux kernel.

l.

-- 
--
<a href="http://lkcl.net">http://lkcl.net</a>
--


-------------------------------------------------------
This SF.Net email is sponsored by: InterSystems CACHE
FREE OODBMS DOWNLOAD - A multidimensional database that combines
robust object and relational technologies, making it a perfect match
for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xen-devel

On Sun, Nov 21, 2004 at 11:59:47AM +0000, Luke Kenneth Casson Leighton
wrote:
> hi,
> 
> i have made zero changes to the setup of the xend 2.0 code - everything
> is as-is compiled from source off the sf.net site.
> 
> i ping 192.168.0.4 before starting /etc/init.d/xend, it hunky-dory.
> 
> i start xend: ping stops working as does everything else.
For debian/sarge+Xen I use the following setup:

I start xend from /etc/rcS.d/S38xend, so it''s before S39ifupdown.

My /etc/network/interfaces looks like this:

...
auto xen-br0
iface xen-br0 inet static
        address WHATEVER
        netmask WHATEVER
        gateway WHATEVER
        pre-up  /sbin/ifconfig eth0 up
....


Hope that helps.

	Gabor


-------------------------------------------------------
This SF.Net email is sponsored by: InterSystems CACHE
FREE OODBMS DOWNLOAD - A multidimensional database that combines
robust object and relational technologies, making it a perfect match
for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xen-devel

On Sun, Nov 21, 2004 at 11:59:47AM +0000, Luke Kenneth Casson Leighton
wrote:
> ifconfig shows that eth0 has a network address, that xen-br0 does not,
> that lo does.
Have you installed the iproute package, which provides the ip command
which we use to transfer the network addresses from eth0 to xen-br0?

The FAQ includes a list of debian packages you need to build and use
xen on a very minimal installation (clean install using debian
installer - no extra packages).

    christian



-------------------------------------------------------
This SF.Net email is sponsored by: InterSystems CACHE
FREE OODBMS DOWNLOAD - A multidimensional database that combines
robust object and relational technologies, making it a perfect match
for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xen-devel

On Sun, Nov 21, 2004 at 01:39:09PM +0000, Christian Limpach
wrote:
> On Sun, Nov 21, 2004 at 11:59:47AM +0000, Luke Kenneth Casson Leighton
wrote:
> > ifconfig shows that eth0 has a network address, that xen-br0 does not,
> > that lo does.
> 
> Have you installed the iproute package, which provides the ip command
> which we use to transfer the network addresses from eth0 to xen-br0?
 
 ah ha!  you are a star.

 i did wonder when i saw that command not being found: i just didn''t
 know it was in the iproute package.

 the rest of the packages i found as part of the build process due to
 some excellent notes / error message advice.


 
> The FAQ includes a list of debian packages you need to build and use
> xen on a very minimal installation (clean install using debian
> installer - no extra packages).
 faq, schmaq :)

 can i make a suggestion that a question be added "networking
 doesn''t appear to be working properly or stops working when
 in run xend, even though i have xen-br0 up and running and
 interfaces in the guest OSes are there"

 answer: if you have debian, make sure you install iproute and bridge
 packages (see section on list of debian packages required for xen).

 ta!

 l.

-- 
--
<a href="http://lkcl.net">http://lkcl.net</a>
--


-------------------------------------------------------
This SF.Net email is sponsored by: InterSystems CACHE
FREE OODBMS DOWNLOAD - A multidimensional database that combines
robust object and relational technologies, making it a perfect match
for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xen-devel

On Sun, Nov 21, 2004 at 02:37:12PM +0100, Vitez Gabor
wrote:
> On Sun, Nov 21, 2004 at 11:59:47AM +0000, Luke Kenneth Casson Leighton
wrote:
> > hi,
> > 
> > i have made zero changes to the setup of the xend 2.0 code -
everything
> > is as-is compiled from source off the sf.net site.
> > 
> > i ping 192.168.0.4 before starting /etc/init.d/xend, it hunky-dory.
> > 
> > i start xend: ping stops working as does everything else.
> 
> For debian/sarge+Xen I use the following setup:
> 
> I start xend from /etc/rcS.d/S38xend, so it''s before S39ifupdown.
> 
> My /etc/network/interfaces looks like this:
> 
> ...
> auto xen-br0
> iface xen-br0 inet static
>         address WHATEVER
>         netmask WHATEVER
>         gateway WHATEVER
>         pre-up  /sbin/ifconfig eth0 up
> ....
 
 well i haven''t a clue what effect it will have but i look forward to
 trying it out!!

 ta v. much,

 l.

