thr3ads.net - Xen users - [Xen-users] HELP: xenbr on vlan if --> tcp checksum error [Dec 2005]

If this information is useful, please help other people find it:
Share via:

Lockenvitz, Jan \(EXT\)

2005-Dec-14 17:13 UTC

[Xen-users] HELP: xenbr on vlan if --> tcp checksum error

Hi

I''m testing around with xen 3.0 snapshot from last week. And
i''m now having a problem with a xenbr which is based on a vlan if
(dot1q).

this is all in dom0

os: debian testing
network: tg3

I can start the bridge based on my normal physical eth0 which is working without
any problems.
My clan without bridge is also working.
I can start the bridge based on a vlan if with help of the following command:

  # network-bridge start netdev=vlan100 bridge=xenbr0

The bridge is started (as i think) correctly. My interfaces and bridge looks
like this:

  # ifconfig

eth0      Protokoll:Ethernet  Hardware Adresse 00:0D:60:14:85:D4
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:27198 errors:0 dropped:0 overruns:0 frame:0
          TX packets:17073 errors:0 dropped:0 overruns:0 carrier:0
          Kollisionen:0 Sendewarteschlangenl%Gï¿½%@ge:1000
          RX bytes:4262353 (4.0 MiB)  TX bytes:11003381 (10.4 MiB)
          Interrupt:24

lo        Protokoll:Lokale Schleife
          inet Adresse:127.0.0.1  Maske:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:27033 errors:0 dropped:0 overruns:0 frame:0
          TX packets:27033 errors:0 dropped:0 overruns:0 carrier:0
          Kollisionen:0 Sendewarteschlangenl%Gï¿½%@ge:0
          RX bytes:11642656 (11.1 MiB)  TX bytes:11642656 (11.1 MiB)

pvlan100  Protokoll:Ethernet  Hardware Adresse FE:FF:FF:FF:FF:FF
          UP BROADCAST RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:24613 errors:0 dropped:0 overruns:0 frame:0
          TX packets:17073 errors:0 dropped:0 overruns:0 carrier:0
          Kollisionen:0 Sendewarteschlangenl%Gï¿½%@ge:0
          RX bytes:3419341 (3.2 MiB)  TX bytes:10865571 (10.3 MiB)

vif0.0    Protokoll:Ethernet  Hardware Adresse FE:FF:FF:FF:FF:FF
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
          Kollisionen:0 Sendewarteschlangenl%Gï¿½%@ge:0
          RX bytes:0 (0.0 b)  TX bytes:1600 (1.5 KiB)

vlan100   Protokoll:Ethernet  Hardware Adresse 00:0D:60:14:85:D4
          inet Adresse:10.8.15.129  Bcast:10.8.15.255  Maske:255.255.255.128
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:9 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          Kollisionen:0 Sendewarteschlangenl%Gï¿½%@ge:0
          RX bytes:1600 (1.5 KiB)  TX bytes:0 (0.0 b)

vlan105   Protokoll:Ethernet  Hardware Adresse 00:0D:60:14:85:D4
          inet Adresse:10.8.16.161  Bcast:10.8.15.191  Maske:255.255.255.224
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1327 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          Kollisionen:0 Sendewarteschlangenl%Gï¿½%@ge:0
          RX bytes:66350 (64.7 KiB)  TX bytes:0 (0.0 b)

xenbr0    Protokoll:Ethernet  Hardware Adresse FE:FF:FF:FF:FF:FF
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:9 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          Kollisionen:0 Sendewarteschlangenl%Gï¿½%@ge:0
          RX bytes:1474 (1.4 KiB)  TX bytes:0 (0.0 b)

  # brctl show

bridge name     bridge id               STP enabled     interfaces
xenbr0          8000.feffffffffff       no              pvlan100
                                                        vif0.0

a ping to an other machine is fine

But i can''t ssh to any other machine. I started tracing on another
machine and ethereal shows an incorrect TCP checksum. And the TCP checksum is
this case seems to depend on the packet size.
I also traced in dom0 on the following IF: vlan100, pvlan100 and eth0 (where the
vlan is bound to)
On vlan100 i can see the same packets as on the destination machine, but on
pvlan100 and eth0 the TCP checksum is correct.

Is this problem known? 

Can someone help to solve this? I can post some traces if necessary

Thanx in advance,
Jan

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

luc@nieland.net

2005-Dec-15 20:49 UTC

head link

Re: [Xen-users] HELP: xenbr on vlan if --> tcp checksum error

Lockenvitz, Jan (EXT) wrote:> Hi
> 
> I''m testing around with xen 3.0 snapshot from last week. And
i''m now
> having a problem with a xenbr which is based on a vlan if (dot1q).
> 
> this is all in dom0
> 
> os: debian testing network: tg3
> 
> I can start the bridge based on my normal physical eth0 which is
> working without any problems. My clan without bridge is also working.
>  I can start the bridge based on a vlan if with help of the following
> command:
> 
> # network-bridge start netdev=vlan100 bridge=xenbr0
> 
> The bridge is started (as i think) correctly. My interfaces and
> bridge looks like this:
> 
> # ifconfig
  [ ... ]
> # brctl show
> 
> bridge name     bridge id               STP enabled     interfaces 
> xenbr0          8000.feffffffffff       no              pvlan100 
> vif0.0
> 
> a ping to an other machine is fine
> 
> But i can''t ssh to any other machine. I started tracing on another
> machine and ethereal shows an incorrect TCP checksum. And the TCP
> checksum is this case seems to depend on the packet size. I also
> traced in dom0 on the following IF: vlan100, pvlan100 and eth0 (where
> the vlan is bound to) On vlan100 i can see the same packets as on the
> destination machine, but on pvlan100 and eth0 the TCP checksum is
> correct.
> 
> Is this problem known?
This sounds like an issue we found in our test-lab when using two 
physical ethernetcards in a machine (and bridges on both). When the 1th 
domainU is configured as a NAT-firewall, a 2nd domainU on the inside 
network, behind this firewall can succesfully ping through the 
NAT-firewall to an other physical machine in the outside network. 
However, from this 2nd domainU it is not possible to ssh/telnet through 
this NAT-firewall to the machine on the outside network.
When the firewall is only routing, the issue does not occur.



  ----xen-br1          outside network
        |
       eth0
       xxxxx            1th domainU (firewall/router)
       eth1
        |
  ----xen-br2          inside network
        |
       eth0
       xxxxx            2nd domainU


The issue does also not occur when a second physical machine is used 
which is connected to the inside network.  Then, the NAT-firewall does 
it''s job succesfully.

We found this in both in the three weeks old testing, the released 
stable of this week, the 32 and the 64 bit version. Distribution is 
Debian stable(sarge)

[root@dom0]# brctl show
bridge name     bridge id               STP enabled     interfaces
xen-br0         8000.000e2e333b62       no              eth0
                                                         vif1.0
...
xen-br1         8000.0000212fecc1       no              eth1
xen-br2         8000.0011091e4b64       no              eth2


> Can someone help to solve this? I can post some traces if necessary
> 
> Thanx in advance, Jan

Regards,
Luc

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Maybe Matching Threads

Search for more possibly parallel threads

Xen users - Dec 2005 - HELP: xenbr on vlan if --> tcp checksum error

[Xen-users] HELP: xenbr on vlan if --> tcp checksum error

Re: [Xen-users] HELP: xenbr on vlan if --> tcp checksum error

Maybe Matching Threads