Xen users - Sep 2005 - Re: Xen on production enviroment

> I tried every possible network setup, routed, bridged-new, bridged-old,
> all to no avail. I ended up with the old style bridged setup because it
> was the last one I tried.
> Everything else works, I evenhave a DHCP server in one of the guest
> domains, which serves machines on a different subnet from the rest of
> the machines, and everything works fine (as it was before), but I
> cannot, for instance, ssh from Domain_0 to a guest domain.
> I can ssh to anyother machine and ssh back to the guest domain from
> there, and it works fine, only the direct connection fails, it hangs
> never completes. I even used ethereal to try to figure what was going
> on, but couldn''t find anything, the connection just hangs there
waiting
> for a packet that never arrives.
Sounds like the problem I have been experiencing.

If you examine your packet capture carefully on the failed
connections, you will probably see some transport layer checksum
errors (tcp/udp.)

If you want a routed setup, a workaround is to build gre tunnels over
the top of the Dom0 vifX.0 <-> guest eth0 links.

The new style bridged setup works, with the apparent limitation that
Dom0 can now only be attached to one bridge group.

If I remember correctly, vif0.0 should be bridged with vifX.0. veth0
should be assigned an appropriate address for your network.
Dom0 veth0 is the equivalent of eth0 in a guest, vif0.0 being the
matching end of the virtual link.

Outside network access should work if you bridge eth0 in the same
bridge group. Have fun if you want to run a firewall...

Tim:>


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

On Wed, 2005-09-07 at 10:07 -0400, Tim Durack wrote:
> > I tried every possible network setup, routed, bridged-new,
bridged-old,
> > all to no avail. I ended up with the old style bridged setup because
it
> > was the last one I tried.
> 
> > Everything else works, I evenhave a DHCP server in one of the guest
> 
> > domains, which serves machines on a different subnet from the rest of
> > the machines, and everything works fine (as it was before), but I
> > cannot, for instance, ssh from Domain_0 to a guest domain.
> 
> 
> > I can ssh to anyother machine and ssh back to the guest domain from
> > there, and it works fine, only the direct connection fails, it hangs
> > never completes. I even used ethereal to try to figure what was going
> 
> > on, but couldn''t find anything, the connection just hangs
there waiting
> > for a packet that never arrives.
> 
> Sounds like the problem I have been experiencing.
> 
> If you examine your packet capture carefully on the failed connections, you
will probably see some transport layer checksum errors (tcp/udp.)
> 
> 
> If you want a routed setup, a workaround is to build gre tunnels over the
top of the Dom0 vifX.0 <-> guest eth0 links.
> 
> The new style bridged setup works, with the apparent limitation that Dom0
can now only be attached to one bridge group.
> 
> 
> If I remember correctly, vif0.0 should be bridged with vifX.0. veth0 should
be assigned an appropriate address for your network.
> Dom0 veth0 is the equivalent of eth0 in a guest, vif0.0 being the matching
end of the virtual link.
> 
> 
> Outside network access should work if you bridge eth0 in the same bridge
group. Have fun if you want to run a firewall...
> 
> Tim:>
<snip>
Hmmm . . . I''ll take a stab in the dark at this.  I''ve seen
those types
of errors with checksum offloading.  Someone on this list in reply to a
problem I was having mentioned that unstable implements checksum
offloading.  What happens if you disable it? - John
-- 
John A. Sullivan III
Open Source Development Corporation
+1 207-985-7880
jsullivan@opensourcedevel.com

If you would like to participate in the development of an open source
enterprise class network security management system, please visit
http://iscs.sourceforge.net


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Tried various combinations of disabling offloading using ethtool.
Hasn''t
worked for me so far.

