Xen users - Oct 2009 - Shorewall-Xen problems... (Cross-posted to Xen and Shorewall mailing lists)

I have recently replaced my external firewall with a Shorewall setup in
a Xen DomU domain similar to what''s described in
http://www.shorewall.net/XenMyWay.html.  I''m using PCI pass-through to
isolate two NICs in the Shorewall DomU, using one of the NICs for the
net and one for my lan.  I am also using a bridge off of a dummy
interface (pdummy0 as the physical interface; dummy0 in Dom0) to provide
network access to Dom0 and other DomU''s running on the same box.

On at least an intermittent basis, if I try to download a large file in
Dom0 (for example, upgrading a large Debian package via apt-get) the
dummy bridge goes down and I lose all network connectivity to Dom0 and
the non-Shorewall DomU''s.  (I believe this may have also happened once
during a download from a non-Shorewall DomU, but to date I''ve only
recreated it with Dom0).  I can generally restore function with the
following commands in Dom0:  "ifconfig dummy0 down; ifconfig pdummy0
down; ifconfig pdummy0 up; ifconfig dummy0 up" (on at least one
occasion, I also had to correct the routing policies to send everything
through dummy0).

I have found no logs reflecting any error messages at the time of the
network outages (have checked sylog, dmesg, and xen logs).

Does anyone have any thoughts?

Thanks,

Seth Green