Xen users - Sep 2005 - Unexpected (?) bridging behavior in 2.0.7/FC4

I''ve got 2.0.7 running on a machine with 1 physical interface and two
bridges, like so --

bridge name     bridge id               STP enabled     interfaces
xen-br0         8000.0040f4ce392f       no              eth1
                                                        vif5.0
                                                        vif9.0
xenbr1          8000.feffffffffff       no              vif5.1
                                                        vif9.1

Bridge xenbr1 does not have an IP assigned, as I want vif5.1, vif9.1 to be
on an "untethered" bridge so it is isolated from dom0 --

[root@teegeeack ~]# ifconfig xenbr1
xenbr1    Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:47 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1860 (1.8 KiB)  TX bytes:0 (0.0 b)

If I run tcpdump -i xenbr1 on dom0, should I see all traffic on xenbr1
(vif5.1 and vif9.1)? In this case the domU on vif5.1 has IP 192.168.5.8
and vif9.1 has IP 192.168.5.9. If I run tcpdump on xenbr1 and ping .8, I
don''t see any packets. If I run tcpdump on xenbr1 and ping .9, I do see
the packets.

So, I suppose the question is -- is this expected? What I want is for the
bridge to act like a hub, not a switch, but my testing shows it''s not
acting like either. My intent is to use snort on a bridge without an IP
assigned.

I''ve tried running tcpdump on the vifs in dom0 as well. Only the pings
to
192.168.5.9 are captured. Am I missing something?

Signed,

Confused



_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Hi,

master@bradleyland.com wrote:
> I''ve got 2.0.7 running on a machine with 1 physical interface and
two
> bridges, like so --
> 
> bridge name     bridge id               STP enabled     interfaces
> xen-br0         8000.0040f4ce392f       no              eth1
>                                                         vif5.0
>                                                         vif9.0
> xenbr1          8000.feffffffffff       no              vif5.1
>                                                         vif9.1
> 
> Bridge xenbr1 does not have an IP assigned, as I want vif5.1, vif9.1 to be
> on an "untethered" bridge so it is isolated from dom0 --
> 
> [root@teegeeack ~]# ifconfig xenbr1
> xenbr1    Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:47 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:0
>           RX bytes:1860 (1.8 KiB)  TX bytes:0 (0.0 b)
> 
> If I run tcpdump -i xenbr1 on dom0, should I see all traffic on xenbr1
> (vif5.1 and vif9.1)? In this case the domU on vif5.1 has IP 192.168.5.8
> and vif9.1 has IP 192.168.5.9. If I run tcpdump on xenbr1 and ping .8, I
> don''t see any packets. If I run tcpdump on xenbr1 and ping .9, I
do see
> the packets.
tcpdump should show all traffic whether the bridge has an IP or not.
Can you tcpdump each vif and get a result that way?
Can you tcpdump from inside the domU and get a result?
I assume your network works correctly?
Perhaps check for overlapping subnets?
> 
> So, I suppose the question is -- is this expected? What I want is for the
> bridge to act like a hub, not a switch, but my testing shows it''s
not
> acting like either.
I don''t understand your meaning.
> My intent is to use snort on a bridge without an IP assigned.
I think that should work.
> I''ve tried running tcpdump on the vifs in dom0 as well. Only the
pings to
> 192.168.5.9 are captured. Am I missing something?
Make sure the vif''s in dom0 don''t have an IP assigned.

tcpdumping on each vif will show traffic to/from the domU it''s attached
to.


Marcus.

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

> Hi,
>
> master@bradleyland.com wrote:
>> I''ve got 2.0.7 running on a machine with 1 physical interface
and two
>> bridges, like so --
>>
>> bridge name     bridge id               STP enabled     interfaces
>> xen-br0         8000.0040f4ce392f       no              eth1
>>                                                         vif5.0
>>                                                         vif9.0
>> xenbr1          8000.feffffffffff       no              vif5.1
>>                                                         vif9.1
>>
>> Bridge xenbr1 does not have an IP assigned, as I want vif5.1, vif9.1 to
>> be
>> on an "untethered" bridge so it is isolated from dom0 --
>>
>> [root@teegeeack ~]# ifconfig xenbr1
>> xenbr1    Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF
>>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>>           RX packets:47 errors:0 dropped:0 overruns:0 frame:0
>>           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>>           collisions:0 txqueuelen:0
>>           RX bytes:1860 (1.8 KiB)  TX bytes:0 (0.0 b)
>>
>> If I run tcpdump -i xenbr1 on dom0, should I see all traffic on xenbr1
>> (vif5.1 and vif9.1)? In this case the domU on vif5.1 has IP 192.168.5.8
>> and vif9.1 has IP 192.168.5.9. If I run tcpdump on xenbr1 and ping .8,
I
>> don''t see any packets. If I run tcpdump on xenbr1 and ping .9,
I do see
>> the packets.
>
> tcpdump should show all traffic whether the bridge has an IP or not.
> Can you tcpdump each vif and get a result that way?
> Can you tcpdump from inside the domU and get a result?
> I assume your network works correctly?
> Perhaps check for overlapping subnets?
>
>>
>> So, I suppose the question is -- is this expected? What I want is for
>> the
>> bridge to act like a hub, not a switch, but my testing shows
it''s not
>> acting like either.
>
> I don''t understand your meaning.
>
>> My intent is to use snort on a bridge without an IP assigned.
>
> I think that should work.
>
>> I''ve tried running tcpdump on the vifs in dom0 as well. Only
the pings
>> to
>> 192.168.5.9 are captured. Am I missing something?
>
> Make sure the vif''s in dom0 don''t have an IP assigned.
>
> tcpdumping on each vif will show traffic to/from the domU it''s
attached
> to.
>
>
> Marcus.
>
Thanks for the response Marcus.

I figured it out -- my mistake. I was pinging 192.168.5.8 and 192.168.5.9
from dom0 (IP 192.168.2.5 -- different network) which is routed to one of
the domU machines. When I tcpdmp -i xenbr1 on dom0 and the traffic is
between .8 and .9, I see both machine''s traffic as I would expect. I
think
it''s working as it should, but I''ve got more experimenting to
do.




_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users