Tim:>

On 9/7/05, John A. Sullivan III <jsullivan@opensourcedevel.com>
wrote:
> 
> On Wed, 2005-09-07 at 10:07 -0400, Tim Durack wrote:
> > > I tried every possible network setup, routed, bridged-new, 
> bridged-old,
> > > all to no avail. I ended up with the old style bridged setup
because
> it
> > > was the last one I tried.
> >
> > > Everything else works, I evenhave a DHCP server in one of the
guest
> >
> > > domains, which serves machines on a different subnet from the
rest of
> > > the machines, and everything works fine (as it was before), but I
> > > cannot, for instance, ssh from Domain_0 to a guest domain.
> >
> >
> > > I can ssh to anyother machine and ssh back to the guest domain
from
> > > there, and it works fine, only the direct connection fails, it
hangs
> > > never completes. I even used ethereal to try to figure what was
going
> >
> > > on, but couldn''t find anything, the connection just
hangs there
> waiting
> > > for a packet that never arrives.
> >
> > Sounds like the problem I have been experiencing.
> >
> > If you examine your packet capture carefully on the failed
connections,
> you will probably see some transport layer checksum errors (tcp/udp.)
> >
> >
> > If you want a routed setup, a workaround is to build gre tunnels over 
> the top of the Dom0 vifX.0 <-> guest eth0 links.
> >
> > The new style bridged setup works, with the apparent limitation that 
> Dom0 can now only be attached to one bridge group.
> >
> >
> > If I remember correctly, vif0.0 should be bridged with vifX.0. veth0 
> should be assigned an appropriate address for your network.
> > Dom0 veth0 is the equivalent of eth0 in a guest, vif0.0 being the 
> matching end of the virtual link.
> >
> >
> > Outside network access should work if you bridge eth0 in the same
bridge
> group. Have fun if you want to run a firewall...
> >
> > Tim:>
> <snip>
> Hmmm . . . I''ll take a stab in the dark at this. I''ve
seen those types
> of errors with checksum offloading. Someone on this list in reply to a
> problem I was having mentioned that unstable implements checksum
> offloading. What happens if you disable it? - John
> --
> John A. Sullivan III
> Open Source Development Corporation
> +1 207-985-7880
> jsullivan@opensourcedevel.com
> 
> If you would like to participate in the development of an open source
> enterprise class network security management system, please visit
> http://iscs.sourceforge.net
> 
>

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Okay, I''ll eat my words (just not my hat yet):

guest> ethtool -K eth0 tx off

fixed the checksum problem (at least on my system with an e100 driver.)

I''ll try it again on my tg3 based system. I will eat my hat if it works
there...

Apologies if I mislead anyone.

Tim:>


On 9/7/05, Tim Durack <tdurack@gmail.com> wrote:
> 
> Tried various combinations of disabling offloading using ethtool.
Hasn''t
> worked for me so far.
> 
> Tim:>
> 
> On 9/7/05, John A. Sullivan III <jsullivan@opensourcedevel.com>
wrote:
> > 
> > On Wed, 2005-09-07 at 10:07 -0400, Tim Durack wrote:
> > > > I tried every possible network setup, routed, bridged-new, 
> > bridged-old,
> > > > all to no avail. I ended up with the old style bridged setup
because
> > it 
> > > > was the last one I tried.
> > >
> > > > Everything else works, I evenhave a DHCP server in one of
the guest
> > >
> > > > domains, which serves machines on a different subnet from
the rest
> > of
> > > > the machines, and everything works fine (as it was before),
but I
> > > > cannot, for instance, ssh from Domain_0 to a guest domain.
> > >
> > >
> > > > I can ssh to anyother machine and ssh back to the guest
domain from
> > > > there, and it works fine, only the direct connection fails,
it hangs
> > > > never completes. I even used ethereal to try to figure what
was
> > going
> > >
> > > > on, but couldn''t find anything, the connection just
hangs there
> > waiting 
> > > > for a packet that never arrives.
> > >
> > > Sounds like the problem I have been experiencing.
> > >
> > > If you examine your packet capture carefully on the failed 
> > connections, you will probably see some transport layer checksum
errors
> > (tcp/udp.)
> > >
> > >
> > > If you want a routed setup, a workaround is to build gre tunnels
over
> > the top of the Dom0 vifX.0 <-> guest eth0 links.
> > >
> > > The new style bridged setup works, with the apparent limitation
that
> > Dom0 can now only be attached to one bridge group.
> > >
> > >
> > > If I remember correctly, vif0.0 should be bridged with vifX.0.
veth0
> > should be assigned an appropriate address for your network.
> > > Dom0 veth0 is the equivalent of eth0 in a guest, vif0.0 being the
> > matching end of the virtual link.
> > >
> > >
> > > Outside network access should work if you bridge eth0 in the same
> > bridge group. Have fun if you want to run a firewall... 
> > >
> > > Tim:>
> > <snip>
> > Hmmm . . . I''ll take a stab in the dark at this.
I''ve seen those types
> > of errors with checksum offloading. Someone on this list in reply to a
> > problem I was having mentioned that unstable implements checksum 
> > offloading. What happens if you disable it? - John
> > --
> > John A. Sullivan III
> > Open Source Development Corporation
> > +1 207-985-7880
> > jsullivan@opensourcedevel.com 
> > 
> > If you would like to participate in the development of an open source
> > enterprise class network security management system, please visit
> > http://iscs.sourceforge.net 
> > 
> > 
>