-- 
--
<a href="http://lkcl.net">http://lkcl.net</a>
--


-------------------------------------------------------
This SF.Net email is sponsored by: InterSystems CACHE
FREE OODBMS DOWNLOAD - A multidimensional database that combines
robust object and relational technologies, making it a perfect match
for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xen-devel

On Sun, Nov 21, 2004 at 01:39:09PM +0000, Christian Limpach
wrote:
> On Sun, Nov 21, 2004 at 11:59:47AM +0000, Luke Kenneth Casson Leighton
wrote:
> > ifconfig shows that eth0 has a network address, that xen-br0 does not,
> > that lo does.
> 
> Have you installed the iproute package, which provides the ip command
> which we use to transfer the network addresses from eth0 to xen-br0?
 
 okay, now yes i have - and the same issue is present:

 bring up /etc/init.d/xend and networking disappears from the
 xen "master" - xenU.

 
 the scenario that i really want is for the xen network segment
 to be almost completely isolated - traffic out but no traffic in.
 i.e. for the guests to be on their own local network and with NAT or
 some other form of routing allowing them to make outgoing connections.

 does anyone have any suggestions as to how this could be achieved,
 without disrupting the xen master''s ability to send and receive
network
 traffic?

 tia,

 l.

-- 
--
<a href="http://lkcl.net">http://lkcl.net</a>
--


-------------------------------------------------------
This SF.Net email is sponsored by: InterSystems CACHE
FREE OODBMS DOWNLOAD - A multidimensional database that combines
robust object and relational technologies, making it a perfect match
for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xen-devel

> On Sun, Nov 21, 2004 at 01:39:09PM +0000, Christian Limpach wrote:
> > On Sun, Nov 21, 2004 at 11:59:47AM +0000, Luke Kenneth Casson Leighton
wrote:
> > > ifconfig shows that eth0 has a network address, that xen-br0 does
not,
> > > that lo does.
> > 
> > Have you installed the iproute package, which provides the ip command
> > which we use to transfer the network addresses from eth0 to xen-br0?
>  
>  okay, now yes i have - and the same issue is present:
> 
>  bring up /etc/init.d/xend and networking disappears from the
>  xen "master" - xenU.
Have you ipv6 addresses on your eth0 interface before running
''xend start'' ? The default /etc/xen/scripts/network script
stuffs
this case up.

You can always edit the above script to suit your needs.

Editing a ''bash -x'' in the first line shoul dgive you some
useful
debug output. 
 
>  the scenario that i really want is for the xen network segment
>  to be almost completely isolated - traffic out but no traffic in.
>  i.e. for the guests to be on their own local network and with NAT or
>  some other form of routing allowing them to make outgoing connections.
> 
>  does anyone have any suggestions as to how this could be achieved,
>  without disrupting the xen master''s ability to send and receive
network
>  traffic?
iptables and ebtables in dom0 will both work fine and can be used
to install arbitrary NAT or firewall rules to control when
traffic guests can send/receive. You may decide its easier to
route rather than bridge traffic. 

Having an iptables package which supports --physdev makes the
filter rules simpler.

Ian


-------------------------------------------------------
This SF.Net email is sponsored by: InterSystems CACHE
FREE OODBMS DOWNLOAD - A multidimensional database that combines
robust object and relational technologies, making it a perfect match
for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xen-devel

Disable ipv6 before you start up xend. As ian said in another email, the
xend scripts will reliably choke on the ipv6 addrs. 8-P

Dunno if the following Debian specific example will help any Debian fans
out there. The easiest thing to do is to disable IPv6 for now on
machines that use ifup/ifdown network script tools.

---- alternate network setup method - example only, alter to taste

WARNING: you can''t recursively call ifup/ifdown from within
ifup/ifdown.
8-( It will hang itself and then you are stuck unless you have serial or
local access. So any configuring withint the up, down, pre-up, post-down
lines MUST use the standard or other tools, never ifup/ifdown. I found
this out the hard way. :)

Add a xen-br0 interface to /etc/network/interfaces.
Do NOT add it to the "auto" list.

Next alter /etc/xen/scripts/network to do the following in the case
stanzas.

