Xen users - Mar 2007 - Strange Networking Issue

I''m having a strange networking issue I am hoping somebody can help me 
solve.  My provider assigned me 9 addresses and 8 of them are on a 
different subnet from the other IP and the gateway.  Here''s how it
looks:

Gateway: xxx.xxx.153.177
dom0: xxx.xxx.153.178 (on eth1, eth0 is assigned a 10.x.x.x IP.  This is 
how my provider set it up)

dom1: xxx.xxx.154.240 (domU primary IP)
           xxx.xxx.154.241
           xxx.xxx.154.242

dom2: xxx.xxx.154.244 (domU primary IP)
           xxx.xxx.154.245
           xxx.xxx.154.246

In dom1 ip addr list shows the following snippet:
...
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:16:3e:6b:a0:ef brd ff:ff:ff:ff:ff:ff
    inet xxx.xxx.154.240/22 brd xxx.xxx.155.255 scope global eth0
    inet xxx.xxx.154.241/32 scope global eth0
    inet xxx.xxx.154.242/32 scope global eth0
    inet6 fe80::216:3eff:fe6b:a0ef/64 scope link
       valid_lft forever preferred_lft forever
...

also in dom1, ifcfg-eth0 looks like this:

TYPE=Ethernet
DEVICE=eth0
BOOTPROTO=static
ONBOOT=yes
IPADDR=xxx.xxx.154.240
NETMASK=255.255.252.0
GATEWAY=xxx.xxx.153.177


.240 is pingable.
.241 was not pingable but somehow i was able to get it pingable and 
don''t know how. (I changed /32 to /30 and it started working and then 
now I can change it up however I want and there is no effect, it remains 
pingable)
.242 is not pingable.

By pingable/not pingable I am talking about machines in the outside 
world and the dom0.  dom2 can actually ping any IP from dom1 and visa 
versa.  This leads me to believe that there is a subnet configuration 
issue so only machines on the same subnet can ping the IP''s but I
can''t
explain how .241 is pingable everywhere.  I''ve tried removing .242 and 
readding it with /30 or with /22, etc but without success.

dom2 has the same issue except that only .244 is pingable while the 
others are not.

I am completely at a loss in this situation and have spent hours trying 
to get this working.  If any more information is needed, please let me 
know.  I am hoping that my lack of sleep is making me overlook something 
simple that one of you will see.

Thanks in advance,

Jon

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

I think either xen has an issue with bridging to eth1 on the dom0 
instead of eth0 or somehow my bridge is screwed up.  If I remove .242 
below from the domU and add it to the dom0 it begins to work just fine.  
I''m still trying to figure out how .241 is working fine from the domU 
when it is a secondary IP and no other secondary IP''s work from the
domU.

Does anybody know if the public IP has to be on eth0 in dom0 for 
bridging to work properly?

Thanks,

Jon

Jonathon Jones wrote:
> I''m having a strange networking issue I am hoping somebody can
help me
> solve.  My provider assigned me 9 addresses and 8 of them are on a 
> different subnet from the other IP and the gateway.  Here''s how it
looks:
>
> Gateway: xxx.xxx.153.177
> dom0: xxx.xxx.153.178 (on eth1, eth0 is assigned a 10.x.x.x IP.  This 
> is how my provider set it up)
>
> dom1: xxx.xxx.154.240 (domU primary IP)
>           xxx.xxx.154.241
>           xxx.xxx.154.242
>
> dom2: xxx.xxx.154.244 (domU primary IP)
>           xxx.xxx.154.245
>           xxx.xxx.154.246
>
> In dom1 ip addr list shows the following snippet:
> ...
> 2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
>    link/ether 00:16:3e:6b:a0:ef brd ff:ff:ff:ff:ff:ff
>    inet xxx.xxx.154.240/22 brd xxx.xxx.155.255 scope global eth0
>    inet xxx.xxx.154.241/32 scope global eth0
>    inet xxx.xxx.154.242/32 scope global eth0
>    inet6 fe80::216:3eff:fe6b:a0ef/64 scope link
>       valid_lft forever preferred_lft forever
> ...
>
> also in dom1, ifcfg-eth0 looks like this:
>
> TYPE=Ethernet
> DEVICE=eth0
> BOOTPROTO=static
> ONBOOT=yes
> IPADDR=xxx.xxx.154.240
> NETMASK=255.255.252.0
> GATEWAY=xxx.xxx.153.177
>
>
> .240 is pingable.
> .241 was not pingable but somehow i was able to get it pingable and 
> don''t know how. (I changed /32 to /30 and it started working and
then
> now I can change it up however I want and there is no effect, it 
> remains pingable)
> .242 is not pingable.
>
> By pingable/not pingable I am talking about machines in the outside 
> world and the dom0.  dom2 can actually ping any IP from dom1 and visa 
> versa.  This leads me to believe that there is a subnet configuration 
> issue so only machines on the same subnet can ping the IP''s but I 
> can''t explain how .241 is pingable everywhere.  I''ve
tried removing
> .242 and readding it with /30 or with /22, etc but without success.
>
> dom2 has the same issue except that only .244 is pingable while the 
> others are not.
>
> I am completely at a loss in this situation and have spent hours 
> trying to get this working.  If any more information is needed, please 
> let me know.  I am hoping that my lack of sleep is making me overlook 
> something simple that one of you will see.
>
> Thanks in advance,
>
> Jon
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@lists.xensource.com
> http://lists.xensource.com/xen-users
>
_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Hi,
> instead of eth0 or somehow my bridge is screwed up.  If I remove .242
> below from the domU and add it to the dom0 it begins to work just fine.
> I''m still trying to figure out how .241 is working fine from the
domU
> when it is a secondary IP and no other secondary IP''s work from
the domU.

Are you sure nobody else uses the ip by accident? Whats the mac address from
242? (arp -n). Is that the mac from your DomU.


Does anybody know if the public IP has to be on eth0 in dom0
for
> bridging to work properly?

Public IP has to be on the interface where the public net is! Are eth0 and
eth1 in different VLANs?

It looks like your provider set up another IP network for Dom0 and DomU. Are
they on the same Layer 2 Network?

I dont know the exact setup of sour provider but the 2 networks you have are
not fitting together.

Gateway: xxx.xxx.153.177
dom0: xxx.xxx.153.178 (on eth1, eth0 is assigned a 10.x.x.x IP.  This is
how my provider set it up)

dom1: xxx.xxx.154.240 (domU primary IP)
          xxx.xxx.154.241
          xxx.xxx.154.242

dom2: xxx.xxx.154.244 (domU primary IP)
          xxx.xxx.154.245
          xxx.xxx.154.246

Do you route or bridge? With bridge you need a netmask of 255.255.252.0 to
reach the gateway from your DomUs.
So, you have to route the 154.240/29 network to your DomUs.

Martin


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Thanks so much for your response.

Martin Hierling wrote:
> Hi,
>
>     instead of eth0 or somehow my bridge is screwed up.  If I remove .242
>     below from the domU and add it to the dom0 it begins to work just
>     fine.
>     I''m still trying to figure out how .241 is working fine from
the domU
>     when it is a secondary IP and no other secondary IP''s work
from
>     the domU.
>
>
> Are you sure nobody else uses the ip by accident? Whats the mac 
> address from 242? (arp -n). Is that the mac from your DomU.
>
Yes, I''m quite certain since I can swap the IP back and forth between 
the dom0 and domU at will and it always will work on the dom0 but not in 
the domU.  Using arp -n doesn''t show me anything that seems usable. 
The
following is the output from arp -n.  It is the same in both the dom0 
and domU except that the Iface changes from eth1 to eth0 when going from 
dom0 to domU.

[root@secure network-scripts]# arp -n
Address                  HWtype  HWaddress           Flags 
Mask            Iface
75.126.153.177           ether   00:1A:30:38:90:00   
C                     eth0
>
>     Does anybody know if the public IP has to be on eth0 in dom0 for
>     bridging to work properly? 
>
>
> Public IP has to be on the interface where the public net is! Are eth0 
> and eth1 in different VLANs?
Right, the public IP is on eth1 in dom0.  Which is how the provider set 
it up  Everything seems to work fine in this setup other than adding 
secondary IP''s to domU''s.  Yes, in the dom0, eth0 is on
10.10.16.2/26
vlan while eth1 is on public IP xxx.xxx.153.178/29
>
> It looks like your provider set up another IP network for Dom0 and 
> DomU. Are they on the same Layer 2 Network?
Well, my provider isn''t aware of my xen setup.  They just gave me 
.153.178 and .154.240-.247 as usable IP''s with a gateway of
.153.177.
>
> I dont know the exact setup of sour provider but the 2 networks you 
> have are not fitting together.
>
> Gateway: xxx.xxx.153.177
> dom0: xxx.xxx.153.178 (on eth1, eth0 is assigned a 10.x.x.x IP.  This is
> how my provider set it up)
>
> dom1: xxx.xxx.154.240 (domU primary IP)
>           xxx.xxx.154.241
>           xxx.xxx.154.242
>
> dom2: xxx.xxx.154.244 (domU primary IP)
>           xxx.xxx.154.245
>           xxx.xxx.154.246
>  
> Do you route or bridge? With bridge you need a netmask of 
> 255.255.252.0 <http://255.255.252.0> to reach the gateway from your 
> DomUs.
> So, you have to route the 154.240/29 network to your DomUs.
>
> Martin
>
It is bridge.  I am not a networking guru or even a xen guru but i have 
been using xen for some time now and have set up several servers with 
it.  This is the first I have run into this type of situation.  The 
domU''s do have a netmask of 255.255.252.0 so that they can reach the 
gateway and the primary IP I assign to eth0 in the domU works just fine 
every time.