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Same thing doesn''t work on a tg3 based system. Perhaps a driver bug?

Might explain why Ramiro is having problems too.

Tim:>

On 9/7/05, Tim Durack <tdurack@gmail.com> wrote:
> 
> Okay, I''ll eat my words (just not my hat yet):
> 
> guest> ethtool -K eth0 tx off
> 
> fixed the checksum problem (at least on my system with an e100 driver.)
> 
> I''ll try it again on my tg3 based system. I will eat my hat if it
works
> there...
> 
> Apologies if I mislead anyone.
> 
> Tim:>
> 
> 
> On 9/7/05, Tim Durack <tdurack@gmail.com> wrote:
> > 
> > Tried various combinations of disabling offloading using ethtool.
Hasn''t
> > worked for me so far.
> > 
> > Tim:>
> > 
> > On 9/7/05, John A. Sullivan III < jsullivan@opensourcedevel.com>
wrote:
> > > 
> > > On Wed, 2005-09-07 at 10:07 -0400, Tim Durack wrote:
> > > > > I tried every possible network setup, routed,
bridged-new,
> > > bridged-old,
> > > > > all to no avail. I ended up with the old style bridged
setup
> > > because it 
> > > > > was the last one I tried.
> > > >
> > > > > Everything else works, I evenhave a DHCP server in one
of the
> > > guest
> > > >
> > > > > domains, which serves machines on a different subnet
from the rest
> > > of
> > > > > the machines, and everything works fine (as it was
before), but I
> > > > > cannot, for instance, ssh from Domain_0 to a guest
domain.
> > > >
> > > >
> > > > > I can ssh to anyother machine and ssh back to the guest
domain
> > > from 
> > > > > there, and it works fine, only the direct connection
fails, it
> > > hangs
> > > > > never completes. I even used ethereal to try to figure
what was
> > > going
> > > >
> > > > > on, but couldn''t find anything, the connection
just hangs there
> > > waiting 
> > > > > for a packet that never arrives.
> > > >
> > > > Sounds like the problem I have been experiencing.
> > > >
> > > > If you examine your packet capture carefully on the failed 
> > > connections, you will probably see some transport layer checksum
errors
> > > (tcp/udp.)
> > > >
> > > >
> > > > If you want a routed setup, a workaround is to build gre
tunnels
> > > over the top of the Dom0 vifX.0 <-> guest eth0 links.
> > > >
> > > > The new style bridged setup works, with the apparent
limitation that
> > > Dom0 can now only be attached to one bridge group.
> > > >
> > > >
> > > > If I remember correctly, vif0.0 should be bridged with
vifX.0. veth0
> > > should be assigned an appropriate address for your network.
> > > > Dom0 veth0 is the equivalent of eth0 in a guest, vif0.0
being the
> > > matching end of the virtual link.
> > > >
> > > >
> > > > Outside network access should work if you bridge eth0 in the
same
> > > bridge group. Have fun if you want to run a firewall... 
> > > >
> > > > Tim:>
> > > <snip>
> > > Hmmm . . . I''ll take a stab in the dark at this.
I''ve seen those types
> > > of errors with checksum offloading. Someone on this list in reply
to a
> > > problem I was having mentioned that unstable implements checksum 
> > > offloading. What happens if you disable it? - John
> > > --
> > > John A. Sullivan III
> > > Open Source Development Corporation
> > > +1 207-985-7880
> > > jsullivan@opensourcedevel.com 
> > > 
> > > If you would like to participate in the development of an open
source
> > > enterprise class network security management system, please visit
> > > http://iscs.sourceforge.net 
> > > 
> > > 
> > 
>