-- start
brctl addbr $br
brctl addif $br $dev
ifup xen-br0
ifconfig eth0 0.0.0.0.

-- stop
ifdown xen-br0, eth0
brctl delif $br $dev
ifconfig xen-br0 down
brctl delbr $br
ifup eth0

Note, this doesn''t handle any remaining vifx.x interfaces that the
bridge may have still. 8-P Cleaning up any residual vifs and domains is
up to you. You should be stoping all but domain-0 prior to messing with
the network.


------

Personally, I''d rather see a separate network start/stop script for the
bridge setup from the init.d/xend script. That way you can restart xend
without bombing your network.

Alternatively, you could just make scripts/network return true and
use /etc/network/interfaces and pre-up, up, down, post-down keys in the
interfaces to setup the bridges prior to launching xen. 

That''s my 0.02 cents. :) Hope it helps some people.

On Sun, 2004-11-21 at 14:37 +0100, Vitez Gabor wrote:
> On Sun, Nov 21, 2004 at 11:59:47AM +0000, Luke Kenneth Casson Leighton
wrote:
> > hi,
> > 
> > i have made zero changes to the setup of the xend 2.0 code -
everything
> > is as-is compiled from source off the sf.net site.
> > 
> > i ping 192.168.0.4 before starting /etc/init.d/xend, it hunky-dory.
> > 
> > i start xend: ping stops working as does everything else.
> 
> For debian/sarge+Xen I use the following setup:
> 
> I start xend from /etc/rcS.d/S38xend, so it''s before S39ifupdown.
> 
> My /etc/network/interfaces looks like this:
> 
> ...
> auto xen-br0
> iface xen-br0 inet static
>         address WHATEVER
>         netmask WHATEVER
>         gateway WHATEVER
>         pre-up  /sbin/ifconfig eth0 up
> ....
> 
> 
> Hope that helps.
> 
> 	Gabor
> 
> 
> -------------------------------------------------------
> This SF.Net email is sponsored by: InterSystems CACHE
> FREE OODBMS DOWNLOAD - A multidimensional database that combines
> robust object and relational technologies, making it a perfect match
> for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/xen-devel
-- 



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xen-devel

> Disable ipv6 before you start up xend. As ian said in another email, the
> xend scripts will reliably choke on the ipv6 addrs. 8-P
It''s probably trivial to fix. If someone posts the output of
running /etc/xen/scripts/network with ''bash -x'' it''ll
probably be
obvious what the problems is.

Ian


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xen-devel

I forgot to email the list as well earlier... so short repost...

I believe it''s the regex that is used in matching inet from the
"ip
addr" command. It should match "inet
[0-9]{1-3}\.[0-9]{1-3}\.[0-9]{1-3}\.[0-9]{1-3}" instead of anything
following "inet".

Since I had already setup network/interfaces scripting I haven''t
attempted to alter it. ;-P

On Sun, 2004-11-21 at 20:39 +0000, Ian Pratt wrote:
> > Disable ipv6 before you start up xend. As ian said in another email,
the
> > xend scripts will reliably choke on the ipv6 addrs. 8-P
> 
> It''s probably trivial to fix. If someone posts the output of
> running /etc/xen/scripts/network with ''bash -x''
it''ll probably be
> obvious what the problems is.
> 
> Ian
> 
> 
> -------------------------------------------------------
> SF email is sponsored by - The IT Product Guide
> Read honest & candid reviews on hundreds of IT Products from real
users.
> Discover which products truly live up to the hype. Start reading now. 
> http://productguide.itmanagersjournal.com/
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/xen-devel
-- 



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xen-devel

[Brian == brianw@terrabox.com on Mon, 22 Nov 2004 00:50:02 -0600]

  Brian> I believe it''s the regex that is used in matching inet from
  Brian> the "ip addr" command.

Note: one gets the same behavior if the ''ip'' command
doesn''t even
exist.  (ip is not present on a fresh Debian install)

I''m thinking that the code that handles this could use some additional
error checking and printed warnings when problems are detected.  Since
apparently a variety of weird configurations can break this part of
the code without any errors, it''s likely to generate email questions
from newbies that could be prevented.

I''m not volunteering at this time is work on better error checking;
it''s all working for me currently.

-- jared@wordzoo.com

"A pessimist is one who has been intimately acquainted with an
optimist."
        -- Elbert Hubbard


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xen-devel