How do I go about routing the 154.240/29 network to my domU''s beyond 
what I have already done?  And why is it that the primary IP works fine 
and then strangely .241 works also but no other IP''s do?  The 
inconsistency is nagging at me.

Thanks again for your help.  I am trying to migrate servers from one 
provider to another and this is holding me up.

Jon


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

In the domU....

[root@secure network-scripts]# ip addr list
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:16:3e:3d:20:f0 brd ff:ff:ff:ff:ff:ff
    inet 75.126.154.240/22 brd 75.126.155.255 scope global eth0
    inet 75.126.154.241/22 brd 75.126.155.255 scope global secondary eth0:0
    inet 75.126.154.242/22 brd 75.126.155.255 scope global secondary eth0:1
    inet 75.126.154.243/22 brd 75.126.155.255 scope global secondary eth0:2
    inet6 fe80::216:3eff:fe3d:20f0/64 scope link
       valid_lft forever preferred_lft forever
3: sit0: <NOARP> mtu 1480 qdisc noop
    link/sit 0.0.0.0 brd 0.0.0.0

You can see that all IP''s are added in the same way yet only .240 is 
pingable.  I can add the IP manually to dom0 and get it to ping so I''m 
thinking there is some bug in this latest version of xen.  Does anybody 
else have any other conclusion?

Jon

Jonathon Jones wrote:
> Thanks so much for your response.
>
> Martin Hierling wrote:
>> Hi,
>>
>>     instead of eth0 or somehow my bridge is screwed up.  If I remove
.242
>>     below from the domU and add it to the dom0 it begins to work just
>>     fine.
>>     I''m still trying to figure out how .241 is working fine
from the domU
>>     when it is a secondary IP and no other secondary IP''s work
from
>>     the domU.
>>
>>
>> Are you sure nobody else uses the ip by accident? Whats the mac 
>> address from 242? (arp -n). Is that the mac from your DomU.
>>
> Yes, I''m quite certain since I can swap the IP back and forth
between
> the dom0 and domU at will and it always will work on the dom0 but not 
> in the domU.  Using arp -n doesn''t show me anything that seems 
> usable.  The following is the output from arp -n.  It is the same in 
> both the dom0 and domU except that the Iface changes from eth1 to eth0 
> when going from dom0 to domU.
>
> [root@secure network-scripts]# arp -n
> Address                  HWtype  HWaddress           Flags 
> Mask            Iface
> 75.126.153.177           ether   00:1A:30:38:90:00   
> C                     eth0
>>
>>     Does anybody know if the public IP has to be on eth0 in dom0 for
>>     bridging to work properly? 
>>
>>
>> Public IP has to be on the interface where the public net is! Are 
>> eth0 and eth1 in different VLANs?
> Right, the public IP is on eth1 in dom0.  Which is how the provider 
> set it up  Everything seems to work fine in this setup other than 
> adding secondary IP''s to domU''s.  Yes, in the dom0, eth0
is on
> 10.10.16.2/26 vlan while eth1 is on public IP xxx.xxx.153.178/29
>>
>> It looks like your provider set up another IP network for Dom0 and 
>> DomU. Are they on the same Layer 2 Network?
> Well, my provider isn''t aware of my xen setup.  They just gave me 
> .153.178 and .154.240-.247 as usable IP''s with a gateway of
.153.177.
>>
>> I dont know the exact setup of sour provider but the 2 networks you 
>> have are not fitting together.
>>
>> Gateway: xxx.xxx.153.177
>> dom0: xxx.xxx.153.178 (on eth1, eth0 is assigned a 10.x.x.x IP.  This
is
>> how my provider set it up)
>>
>> dom1: xxx.xxx.154.240 (domU primary IP)
>>           xxx.xxx.154.241
>>           xxx.xxx.154.242
>>
>> dom2: xxx.xxx.154.244 (domU primary IP)
>>           xxx.xxx.154.245
>>           xxx.xxx.154.246
>>  
>> Do you route or bridge? With bridge you need a netmask of 
>> 255.255.252.0 <http://255.255.252.0> to reach the gateway from
your
>> DomUs.
>> So, you have to route the 154.240/29 network to your DomUs.
>>
>> Martin
>>
> It is bridge.  I am not a networking guru or even a xen guru but i 
> have been using xen for some time now and have set up several servers 
> with it.  This is the first I have run into this type of situation.  
> The domU''s do have a netmask of 255.255.252.0 so that they can
reach
> the gateway and the primary IP I assign to eth0 in the domU works just 
> fine every time.
>
> How do I go about routing the 154.240/29 network to my domU''s
beyond
> what I have already done?  And why is it that the primary IP works 
> fine and then strangely .241 works also but no other IP''s do?  The
> inconsistency is nagging at me.
>
> Thanks again for your help.  I am trying to migrate servers from one 
> provider to another and this is holding me up.
>
> Jon
> ------------------------------------------------------------------------
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@lists.xensource.com
> http://lists.xensource.com/xen-users

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Hi,
> 2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
>     link/ether 00:16:3e:3d:20:f0 brd ff:ff:ff:ff:ff:ff
>     inet 75.126.154.240/22 brd 75.126.155.255 scope global eth0
>     inet 75.126.154.241/22 brd 75.126.155.255 scope global secondary
> eth0:0
>     inet 75.126.154.242/22 brd 75.126.155.255 scope global secondary
> eth0:1
>     inet 75.126.154.243/22 brd 75.126.155.255 scope global secondary
> eth0:2
>     inet6 fe80::216:3eff:fe3d:20f0/64 scope link
>        valid_lft forever preferred_lft forever
>
> You can see that all IP''s are added in the same way yet only .240
is
> pingable.  I can add the IP manually to dom0 and get it to ping so
I''m
> thinking there is some bug in this latest version of xen.  Does anybody
else
> have any other conclusion?
>

pingable means from outside, right. So are there any firewalls between
outside and xen?
have you tested any other service, like http? try that.
does your xen box get/answer the ping? tcpdump -i eth0 icmp. Do you see any
echo/echo-replys generated from your box?
According to your first mail, eth1 is the if with the public interface!  Why
are the addresses configured on eth0?

Another thing is that your gateway/Dom0 ip is looking exactly like a
transfer network, 75.126.153.176/29 for routing purpose. You should get some
information from your provider how exactly the routing setup is.

I dont believe it is xen, i have a similar setup.

Martin


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

----- Original Message ----- 
  From: Martin Hierling 
  To: xen-users 
  Sent: Saturday, March 10, 2007 8:23 AM
  Subject: Re: [Xen-users] Strange Networking Issue


  Hi,

    2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
        link/ether 00:16:3e:3d:20:f0 brd ff:ff:ff:ff:ff:ff
        inet 75.126.154.240/22 brd 75.126.155.255 scope global eth0
        inet 75.126.154.241/22 brd 75.126.155.255 scope global secondary eth0:0
        inet 75.126.154.242/22 brd 75.126.155.255 scope global secondary eth0:1
        inet 75.126.154.243/22 brd 75.126.155.255 scope global secondary eth0:2
        inet6 fe80::216:3eff:fe3d:20f0/64 scope link 
           valid_lft forever preferred_lft forever

    You can see that all IP''s are added in the same way yet only .240
is pingable.  I can add the IP manually to dom0 and get it to ping so
I''m thinking there is some bug in this latest version of xen.  Does
anybody else have any other conclusion?


  pingable means from outside, right. So are there any firewalls between outside
and xen?
  have you tested any other service, like http? try that.
  does your xen box get/answer the ping? tcpdump -i eth0 icmp. Do you see any
echo/echo-replys generated from your box?
  According to your first mail, eth1 is the if with the public interface!  Why
are the addresses configured on eth0?

There''s been a lot of previous discussions about setting up firewalls,
especially iptables, for Dom0 to allow guests their necessary access.
I''d still love to see a clear walkthrough guide for this, though.

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

To answer your question about eth0 vs. eth1, on the dom0 eth1 has the 
public IP but the below dump from ip addr list was on the domU showing 
that the .242 IP was added to the domU in the same way as the .240 IP 
however  .240 reaches the domU and .242 does not.

Yes, pingable means from the outside world.  Otherwise I will specify 
for clarity.

No firewalls.

Other services are also unreachable.

tcpdump was a great tip, thanks.  I''ll add that to my tool belt.  The 
dom0 is receiving the ping request for .242 but that IP is added to the 
domU.  The domU is receiving the ping request for .240 however.

You made the following statement which I don''t understand:
"Another
thing is that your gateway/Dom0 ip is looking exactly like a transfer 
network, 75.126.153.176/29 <http://75.126.153.176/29> for routing 
purpose. You should get some information from your provider how exactly 
the routing setup is."

What exactly are the implications of them setting up the dom0 IP in that 
way and why does it matter?

I do appreciate all of your help.  Thanks much!