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Hi Tim,

Yes, I guess so. The card which I have problems with is, coincidentally or
not, also tg3 based. I cannot switch off checksum offloading on it, 
I get: Operation not supported from ethtool.

Em Sunday 11 September 2005 22:07, Tim Durack escreveu:
> Same thing doesn''t work on a tg3 based system. Perhaps a driver
bug?
>
> Might explain why Ramiro is having problems too.
>
> Tim:>
-- 
Ramiro Brito Willmersdorf  Dep. Engenharia Mecânica/UFPE
ramiro@willmersdorf.net        tel: +55 81 2126-8231e239          

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Tim Durack wrote:
> Same thing doesn''t work on a tg3 based system. Perhaps a driver
bug?
> 
> Might explain why Ramiro is having problems too.

Didn''t think the tg3 supported disabling the checksum offload.

thanks,
Nivedita
> Tim:>
> 
> On 9/7/05, Tim Durack <tdurack@gmail.com> wrote:
> 
>>Okay, I''ll eat my words (just not my hat yet):
>>
>>guest> ethtool -K eth0 tx off
>>
>>fixed the checksum problem (at least on my system with an e100 driver.)
>>
>>I''ll try it again on my tg3 based system. I will eat my hat if
it works
>>there...
>>
>>Apologies if I mislead anyone.

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

tdurack@zeta:~$ sudo ethtool -k eth0
Offload parameters for eth0:
rx-checksumming: on
tx-checksumming: on
scatter-gather: off
tcp segmentation offload: off

tdurack@zeta:~$ sudo ethtool -K eth0 tx off

tdurack@zeta:~$ sudo ethtool -k eth0
Offload parameters for eth0:
rx-checksumming: on
tx-checksumming: off
scatter-gather: off
tcp segmentation offload: off

Ethtool works, what it''s really doing is a different matter.

Tim:>

On 9/13/05, Nivedita Singhvi <niv@us.ibm.com>
wrote:
> 
> Tim Durack wrote:
> > Same thing doesn''t work on a tg3 based system. Perhaps a
driver bug?
> >
> > Might explain why Ramiro is having problems too.
> 
> 
> Didn''t think the tg3 supported disabling the checksum offload.
> 
> thanks,
> Nivedita
> 
> > Tim:>
> >
> > On 9/7/05, Tim Durack <tdurack@gmail.com> wrote:
> >
> >>Okay, I''ll eat my words (just not my hat yet):
> >>
> >>guest> ethtool -K eth0 tx off
> >>
> >>fixed the checksum problem (at least on my system with an e100
driver.)
> >>
> >>I''ll try it again on my tg3 based system. I will eat my
hat if it works
> >>there...
> >>
> >>Apologies if I mislead anyone.
> 
>

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users