Hello. I''m new to the list and I hope this is not a FAQ. I searched the archives and didn''t find an answer... Quick question : Is there a limitation if the vif code cutting at 1500 bytes ?? I''m trying to implement an IPv6 router/Firewall (2 XenU) Xen 2.0.6, Linux 2.6 is used on xen0 and XenU. The physical machine has 2 interfaces, eth0 (which is connected to an ethernet, non 802.1q port ) and eth1 (which is connected to an ethernet 802.1q port) eth0 is connected to a bridge whith the first vif of the FW6, eth1 is connected to a bridge with the first vif of the router. (And, BTW 2nd vif of the FW6 & 1st vif of router 6 are connected via a third bridge) The idea is to get the 802.1Q port on the Router6 host (via the bridge), and then use virtual interfaces (eth1.xxx where xxx are the vlan ID) inside the XenU. Well, it works, only if I use mtu 1496 for the vifs. I know the physical interfaces (eepro1000) can cope with vlan natively. Don''t know for the bridge code but i''m not aware of limitations there. So it is a limitation on vif code ?? -- Yann Dupont, Cri de l''université de Nantes Tel: 02.51.12.53.91 - Fax: 02.51.12.58.60 - Yann.Dupont@univ-nantes.fr _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Hello. I''m new to the list and I hope this is not a FAQ. I searched the archives and didn''t find an answer... Quick question : Is there a limitation if the vif code cutting at 1500 bytes ?? I''m trying to implement an IPv6 router/Firewall (2 XenU) Xen 2.0.6, Linux 2.6 is used on xen0 and XenU. The physical machine has 2 interfaces, eth0 (which is connected to an ethernet, non 802.1q port ) and eth1 (which is connected to an ethernet 802.1q port) eth0 is connected to a bridge whith the first vif of the FW6, eth1 is connected to a bridge with the first vif of the router. (And, BTW 2nd vif of the FW6 & 1st vif of router 6 are connected via a third bridge) The idea is to get the 802.1Q port on the Router6 host (via the bridge), and then use virtual interfaces (eth1.xxx where xxx are the vlan ID) inside the XenU. Well, it works, only if I use mtu 1496 for the vifs. I know the physical interfaces (eepro1000) can cope with vlan natively. Don''t know for the bridge code but i''m not aware of limitations there. So it is a limitation on vif code ?? -- Yann Dupont, Cri de l''université de Nantes Tel: 02.51.12.53.91 - Fax: 02.51.12.58.60 - Yann.Dupont@univ-nantes.fr _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Yann Dupont wrote: [..]> The idea is to get the 802.1Q port on the Router6 host (via the bridge), > and then use virtual interfaces (eth1.xxx where xxx are the vlan ID) > inside the XenU. > > Well, it works, only if I use mtu 1496 for the vifs. > I know the physical interfaces (eepro1000) can cope with vlan natively. > Don''t know for the bridge code but i''m not aware of limitations there.This happens on real hardware too. The usual workaround is to set the eth0 to MTU 1504. Like this you can set the vlans to 1500. Never tried it in xen, thou... Peace, Nuno Silva _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Nuno Silva a écrit :> Yann Dupont wrote: > > [..] > >> The idea is to get the 802.1Q port on the Router6 host (via the bridge), >> and then use virtual interfaces (eth1.xxx where xxx are the vlan ID) >> inside the XenU. >> >> Well, it works, only if I use mtu 1496 for the vifs. >> I know the physical interfaces (eepro1000) can cope with vlan natively. >> Don''t know for the bridge code but i''m not aware of limitations there. > > > This happens on real hardware too. The usual workaround is to set the > eth0 to MTU 1504. Like this you can set the vlans to 1500. >Well, I Tried lots of things ( raise the MTU on physicall interface (dom0) , on the bridge (dom0), on the vifs (dom0/domU), etc etc) neither of this works (various errors). Don''t know where the limitation is : bridge or xen vif. I''ll now go for PCI virtualisation, as I really don''t have usage of THIS physical interface on dom0. I bet this will work. Thanks for your answer, -- Yann Dupont, Cri de l''université de Nantes Tel: 02.51.12.53.91 - Fax: 02.51.12.58.60 - Yann.Dupont@univ-nantes.fr _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Yann Dupont a écrit :>Nuno Silva a écrit : > > > >>Yann Dupont wrote: >> >>[..] >> >> >> >>>The idea is to get the 802.1Q port on the Router6 host (via the bridge), >>>and then use virtual interfaces (eth1.xxx where xxx are the vlan ID) >>>inside the XenU. >>> >>>Well, it works, only if I use mtu 1496 for the vifs. >>>I know the physical interfaces (eepro1000) can cope with vlan natively. >>>Don''t know for the bridge code but i''m not aware of limitations there. >>> >>> >>This happens on real hardware too. The usual workaround is to set the >>eth0 to MTU 1504. Like this you can set the vlans to 1500. >> >> >> >Well, I Tried lots of things ( raise the MTU on physicall interface >(dom0) , on the bridge (dom0), on the vifs (dom0/domU), etc etc) >neither of this works (various errors). > >Don''t know where the limitation is : bridge or xen vif. > >I''ll now go for PCI virtualisation, as I really don''t have usage of THIS >physical interface on dom0. >I bet this will work. > >Thanks for your answer, > > >Well. this is working as expected. Using the native interface in this domain gives me the full MTU, which proves that the problems lies in the bridge code, or in the vif code. Anyway, two minors things : As noted by someone else on the list, I had to enable "privileged guest (domain 0)" To have a working kernel. Just enabling physical device access isn''t sufficient. In fact, the kernel immediately crash. So it seems there is something broken here. Tried this with 2.0.6 and 2.0.testing (version of 07 18 2005) Other (minor) problem : Using a domain0 kernel works fine, But when I shutdown this domain, and re create it, most of the time physicall access to the net device (epro1000 if that matters) is not working anymore (the driver gives an error) Anyway ,this is great jobs, guys. -- Yann Dupont, Cri de l''université de Nantes Tel: 02.51.12.53.91 - Fax: 02.51.12.58.60 - Yann.Dupont@univ-nantes.fr _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users