Jon

Martin Hierling wrote:
> Hi,
>
>     2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen
1000
>         link/ether 00:16:3e:3d:20:f0 brd ff:ff:ff:ff:ff:ff
>         inet 75.126.154.240/22 <http://75.126.154.240/22> brd
>     75.126.155.255 <http://75.126.155.255> scope global eth0
>         inet 75.126.154.241/22 <http://75.126.154.241/22> brd
>     75.126.155.255 <http://75.126.155.255> scope global secondary
eth0:0
>         inet 75.126.154.242/22 <http://75.126.154.242/22> brd
>     75.126.155.255 <http://75.126.155.255> scope global secondary
eth0:1
>         inet 75.126.154.243/22 <http://75.126.154.243/22> brd
>     75.126.155.255 <http://75.126.155.255> scope global secondary
eth0:2
>         inet6 fe80::216:3eff:fe3d:20f0/64 scope link
>            valid_lft forever preferred_lft forever
>
>     You can see that all IP''s are added in the same way yet only
.240
>     is pingable.  I can add the IP manually to dom0 and get it to ping
>     so I''m thinking there is some bug in this latest version of
xen.
>     Does anybody else have any other conclusion?
>
>
>
> pingable means from outside, right. So are there any firewalls between 
> outside and xen?
> have you tested any other service, like http? try that.
> does your xen box get/answer the ping? tcpdump -i eth0 icmp. Do you 
> see any echo/echo-replys generated from your box?
> According to your first mail, eth1 is the if with the public 
> interface!  Why are the addresses configured on eth0?
>
> Another thing is that your gateway/Dom0 ip is looking exactly like a 
> transfer network, 75.126.153.176/29 <http://75.126.153.176/29> for 
> routing purpose. You should get some information from your provider 
> how exactly the routing setup is.
>
> I dont believe it is xen, i have a similar setup.
>
> Martin
> ------------------------------------------------------------------------
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@lists.xensource.com
> http://lists.xensource.com/xen-users

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

jez wrote:
> On Fri, Mar 09, 2007 at 07:08:28PM -0500, Jonathon Jones wrote:
>   
> Hi Jon, 
>
> your first post says that additional IPs on eth0 in Dom1 are /32 not /22 - 
> which is it? 
>   
Tried it both ways and more.  I added it as /22 recently simply to show 
that it is consistent with a working IP, .240
> Also, can you fill in the details on the following:
>
> 1. "ip addr show" on Dom0
>   
[root@trinity domU]# ip addr show
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: vif0.0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
    link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
3: veth0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
4: vif0.1: <BROADCAST,NOARP,UP> mtu 1500 qdisc noqueue
    link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
    inet6 fe80::fcff:ffff:feff:ffff/64 scope link
       valid_lft forever preferred_lft forever
5: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue
    link/ether 00:30:48:78:d6:07 brd ff:ff:ff:ff:ff:ff
    inet 75.126.153.178/29 brd 75.126.153.183 scope global eth1
    inet6 fe80::230:48ff:fe78:d607/64 scope link
       valid_lft forever preferred_lft forever
6: vif0.2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
    link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
7: veth2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
8: vif0.3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
    link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
9: veth3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
10: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:30:48:78:d6:06 brd ff:ff:ff:ff:ff:ff
    inet 10.10.16.2/26 brd 10.10.16.63 scope global eth0
    inet6 fe80::230:48ff:fe78:d606/64 scope link
       valid_lft forever preferred_lft forever
11: peth1: <BROADCAST,NOARP,UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
    inet6 fe80::fcff:ffff:feff:ffff/64 scope link
       valid_lft forever preferred_lft forever
12: sit0: <NOARP> mtu 1480 qdisc noop
    link/sit 0.0.0.0 brd 0.0.0.0
13: xenbr1: <BROADCAST,NOARP,UP> mtu 1500 qdisc noqueue
    link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
    inet6 fe80::200:ff:fe00:0/64 scope link
       valid_lft forever preferred_lft forever
14: vif1.0: <BROADCAST,NOARP,UP> mtu 1500 qdisc pfifo_fast qlen 32
    link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
    inet6 fe80::fcff:ffff:feff:ffff/64 scope link
       valid_lft forever preferred_lft forever
15: vif2.0: <BROADCAST,NOARP,UP> mtu 1500 qdisc pfifo_fast qlen 32
    link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
    inet6 fe80::fcff:ffff:feff:ffff/64 scope link
       valid_lft forever preferred_lft forever
> 2. "brctl show" on Dom0
>   
[root@trinity domU]# brctl show
bridge name     bridge id               STP enabled     interfaces
xenbr1          8000.feffffffffff       no              peth1
                                                        vif0.1
                                                        vif1.0
                                                       
vif2.0
> 3. "route -n" on Dom0
>   
[root@trinity domU]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use 
Iface
75.126.153.176  0.0.0.0         255.255.255.248 U     0      0        0 eth1
10.10.16.0      0.0.0.0         255.255.255.192 U     0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth1
10.0.0.0        10.10.16.1      255.0.0.0       UG    0      0        0 eth0
0.0.0.0         75.126.153.177  0.0.0.0         UG    0      0        0
eth1
> 4. The vif configurations for Dom1 and Dom2 (from their config files)
>   
In Dom1:
[root@secure network-scripts]# cat ifcfg-eth0
# Please read /usr/share/doc/initscripts-*/sysconfig.txt
# for the documentation of these parameters.
TYPE=Ethernet
DEVICE=eth0
BOOTPROTO=static
ONBOOT=yes
IPADDR=75.126.154.240
NETMASK=255.255.252.0
GATEWAY=75.126.153.177
[root@secure network-scripts]# cat ifcfg-eth0-range0
IPADDR_START=75.126.154.241
IPADDR_END=75.126.154.243
CLONENUM_START=0
NETMASK=255.255.252.0

Note:  I have been using ip addr add/del to test the IP''s out but for 
simplicity I added them using the range config above.  Neither way is 
working.  I also have my ISP checking on whether this is a routing issue 
on their side, although I don''t see hwo it could be when .240 and .244 
are routing to Dom1 and Dom2 respectively.

In Dom2:
[root@secure network-scripts]# cat ifcfg-eth0
# Please read /usr/share/doc/initscripts-*/sysconfig.txt
# for the documentation of these parameters.
TYPE=Ethernet
DEVICE=eth0
BOOTPROTO=static
ONBOOT=yes
IPADDR=75.126.154.244
NETMASK=255.255.252.0
GATEWAY=75.126.153.177

[root@secure network-scripts]# cat ifcfg-eth0-range0
IPADDR_START=75.126.154.245
IPADDR_END=75.126.154.247
CLONENUM_START=0
NETMASK=255.255.252.0
> 5. The settings for (network-script ...) and (vif-script ...) in your
>    xend configuration file.
>   
In Dom1:
vif = [ '''' ]
In Dom2: (as an experiment which didn''t change anything)
vif = [ ''ip=75.126.154.244'' ]

Neither DomU has any other network settings in the
config.
> 6. The version of xen you are running.
>   
xen-3.0.4_1-install-x86_32p.tgz is the file I downloaded form xensource.com
uname reports 2.6.16.33-xen #1 SMP Mon Jan 8 14:39:10 GMT 2007 i686 
athlon i386 GNU/Linux
> Depending on what you come back with, I might have more questions. 
>
> Also, do you have any idea if you would prefer a bridged or a routed
> setup?
>
> jez
>
>   
I prefer bridged simply because it seems the most simple setup 
normally.  I am open to suggestions but I am looking for the easiest to 
maintain because I am frankly not a networking guru...although I am 
learning a lot from this.

Thanks much!

Jon
> _______________________________________________
> Xen-users mailing list
> Xen-users@lists.xensource.com
> http://lists.xensource.com/xen-users
>
>   
_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Jonathon,

To answer your question about eth0 vs. eth1, on the dom0 eth1 has the
public
> IP but the below dump from ip addr list was on the domU showing that the
> .242 IP was added to the domU in the same way as the .240 IP however  .240
> reaches the domU and .242 does not.
>
> Yes, pingable means from the outside world.  Otherwise I will specify for
> clarity.
>
> No firewalls.
>
> Other services are also unreachable.
>
> tcpdump was a great tip, thanks.  I''ll add that to my tool belt. 
The dom0
> is receiving the ping request for .242 but that IP is added to the domU.
> The domU is receiving the ping request for .240 however.
>
does DomU send an answer? Does the echo-reply package leaves Dom0 network
interface. in bridged mode dump the traffic on your bridge interface, you
should see all traffic there.


You made the following statement which I don''t understand:
"Another thing is
> that your gateway/Dom0 ip is looking exactly like a transfer network,
> 75.126.153.176/29 for routing purpose. You should get some information
> from your provider how exactly the routing setup is."
>
Sorry, wrong netmask, it should be /30. This is a small network (only 2
hosts) between 2 routers. So the setup should be as followed:

INET  --> x.x.173.177/30  --> x.x.173.178/30 ---------> x.x.174.240/29
                ^provider Router     ^ your Router (Dom0)    ^ your DomU

So this small network is only used to transfer data between 2 routers.
provider router has a router for x.x.174.240/29 pointing to your Dom0 (
173.178)

Martin


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Hi,

[root@trinity domU]# route -n
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref    Use
> Iface
> 75.126.153.176  0.0.0.0         255.255.255.248 U     0      0        0
> eth1
> 10.10.16.0      0.0.0.0         255.255.255.192 U     0      0        0
> eth0
> 169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0
> eth1
> 10.0.0.0        10.10.16.1      255.0.0.0       UG    0      0        0
> eth0
> 0.0.0.0         75.126.153.177  0.0.0.0         UG    0      0        0
> eth1

that looks like a routing setup .... so, ich bin draussen.
> Also, do you have any idea if you would prefer a bridged or a routed
> > setup?

i prefer bridge, but it depends on what your provider gave you.....


