Hi list, I''m not sure if this is a bridge problem or a problem that is caused by xen. The symptons I see is that some network traffic is not getting through the bridge setup by the network-bridge script. I''m using the version with the RELEASE-3.0.2-2 tag (change set 9615) from http://xenbits.xensource.com/xen-3.0-testing.hg and have not modified the defautlt settings. After sniffing the different devices attached to the bridge I think the problem is that fragmented IP packets are not forwarded correctly. They are reassembled by the bridge so that they are larger than the MTUs of the devices in the bridge. If I go ping -s 1500 any-ip-address-that-normally-responds I see something like the following, in tethereal, on the vif0.0 device source -> destination ICMP Echo (Ping) Request source -> destination IP Fragmented IP Protocol source -> destination ICMP Echo (Ping) Request source -> destination IP Fragmented IP Protocol .... (no reply) Now on xenbr0 I see source -> destination ICMP Echo (Ping) Request source -> destination ICMP Echo (Ping) Request .... which I think should not be the case. Those Ping requests have been assembled from the 2 packets that came from vif0.0. This combined packet is larger than the MTU (1500) allows and is therefore not passed on to the next device (peth0 or vif1.0 or what ever) Ping with smaller packets works fine. I see those on all the three devices involved (vif0.0 -> xenbr0 -> peth0) and the replies are also there. After I disable the bridge with /etc/xen/scripts/network-bridge stop ping with -s 1500 also works. I find this behaviour rather strange as I thought that the bridge is only supposed to work on the ethernet level and therefore should not reassemble a fragmented IP packet. Strangely I have not been able to reproduce the problem on my other machine which is running Ubuntu/Breezy. The machine the problem occours is a Debian/Sarge. Also everything was working fine with the 3.0.0 Release I''d be happy to hear any comments on this issue. _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Peter Fokkinga wrote:> Quoting Birger Brunswiek <birger.b@gmx.net>: >> I''m not sure if this is a bridge problem or a problem that is caused >> by xen. >> >> The symptons I see is that some network traffic is not getting through >> the bridge setup by the network-bridge script. > > Maybe you experience TCP checksum problems? They will show up > if you use `tcpdump -vv -n -i eth0`; if you see bad checksums > try `ethtool -K eth0 tx off` to get rid of ''m.I''m not sure? At least I don''t see any bad checksums with tcpdump here on any device (eth0, peth0, vif0.0, xenbr0). I still think it''s the defragmentation that''s causing the problem. I found that if I remove the module ip_conntrack everthing works again as packets are no longer defragmented on the bridge. Its just that I won''t be able to use connection tracking which is required by nat, but I don''t need that anyway. _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users