Martin


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

On Fri, Mar 09, 2007 at 07:08:28PM -0500, Jonathon Jones
wrote:
> In the domU....
</snip> 
> 2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
>    link/ether 00:16:3e:3d:20:f0 brd ff:ff:ff:ff:ff:ff
>    inet 75.126.154.240/22 brd 75.126.155.255 scope global eth0
>    inet 75.126.154.241/22 brd 75.126.155.255 scope global secondary eth0:0
>    inet 75.126.154.242/22 brd 75.126.155.255 scope global secondary eth0:1
>    inet 75.126.154.243/22 brd 75.126.155.255 scope global secondary eth0:2
>    inet6 fe80::216:3eff:fe3d:20f0/64 scope link
>       valid_lft forever preferred_lft forever
</snip> 
> You can see that all IP''s are added in the same way yet only .240
is
> pingable.  I can add the IP manually to dom0 and get it to ping so
I''m
> thinking there is some bug in this latest version of xen.  Does anybody 
> else have any other conclusion?
> 
> Jon
Hi Jon, 

your first post says that additional IPs on eth0 in Dom1 are /32 not /22 - 
which is it? 

Also, can you fill in the details on the following:

1. "ip addr show" on Dom0
2. "brctl show" on Dom0
3. "route -n" on Dom0
4. The vif configurations for Dom1 and Dom2 (from their config files)
5. The settings for (network-script ...) and (vif-script ...) in your
   xend configuration file.
6. The version of xen you are running.

Depending on what you come back with, I might have more questions. 

Also, do you have any idea if you would prefer a bridged or a routed
setup?

jez


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Martin Hierling wrote:
> Jonathon,
>
>     To answer your question about eth0 vs. eth1, on the dom0 eth1 has
>     the public IP but the below dump from ip addr list was on the domU
>     showing that the .242 IP was added to the domU in the same way as
>     the .240 IP however  .240 reaches the domU and .242 does not.
>
>     Yes, pingable means from the outside world.  Otherwise I will
>     specify for clarity.
>
>     No firewalls.
>
>     Other services are also unreachable.
>
>     tcpdump was a great tip, thanks.  I''ll add that to my tool
belt.
>     The dom0 is receiving the ping request for .242 but that IP is
>     added to the domU.  The domU is receiving the ping request for
>     .240 however.
>
>
> does DomU send an answer? Does the echo-reply package leaves Dom0 
> network interface. in bridged mode dump the traffic on your bridge 
> interface, you should see all traffic there.
This is on Dom0:
[root@trinity ~]# tcpdump -i eth1 icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
13:10:10.473696 IP c-24-7-246-141.hsd1.in.comcast.net > 
trinity.pjlhosting.com: icmp 64: echo request seq 20
13:10:10.498042 IP trinity.pjlhosting.com > 
c-24-7-246-141.hsd1.in.comcast.net: icmp 64: echo reply seq 20
13:10:11.479154 IP c-24-7-246-141.hsd1.in.comcast.net > 
trinity.pjlhosting.com: icmp 64: echo request seq 21
13:10:11.479205 IP trinity.pjlhosting.com > 
c-24-7-246-141.hsd1.in.comcast.net: icmp 64: echo reply seq 21
13:10:12.476770 IP c-24-7-246-141.hsd1.in.comcast.net > 
trinity.pjlhosting.com: icmp 64: echo request seq 22
13:10:12.476779 IP trinity.pjlhosting.com > 
c-24-7-246-141.hsd1.in.comcast.net: icmp 64: echo reply seq 22
13:10:13.480174 IP c-24-7-246-141.hsd1.in.comcast.net > 
trinity.pjlhosting.com: icmp 64: echo request seq 23
13:10:13.480200 IP trinity.pjlhosting.com > 
c-24-7-246-141.hsd1.in.comcast.net: icmp 64: echo reply seq 23
13:10:17.853919 IP c-24-7-246-141.hsd1.in.comcast.net > pjlhosting.com: 
icmp 64: echo request seq 0
13:10:18.853326 IP c-24-7-246-141.hsd1.in.comcast.net > pjlhosting.com: 
icmp 64: echo request seq 1
13:10:19.860218 IP c-24-7-246-141.hsd1.in.comcast.net > pjlhosting.com: 
icmp 64: echo request seq 2
13:10:20.858329 IP c-24-7-246-141.hsd1.in.comcast.net > pjlhosting.com: 
icmp 64: echo request seq 3

12 packets captured
12 packets received by filter
0 packets dropped by kernel

That is what I see when I first ping the dom0 IP and then ping the .242 
IP which is bound to Dom1.

I get the same thing when I watch the bridge.

Jon
>
>
>     You made the following statement which I don''t understand:
>     "Another thing is that your gateway/Dom0 ip is looking exactly
>     like a transfer network, 75.126.153.176/29
>     <http://75.126.153.176/29> for routing purpose. You should get
>     some information from your provider how exactly the routing setup
is."
>
>
> Sorry, wrong netmask, it should be /30. This is a small network (only 
> 2 hosts) between 2 routers. So the setup should be as followed:
>
> INET  --> x.x.173.177/30  --> x.x.173.178/30 --------->
x.x.174.240/29
>                 ^provider Router     ^ your Router (Dom0)    ^ your DomU
>
> So this small network is only used to transfer data between 2 routers.
> provider router has a router for x.x.174.240/29 pointing to your Dom0 
> (173.178)
>
> Martin
So are you saying I should change my netmasks from what I have?  I am 
not really getting what your suggestion is....sorry if I''m being dense.

Jon
> ------------------------------------------------------------------------
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@lists.xensource.com
> http://lists.xensource.com/xen-users

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Oh, I see.

(network-script network-bridge)
(vif-script vif-bridge)

Jon

jez wrote:
> On Sat, Mar 10, 2007 at 01:44:45PM -0500, Jonathon Jones wrote:
>   
>>> 5. The settings for (network-script ...) and (vif-script ...) in
your
>>>   xend configuration file.
>>>  
>>>       
>> In Dom1:
>> vif = [ '''' ]
>> In Dom2: (as an experiment which didn''t change anything)
>> vif = [ ''ip=75.126.154.244'' ]
>>
>> Neither DomU has any other network settings in the config.
>>     
>
> The xend config file should be called xend-config.sxp or something like
> that. I installed via Debian and it ended up in the /etc/xen directory
> which is probably where it is on your system also. This is quite an
> important config file - it''s essentially where you tell xend which
mode
> of networking to use (bridged or routed) amongst other things. 
>
> I''m still digesting the rest of the information you gave me, so
bear
> with me.
>
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@lists.xensource.com
> http://lists.xensource.com/xen-users
>
>   

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Ok, Here is what my provider told me...

------------------------
Hello Jon,
Sorry for the confusion caused.
In order to set up a VPS server you need to set up a different gateway 
other than the gateway xxx.xxx.153.177.
The set up should be done in the following manner.
The first IP i.e xxx.xxx.154.240 should be the network address.
The second IP xxx.xxx.154.241 should be the gateway address
and the last IP the broadcast IP xxx.xxx.154.247. So in the process you 
will loose your 3 IP''s.
These settings need to be done at your end. Do let us know once this is 
set up so that we can re-route your Virtual IP''s through the VLAN.
------------------------

So are they assuming that I have a routed setup or something?  Is this 
logical to you guys?  What I don''t get is that currently .240 and .244 
(the primary IP''s for the Dom1 and Dom2) are working just fine int he 
current setup.  This seems to debunk their claim to me.

Your thoughts?

Jon

jez wrote:
> On Sat, Mar 10, 2007 at 01:44:45PM -0500, Jonathon Jones wrote:
>   
>>> 5. The settings for (network-script ...) and (vif-script ...) in
your
>>>   xend configuration file.
>>>  
>>>       
>> In Dom1:
>> vif = [ '''' ]
>> In Dom2: (as an experiment which didn''t change anything)
>> vif = [ ''ip=75.126.154.244'' ]
>>
>> Neither DomU has any other network settings in the config.
>>     
>
> The xend config file should be called xend-config.sxp or something like
> that. I installed via Debian and it ended up in the /etc/xen directory
> which is probably where it is on your system also. This is quite an
> important config file - it''s essentially where you tell xend which
mode
> of networking to use (bridged or routed) amongst other things. 
>
> I''m still digesting the rest of the information you gave me, so
bear
> with me.
>
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@lists.xensource.com
> http://lists.xensource.com/xen-users
>
>   

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

On Sat, Mar 10, 2007 at 01:44:45PM -0500, Jonathon Jones
wrote:
> >5. The settings for (network-script ...) and (vif-script ...) in your
> >   xend configuration file.
> >  
> In Dom1:
> vif = [ '''' ]
> In Dom2: (as an experiment which didn''t change anything)
> vif = [ ''ip=75.126.154.244'' ]
> 
> Neither DomU has any other network settings in the config.
The xend config file should be called xend-config.sxp or something like
that. I installed via Debian and it ended up in the /etc/xen directory
which is probably where it is on your system also. This is quite an
important config file - it''s essentially where you tell xend which mode
of networking to use (bridged or routed) amongst other things. 

I''m still digesting the rest of the information you gave me, so bear
with me.


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Yes, I have remote console access via eth0 so I could still get in.

They also didn''t provide me any gateway or any info for the other
IP''s.
They just provided me a list of IP''s.  Then just now when I put in a 
support ticket they told me I would have to create my own gateway, etc 
if I wanted to use those IP''s in a VPS setup.  Effectively I would be 
giving up 3 of my 8 IP''s.

Jon

jez wrote:
> Some things aren''t adding up here. When your provider set up your
> machine they configured 75.126.153.178/29 on eth0. But when they
> allocated you your extra addresses, what did they say exactly - what did
> they tell you the subnet mask was, did they mention an additional
> gateway address, etc. 
>
> Also, if I was to ask you to actually change the address on eth1, would
> you still have access to the box via eth0?
>
>
> On Sat, Mar 10, 2007 at 01:44:45PM -0500, Jonathon Jones wrote:
>   
>> jez wrote:
>>     
>>> On Fri, Mar 09, 2007 at 07:08:28PM -0500, Jonathon Jones wrote:
>>>  
>>> Hi Jon, 
>>>
>>> your first post says that additional IPs on eth0 in Dom1 are /32
not /22 -
>>> which is it? 
>>>  
>>>       
>> Tried it both ways and more.  I added it as /22 recently simply to show
>> that it is consistent with a working IP, .240
>>     
>>> Also, can you fill in the details on the following:
>>>
>>> 1. "ip addr show" on Dom0
>>>  
>>>       
>> [root@trinity domU]# ip addr show
>> 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
>>    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>>    inet 127.0.0.1/8 scope host lo
>>    inet6 ::1/128 scope host
>>       valid_lft forever preferred_lft forever
>> 2: vif0.0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
>>    link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
>> 3: veth0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
>>    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
>> 4: vif0.1: <BROADCAST,NOARP,UP> mtu 1500 qdisc noqueue
>>    link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
>>    inet6 fe80::fcff:ffff:feff:ffff/64 scope link
>>       valid_lft forever preferred_lft forever
>> 5: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue
>>    link/ether 00:30:48:78:d6:07 brd ff:ff:ff:ff:ff:ff
>>    inet 75.126.153.178/29 brd 75.126.153.183 scope global eth1
>>    inet6 fe80::230:48ff:fe78:d607/64 scope link
>>       valid_lft forever preferred_lft forever
>> 6: vif0.2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
>>    link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
>> 7: veth2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
>>    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
>> 8: vif0.3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
>>    link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
>> 9: veth3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
>>    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
>> 10: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen
1000
>>    link/ether 00:30:48:78:d6:06 brd ff:ff:ff:ff:ff:ff
>>    inet 10.10.16.2/26 brd 10.10.16.63 scope global eth0
>>    inet6 fe80::230:48ff:fe78:d606/64 scope link
>>       valid_lft forever preferred_lft forever
>> 11: peth1: <BROADCAST,NOARP,UP> mtu 1500 qdisc pfifo_fast qlen
1000
>>    link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
>>    inet6 fe80::fcff:ffff:feff:ffff/64 scope link
>>       valid_lft forever preferred_lft forever
>> 12: sit0: <NOARP> mtu 1480 qdisc noop
>>    link/sit 0.0.0.0 brd 0.0.0.0
>> 13: xenbr1: <BROADCAST,NOARP,UP> mtu 1500 qdisc noqueue
>>    link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
>>    inet6 fe80::200:ff:fe00:0/64 scope link
>>       valid_lft forever preferred_lft forever
>> 14: vif1.0: <BROADCAST,NOARP,UP> mtu 1500 qdisc pfifo_fast qlen
32
>>    link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
>>    inet6 fe80::fcff:ffff:feff:ffff/64 scope link
>>       valid_lft forever preferred_lft forever
>> 15: vif2.0: <BROADCAST,NOARP,UP> mtu 1500 qdisc pfifo_fast qlen
32
>>    link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
>>    inet6 fe80::fcff:ffff:feff:ffff/64 scope link
>>       valid_lft forever preferred_lft forever
>>     
>>> 2. "brctl show" on Dom0
>>>  
>>>       
>> [root@trinity domU]# brctl show
>> bridge name     bridge id               STP enabled     interfaces
>> xenbr1          8000.feffffffffff       no              peth1
>>                                                        vif0.1
>>                                                        vif1.0
>>                                                        vif2.0
>>     
>>> 3. "route -n" on Dom0
>>>  
>>>       
>> [root@trinity domU]# route -n
>> Kernel IP routing table
>> Destination     Gateway         Genmask         Flags Metric Ref    Use
>> Iface
>> 75.126.153.176  0.0.0.0         255.255.255.248 U     0      0        0
eth1
>> 10.10.16.0      0.0.0.0         255.255.255.192 U     0      0        0
eth0
>> 169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0
eth1
>> 10.0.0.0        10.10.16.1      255.0.0.0       UG    0      0        0
eth0
>> 0.0.0.0         75.126.153.177  0.0.0.0         UG    0      0        0
eth1
>>     
>>> 4. The vif configurations for Dom1 and Dom2 (from their config
files)
>>>  
>>>       
>> In Dom1:
>> [root@secure network-scripts]# cat ifcfg-eth0
>> # Please read /usr/share/doc/initscripts-*/sysconfig.txt
>> # for the documentation of these parameters.
>> TYPE=Ethernet
>> DEVICE=eth0
>> BOOTPROTO=static
>> ONBOOT=yes
>> IPADDR=75.126.154.240
>> NETMASK=255.255.252.0
>> GATEWAY=75.126.153.177
>> [root@secure network-scripts]# cat ifcfg-eth0-range0
>> IPADDR_START=75.126.154.241
>> IPADDR_END=75.126.154.243
>> CLONENUM_START=0
>> NETMASK=255.255.252.0
>>
>> Note:  I have been using ip addr add/del to test the IP''s out
but for
>> simplicity I added them using the range config above.  Neither way is 
>> working.  I also have my ISP checking on whether this is a routing
issue
>> on their side, although I don''t see hwo it could be when .240
and .244
>> are routing to Dom1 and Dom2 respectively.
>>
>> In Dom2:
>> [root@secure network-scripts]# cat ifcfg-eth0
>> # Please read /usr/share/doc/initscripts-*/sysconfig.txt
>> # for the documentation of these parameters.
>> TYPE=Ethernet
>> DEVICE=eth0
>> BOOTPROTO=static
>> ONBOOT=yes
>> IPADDR=75.126.154.244
>> NETMASK=255.255.252.0
>> GATEWAY=75.126.153.177
>>
>> [root@secure network-scripts]# cat ifcfg-eth0-range0
>> IPADDR_START=75.126.154.245
>> IPADDR_END=75.126.154.247
>> CLONENUM_START=0
>> NETMASK=255.255.252.0
>>     
>>> 5. The settings for (network-script ...) and (vif-script ...) in
your
>>>   xend configuration file.
>>>  
>>>       
>> In Dom1:
>> vif = [ '''' ]
>> In Dom2: (as an experiment which didn''t change anything)
>> vif = [ ''ip=75.126.154.244'' ]
>>
>> Neither DomU has any other network settings in the config.
>>     
>>> 6. The version of xen you are running.
>>>  
>>>       
>> xen-3.0.4_1-install-x86_32p.tgz is the file I downloaded form
xensource.com
>> uname reports 2.6.16.33-xen #1 SMP Mon Jan 8 14:39:10 GMT 2007 i686 
>> athlon i386 GNU/Linux
>>     
>>> Depending on what you come back with, I might have more questions. 
>>>
>>> Also, do you have any idea if you would prefer a bridged or a
routed
>>> setup?
>>>
>>> jez
>>>
>>>  
>>>       
>> I prefer bridged simply because it seems the most simple setup 
>> normally.  I am open to suggestions but I am looking for the easiest to
>> maintain because I am frankly not a networking guru...although I am 
>> learning a lot from this.
>>
>> Thanks much!
>>
>> Jon
>>     
>>> _______________________________________________
>>> Xen-users mailing list
>>> Xen-users@lists.xensource.com
>>> http://lists.xensource.com/xen-users
>>>
>>>  
>>>       
>> _______________________________________________
>> Xen-users mailing list
>> Xen-users@lists.xensource.com
>> http://lists.xensource.com/xen-users
>>     
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@lists.xensource.com
> http://lists.xensource.com/xen-users
>
>   

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Some things aren''t adding up here. When your provider set up your
machine they configured 75.126.153.178/29 on eth0. But when they
allocated you your extra addresses, what did they say exactly - what did
they tell you the subnet mask was, did they mention an additional
gateway address, etc. 

Also, if I was to ask you to actually change the address on eth1, would
you still have access to the box via eth0?


On Sat, Mar 10, 2007 at 01:44:45PM -0500, Jonathon Jones
wrote:
> jez wrote:
> >On Fri, Mar 09, 2007 at 07:08:28PM -0500, Jonathon Jones wrote:
> >  
> >Hi Jon, 
> >
> >your first post says that additional IPs on eth0 in Dom1 are /32 not
/22 -
> >which is it? 
> >  
> Tried it both ways and more.  I added it as /22 recently simply to show 
> that it is consistent with a working IP, .240
> >Also, can you fill in the details on the following:
> >
> >1. "ip addr show" on Dom0
> >  
> [root@trinity domU]# ip addr show
> 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
>    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>    inet 127.0.0.1/8 scope host lo
>    inet6 ::1/128 scope host
>       valid_lft forever preferred_lft forever
> 2: vif0.0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
>    link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
> 3: veth0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
>    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
> 4: vif0.1: <BROADCAST,NOARP,UP> mtu 1500 qdisc noqueue
>    link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
>    inet6 fe80::fcff:ffff:feff:ffff/64 scope link
>       valid_lft forever preferred_lft forever
> 5: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue
>    link/ether 00:30:48:78:d6:07 brd ff:ff:ff:ff:ff:ff
>    inet 75.126.153.178/29 brd 75.126.153.183 scope global eth1
>    inet6 fe80::230:48ff:fe78:d607/64 scope link
>       valid_lft forever preferred_lft forever
> 6: vif0.2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
>    link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
> 7: veth2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
>    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
> 8: vif0.3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
>    link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
> 9: veth3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
>    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
> 10: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen
1000
>    link/ether 00:30:48:78:d6:06 brd ff:ff:ff:ff:ff:ff
>    inet 10.10.16.2/26 brd 10.10.16.63 scope global eth0
>    inet6 fe80::230:48ff:fe78:d606/64 scope link
>       valid_lft forever preferred_lft forever
> 11: peth1: <BROADCAST,NOARP,UP> mtu 1500 qdisc pfifo_fast qlen 1000
>    link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
>    inet6 fe80::fcff:ffff:feff:ffff/64 scope link
>       valid_lft forever preferred_lft forever
> 12: sit0: <NOARP> mtu 1480 qdisc noop
>    link/sit 0.0.0.0 brd 0.0.0.0
> 13: xenbr1: <BROADCAST,NOARP,UP> mtu 1500 qdisc noqueue
>    link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
>    inet6 fe80::200:ff:fe00:0/64 scope link
>       valid_lft forever preferred_lft forever
> 14: vif1.0: <BROADCAST,NOARP,UP> mtu 1500 qdisc pfifo_fast qlen 32
>    link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
>    inet6 fe80::fcff:ffff:feff:ffff/64 scope link
>       valid_lft forever preferred_lft forever
> 15: vif2.0: <BROADCAST,NOARP,UP> mtu 1500 qdisc pfifo_fast qlen 32
>    link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
>    inet6 fe80::fcff:ffff:feff:ffff/64 scope link
>       valid_lft forever preferred_lft forever
> >2. "brctl show" on Dom0
> >  
> [root@trinity domU]# brctl show
> bridge name     bridge id               STP enabled     interfaces
> xenbr1          8000.feffffffffff       no              peth1
>                                                        vif0.1
>                                                        vif1.0
>                                                        vif2.0
> >3. "route -n" on Dom0
> >  
> [root@trinity domU]# route -n
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref    Use 
> Iface
> 75.126.153.176  0.0.0.0         255.255.255.248 U     0      0        0
eth1
> 10.10.16.0      0.0.0.0         255.255.255.192 U     0      0        0
eth0
> 169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0
eth1
> 10.0.0.0        10.10.16.1      255.0.0.0       UG    0      0        0
eth0
> 0.0.0.0         75.126.153.177  0.0.0.0         UG    0      0        0
eth1
> >4. The vif configurations for Dom1 and Dom2 (from their config files)
> >  
> In Dom1:
> [root@secure network-scripts]# cat ifcfg-eth0
> # Please read /usr/share/doc/initscripts-*/sysconfig.txt
> # for the documentation of these parameters.
> TYPE=Ethernet
> DEVICE=eth0
> BOOTPROTO=static
> ONBOOT=yes
> IPADDR=75.126.154.240
> NETMASK=255.255.252.0
> GATEWAY=75.126.153.177
> [root@secure network-scripts]# cat ifcfg-eth0-range0
> IPADDR_START=75.126.154.241
> IPADDR_END=75.126.154.243
> CLONENUM_START=0
> NETMASK=255.255.252.0
> 
> Note:  I have been using ip addr add/del to test the IP''s out but
for
> simplicity I added them using the range config above.  Neither way is 
> working.  I also have my ISP checking on whether this is a routing issue 
> on their side, although I don''t see hwo it could be when .240 and
.244
> are routing to Dom1 and Dom2 respectively.
> 
> In Dom2:
> [root@secure network-scripts]# cat ifcfg-eth0
> # Please read /usr/share/doc/initscripts-*/sysconfig.txt
> # for the documentation of these parameters.
> TYPE=Ethernet
> DEVICE=eth0
> BOOTPROTO=static
> ONBOOT=yes
> IPADDR=75.126.154.244
> NETMASK=255.255.252.0
> GATEWAY=75.126.153.177
> 
> [root@secure network-scripts]# cat ifcfg-eth0-range0
> IPADDR_START=75.126.154.245
> IPADDR_END=75.126.154.247
> CLONENUM_START=0
> NETMASK=255.255.252.0
> >5. The settings for (network-script ...) and (vif-script ...) in your
> >   xend configuration file.
> >  
> In Dom1:
> vif = [ '''' ]
> In Dom2: (as an experiment which didn''t change anything)
> vif = [ ''ip=75.126.154.244'' ]
> 
> Neither DomU has any other network settings in the config.
> >6. The version of xen you are running.
> >  
> xen-3.0.4_1-install-x86_32p.tgz is the file I downloaded form xensource.com
> uname reports 2.6.16.33-xen #1 SMP Mon Jan 8 14:39:10 GMT 2007 i686 
> athlon i386 GNU/Linux
> >Depending on what you come back with, I might have more questions. 
> >
> >Also, do you have any idea if you would prefer a bridged or a routed
> >setup?
> >
> >jez
> >
> >  
> I prefer bridged simply because it seems the most simple setup 
> normally.  I am open to suggestions but I am looking for the easiest to 
> maintain because I am frankly not a networking guru...although I am 
> learning a lot from this.
> 
> Thanks much!
> 
> Jon
> >_______________________________________________
> >Xen-users mailing list
> >Xen-users@lists.xensource.com
> >http://lists.xensource.com/xen-users
> >
> >  
> 
> _______________________________________________
> Xen-users mailing list
> Xen-users@lists.xensource.com
> http://lists.xensource.com/xen-users
_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

jez wrote:
> On Sat, Mar 10, 2007 at 03:18:18PM -0500, Jonathon Jones wrote:
>   
>> Ok, Here is what my provider told me...
>>
>> ------------------------
>> Hello Jon,
>> Sorry for the confusion caused.
>> In order to set up a VPS server you need to set up a different gateway 
>> other than the gateway xxx.xxx.153.177.
>> The set up should be done in the following manner.
>> The first IP i.e xxx.xxx.154.240 should be the network address.
>> The second IP xxx.xxx.154.241 should be the gateway address
>> and the last IP the broadcast IP xxx.xxx.154.247. So in the process you
>> will loose your 3 IP''s.
>> These settings need to be done at your end. Do let us know once this is
>> set up so that we can re-route your Virtual IP''s through the
VLAN.
>> ------------------------
>>
>> So are they assuming that I have a routed setup or something?  Is this 
>> logical to you guys?  What I don''t get is that currently .240
and .244
>> (the primary IP''s for the Dom1 and Dom2) are working just fine
int he
>> current setup.  This seems to debunk their claim to me.
>>
>> Your thoughts?
>>
>>     
>
> Okay, this explains some things. However, it''s still
doesn''t clear
> everything up. 
>
> It sounds like at the moment they are treating each of your 8 addresses
> as host addresses (probably in a /22 block). Question: If you add each
> of theses 8 addresses to eth1 on Dom0 like:
>
>     ip addr add xxx.xxx.154.240/22 dev eth1
>
> can you ping each address?
>
> If you can, then you should be able to use a bridging setup on Dom0 and
> keep all 8 addresses.
>
>   
No, using the command you gave me does not allow the IP addresses to 
work.  However, adding them individually does like:
        ip addr add xxx.xxx.154.247 dev eth1
> If not, then you''ll have to set up things the way they say.
However,
> it''s not 100% clear that they want you to set up your own router.
It
> certainly looks like this is what they want, but you might want to check
> whether .241 is to be a router configured by you or their router. In my
> experience there are two types of hosting provider: those that give you 
> a /29 and keep an address for their own router, and those that give you 
> the whole block and then expect you to set up a router. I''d say
it''s best
> just to ask them: "do you want me to configure my own router with an 
> address of xxx.xxx.154.241" - or something like that. Be as obvious as
> you can. 
>
> jez
>
>   
Yeah, that''s what it sounds like they want.  Hopefully I can still use
a
bridged setup given the above...

Jon


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Also, if you know how to easily solve this with a route setup I''m 
willing to consider that.  I just don''t know how to set that up even 
after reading the wiki so bridge is preferred.

I just can''t get past the fact that the primary IP assigned to the domU
works but all others don''t.  I also did at one point get one of the
IP''s
to work which adds to the frustration.

So what process did you think would make a bridged setup work if I were 
able to add the IP''s to the dom0?

Jonathon Jones wrote:
> jez wrote:
>> On Sat, Mar 10, 2007 at 03:18:18PM -0500, Jonathon Jones wrote:
>>   
>>> Ok, Here is what my provider told me...
>>>
>>> ------------------------
>>> Hello Jon,
>>> Sorry for the confusion caused.
>>> In order to set up a VPS server you need to set up a different
gateway
>>> other than the gateway xxx.xxx.153.177.
>>> The set up should be done in the following manner.
>>> The first IP i.e xxx.xxx.154.240 should be the network address.
>>> The second IP xxx.xxx.154.241 should be the gateway address
>>> and the last IP the broadcast IP xxx.xxx.154.247. So in the process
you
>>> will loose your 3 IP''s.
>>> These settings need to be done at your end. Do let us know once
this is
>>> set up so that we can re-route your Virtual IP''s through
the VLAN.
>>> ------------------------
>>>
>>> So are they assuming that I have a routed setup or something?  Is
this
>>> logical to you guys?  What I don''t get is that currently
.240 and .244
>>> (the primary IP''s for the Dom1 and Dom2) are working just
fine int he
>>> current setup.  This seems to debunk their claim to me.
>>>
>>> Your thoughts?
>>>
>>>     
>>
>> Okay, this explains some things. However, it''s still
doesn''t clear
>> everything up. 
>>
>> It sounds like at the moment they are treating each of your 8 addresses
>> as host addresses (probably in a /22 block). Question: If you add each
>> of theses 8 addresses to eth1 on Dom0 like:
>>
>>     ip addr add xxx.xxx.154.240/22 dev eth1
>>
>> can you ping each address?
>>
>> If you can, then you should be able to use a bridging setup on Dom0 and
>> keep all 8 addresses.
>>
>>   
> No, using the command you gave me does not allow the IP addresses to 
> work.  However, adding them individually does like:
>         ip addr add xxx.xxx.154.247 dev eth1
>> If not, then you''ll have to set up things the way they say.
However,
>> it''s not 100% clear that they want you to set up your own
router. It
>> certainly looks like this is what they want, but you might want to
check
>> whether .241 is to be a router configured by you or their router. In my
>> experience there are two types of hosting provider: those that give you
>> a /29 and keep an address for their own router, and those that give you
>> the whole block and then expect you to set up a router. I''d
say it''s best
>> just to ask them: "do you want me to configure my own router with
an
>> address of xxx.xxx.154.241" - or something like that. Be as
obvious as
>> you can. 
>>
>> jez
>>
>>   
> Yeah, that''s what it sounds like they want.  Hopefully I can still
use
> a bridged setup given the above...
>
> Jon 

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

On Sat, Mar 10, 2007 at 03:32:36PM -0500, Jonathon Jones
wrote:
> 
> They also didn''t provide me any gateway or any info for the other
IP''s.
> They just provided me a list of IP''s.  Then just now when I put in
a
> support ticket they told me I would have to create my own gateway, etc 
> if I wanted to use those IP''s in a VPS setup.  Effectively I would
be
> giving up 3 of my 8 IP''s.
> 
> Jon
> 
Yeah, I just saw your other post. I''ll reply there.


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

On Sat, Mar 10, 2007 at 03:18:18PM -0500, Jonathon Jones
wrote:
> Ok, Here is what my provider told me...
> 
> ------------------------
> Hello Jon,
> Sorry for the confusion caused.
> In order to set up a VPS server you need to set up a different gateway 
> other than the gateway xxx.xxx.153.177.
> The set up should be done in the following manner.
> The first IP i.e xxx.xxx.154.240 should be the network address.
> The second IP xxx.xxx.154.241 should be the gateway address
> and the last IP the broadcast IP xxx.xxx.154.247. So in the process you 
> will loose your 3 IP''s.
> These settings need to be done at your end. Do let us know once this is 
> set up so that we can re-route your Virtual IP''s through the VLAN.
> ------------------------
> 
> So are they assuming that I have a routed setup or something?  Is this 
> logical to you guys?  What I don''t get is that currently .240 and
.244
> (the primary IP''s for the Dom1 and Dom2) are working just fine int
he
> current setup.  This seems to debunk their claim to me.
> 
> Your thoughts?
> 
Okay, this explains some things. However, it''s still doesn''t
clear
everything up. 

It sounds like at the moment they are treating each of your 8 addresses
as host addresses (probably in a /22 block). Question: If you add each
of theses 8 addresses to eth1 on Dom0 like:

    ip addr add xxx.xxx.154.240/22 dev eth1

can you ping each address?

If you can, then you should be able to use a bridging setup on Dom0 and
keep all 8 addresses.

If not, then you''ll have to set up things the way they say. However,
it''s not 100% clear that they want you to set up your own router. It
certainly looks like this is what they want, but you might want to check
whether .241 is to be a router configured by you or their router. In my
experience there are two types of hosting provider: those that give you 
a /29 and keep an address for their own router, and those that give you 
the whole block and then expect you to set up a router. I''d say
it''s best
just to ask them: "do you want me to configure my own router with an 
address of xxx.xxx.154.241" - or something like that. Be as obvious as 
you can. 

jez

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

On Sat, Mar 10, 2007 at 04:33:03PM -0500, Jonathon Jones
wrote:
> jez wrote:
> >
> >It sounds like at the moment they are treating each of your 8 addresses
> >as host addresses (probably in a /22 block). Question: If you add each
> >of theses 8 addresses to eth1 on Dom0 like:
> >
> >    ip addr add xxx.xxx.154.240/22 dev eth1
> >
> >can you ping each address?
> >
> >If you can, then you should be able to use a bridging setup on Dom0 and
> >keep all 8 addresses.
> >
> >  
> No, using the command you gave me does not allow the IP addresses to 
> work.  However, adding them individually does like:
>        ip addr add xxx.xxx.154.247 dev eth1
I meant you to add them individually. I think you might be confusing
what the /22 means. It doesn''t mean "add this block of
addresses" - it
means "add this address with a netmask of 255.255.252.0". If you do an
"ip addr show" at the moment you will see that each of your new
addresses have a /32 mask which means 255.255.255.255. 

Anyway, it''s  good news for you that all your addresses are presently
considered host addresses. Before trying anything else, remove all those
addresses we just added to eth1 - execpt the .178 one of course.

What I recommend that you try is to configure eth1 on Dom0 with a /22
netmask instead of the /29 that it has now. It should appear as
x.x.153.178/22 to "ip addr show". Why? well, at the moment eth1
isn''t on
the same subnet as x.x.x.240 - 248. If eth1 wanted to send a message to
one of those addresses it would send it to the router at x.x.153.177. 
Whereas, if you change it''s mask then it will try to contact those 
addresses directly.

After that, configure each of the DomUs with all their addresses having 
a /22 mask also. Keep using the same default gateway (x.x.153.177) for all 
machines. 

If things aren''t working, sniff the lines with tcpdump to get an idea 
of what''s happening.

Let us know how you get on.


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Well, I did as you suggested and changed the netmask for x.x.153.178 to 
255.255.252.0 and rebooted the machine just to give a clean slate.  I''m
still in the same situation though.  Xen just isn''t forwarding the 
packets to the domU for some reason.  I can watch the ping requests come 
in but since the IP is not bound to dom0, it doesn''t respond to the 
request and the domU isn''t responding to it, nor is it receiving the 
request according to tcpdump.

I just don''t understand why xen isn''t forwarding the traffic
for some
IP''s but it is for others.  The only commonality to the IP''s
that do
work are that they are the primary IP bound to eth0 in the domU.  It 
seems to me that if that IP works then any other IP''s should work, 
especially if added tot he interface with the same network mask and 
everything so that ip addr show lists them the same way....

*confused and frustrated*

Jon

jez wrote:
> On Sat, Mar 10, 2007 at 04:33:03PM -0500, Jonathon Jones wrote:
>   
>> jez wrote:
>>     
>>> It sounds like at the moment they are treating each of your 8
addresses
>>> as host addresses (probably in a /22 block). Question: If you add
each
>>> of theses 8 addresses to eth1 on Dom0 like:
>>>
>>>    ip addr add xxx.xxx.154.240/22 dev eth1
>>>
>>> can you ping each address?
>>>
>>> If you can, then you should be able to use a bridging setup on Dom0
and
>>> keep all 8 addresses.
>>>
>>>  
>>>       
>> No, using the command you gave me does not allow the IP addresses to 
>> work.  However, adding them individually does like:
>>        ip addr add xxx.xxx.154.247 dev eth1
>>     
>
> I meant you to add them individually. I think you might be confusing
> what the /22 means. It doesn''t mean "add this block of
addresses" - it
> means "add this address with a netmask of 255.255.252.0". If you
do an
> "ip addr show" at the moment you will see that each of your new
> addresses have a /32 mask which means 255.255.255.255. 
>
> Anyway, it''s  good news for you that all your addresses are
presently
> considered host addresses. Before trying anything else, remove all those
> addresses we just added to eth1 - execpt the .178 one of course.
>
> What I recommend that you try is to configure eth1 on Dom0 with a /22
> netmask instead of the /29 that it has now. It should appear as
> x.x.153.178/22 to "ip addr show". Why? well, at the moment eth1
isn''t on
> the same subnet as x.x.x.240 - 248. If eth1 wanted to send a message to
> one of those addresses it would send it to the router at x.x.153.177. 
> Whereas, if you change it''s mask then it will try to contact those
> addresses directly.
>
> After that, configure each of the DomUs with all their addresses having 
> a /22 mask also. Keep using the same default gateway (x.x.153.177) for all 
> machines. 
>
> If things aren''t working, sniff the lines with tcpdump to get an
idea
> of what''s happening.
>
> Let us know how you get on.
>
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@lists.xensource.com
> http://lists.xensource.com/xen-users
>
>   

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

On Sat, Mar 10, 2007 at 06:33:28PM -0500, Jonathon Jones
wrote:
> Well, I did as you suggested and changed the netmask for x.x.153.178 to 
> 255.255.252.0 and rebooted the machine just to give a clean slate. 
I''m
> still in the same situation though.  Xen just isn''t forwarding the
> packets to the domU for some reason.  I can watch the ping requests come 
> in but since the IP is not bound to dom0, it doesn''t respond to
the
> request and the domU isn''t responding to it, nor is it receiving
the
> request according to tcpdump.
> 
> I just don''t understand why xen isn''t forwarding the
traffic for some
> IP''s but it is for others.  The only commonality to the
IP''s that do
> work are that they are the primary IP bound to eth0 in the domU.  It 
> seems to me that if that IP works then any other IP''s should work,
> especially if added tot he interface with the same network mask and 
> everything so that ip addr show lists them the same way....
> 
> *confused and frustrated*
> 
You kidding! we''re only just getting started here. Actually, I think
things are looking quite good. My next suggestion is as follows:

Xen does not appear to like multiple addresses configured on the same
card, so lets configure one interface for each address. I should of seen this
earlier, but there''s a lot of smoke around. Change the Dom1 config 
file to read:

vif=[ '''', '''', '''' ]

I''m not sure if this will work as is, but it should create three
interfaces for Dom1 and add them all to the default bridge. Sorry, it''s
not convienient for me to test this with my present setup.  We might
need to add mac="..." and/or bridge="..." statements - but
hopefully it
should work as is.

Then in Dom1 configure each interface (eth0, eth1, eth2) with their own
address.

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Well, changing the vif line didn''t do anything.  I configured it as you
requested and when trying to do a tcpdump from the domU on eth1 shows 
the following:

[root@secure ~]# tcpdump -i eth1 icmp
tcpdump: bind: Network is down

The other thing is that I have another xen server with a slightly older 
version of xen on it where I have several IP''s bound to eth0 in the
domU
in the way I am trying to do now and it works fine.  I had another 
server before that.  The only thing I am thinking is maybe I should 
downgrade xen to the version I know is working and see if this is a 
recent bug or something.

The domUs will have a hosting control panel installed in them which adds 
new IP based sites using ip addr add and will complain if they are on 
different nics  or if they are already on the interface anyways.

Your thoughts?

Jon

jez wrote:
> On Sat, Mar 10, 2007 at 06:33:28PM -0500, Jonathon Jones wrote:
>   
>> Well, I did as you suggested and changed the netmask for x.x.153.178 to
>> 255.255.252.0 and rebooted the machine just to give a clean slate. 
I''m
>> still in the same situation though.  Xen just isn''t forwarding
the
>> packets to the domU for some reason.  I can watch the ping requests
come
>> in but since the IP is not bound to dom0, it doesn''t respond
to the
>> request and the domU isn''t responding to it, nor is it
receiving the
>> request according to tcpdump.
>>
>> I just don''t understand why xen isn''t forwarding the
traffic for some
>> IP''s but it is for others.  The only commonality to the
IP''s that do
>> work are that they are the primary IP bound to eth0 in the domU.  It 
>> seems to me that if that IP works then any other IP''s should
work,
>> especially if added tot he interface with the same network mask and 
>> everything so that ip addr show lists them the same way....
>>
>> *confused and frustrated*
>>
>>     
>
> You kidding! we''re only just getting started here. Actually, I
think
> things are looking quite good. My next suggestion is as follows:
>
> Xen does not appear to like multiple addresses configured on the same
> card, so lets configure one interface for each address. I should of seen
this
> earlier, but there''s a lot of smoke around. Change the Dom1 config
> file to read:
>
> vif=[ '''', '''', '''' ]
>
> I''m not sure if this will work as is, but it should create three
> interfaces for Dom1 and add them all to the default bridge. Sorry,
it''s
> not convienient for me to test this with my present setup.  We might
> need to add mac="..." and/or bridge="..." statements -
but hopefully it
> should work as is.
>
> Then in Dom1 configure each interface (eth0, eth1, eth2) with their own
> address.
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@lists.xensource.com
> http://lists.xensource.com/xen-users
>
>   

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Ok, scratch my last email.  I am tired and being silly.  I named the 
ifcfg script eth1 but put eth0 in the actual file...hence the network is 
down message.  Still unpingable though.  Xen just isn''t forwarding that
traffic along.

I just wonder if a route setup would be better instead of bridge?  But I 
don''t know how to configure it aside form changing the main xen config 
script.  I also don''t know if I would have to manually add an IP to
dom0
every time I add one to a domU...

Anyways....

Jon

jez wrote:
> On Sat, Mar 10, 2007 at 06:33:28PM -0500, Jonathon Jones wrote:
>   
>> Well, I did as you suggested and changed the netmask for x.x.153.178 to
>> 255.255.252.0 and rebooted the machine just to give a clean slate. 
I''m
>> still in the same situation though.  Xen just isn''t forwarding
the
>> packets to the domU for some reason.  I can watch the ping requests
come
>> in but since the IP is not bound to dom0, it doesn''t respond
to the
>> request and the domU isn''t responding to it, nor is it
receiving the
>> request according to tcpdump.
>>
>> I just don''t understand why xen isn''t forwarding the
traffic for some
>> IP''s but it is for others.  The only commonality to the
IP''s that do
>> work are that they are the primary IP bound to eth0 in the domU.  It 
>> seems to me that if that IP works then any other IP''s should
work,
>> especially if added tot he interface with the same network mask and 
>> everything so that ip addr show lists them the same way....
>>
>> *confused and frustrated*
>>
>>     
>
> You kidding! we''re only just getting started here. Actually, I
think
> things are looking quite good. My next suggestion is as follows:
>
> Xen does not appear to like multiple addresses configured on the same
> card, so lets configure one interface for each address. I should of seen
this
> earlier, but there''s a lot of smoke around. Change the Dom1 config
> file to read:
>
> vif=[ '''', '''', '''' ]
>
> I''m not sure if this will work as is, but it should create three
> interfaces for Dom1 and add them all to the default bridge. Sorry,
it''s
> not convienient for me to test this with my present setup.  We might
> need to add mac="..." and/or bridge="..." statements -
but hopefully it
> should work as is.
>
> Then in Dom1 configure each interface (eth0, eth1, eth2) with their own
> address.
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@lists.xensource.com
> http://lists.xensource.com/xen-users
>
>   

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Yes!  I got it working.

 echo 1 > /proc/sys/net/ipv4/ip_forward

Then to make it stick....

edit /etc/sysctl.conf
change net.ipv4.ip_forward = 1

although I have not reboot the machine to see if that makes it stick for 
sure since my machine is configured to attempt PXE boot form both nics 
and takes 10 minutes to reboot the machine.  That is my next project.

Anyways, thanks for all of the help.  I think that the netmask changes 
may have also been needed.

Jon

Jonathon Jones wrote:
> Ok, scratch my last email.  I am tired and being silly.  I named the 
> ifcfg script eth1 but put eth0 in the actual file...hence the network 
> is down message.  Still unpingable though.  Xen just isn''t
forwarding
> that traffic along.
>
> I just wonder if a route setup would be better instead of bridge?  But 
> I don''t know how to configure it aside form changing the main xen 
> config script.  I also don''t know if I would have to manually add
an
> IP to dom0 every time I add one to a domU...
>
> Anyways....
>
> Jon
>
> jez wrote:
>> On Sat, Mar 10, 2007 at 06:33:28PM -0500, Jonathon Jones wrote:
>>   
>>> Well, I did as you suggested and changed the netmask for
x.x.153.178 to
>>> 255.255.252.0 and rebooted the machine just to give a clean slate. 
I''m
>>> still in the same situation though.  Xen just isn''t
forwarding the
>>> packets to the domU for some reason.  I can watch the ping requests
come
>>> in but since the IP is not bound to dom0, it doesn''t
respond to the
>>> request and the domU isn''t responding to it, nor is it
receiving the
>>> request according to tcpdump.
>>>
>>> I just don''t understand why xen isn''t forwarding
the traffic for some
>>> IP''s but it is for others.  The only commonality to the
IP''s that do
>>> work are that they are the primary IP bound to eth0 in the domU. 
It
>>> seems to me that if that IP works then any other IP''s
should work,
>>> especially if added tot he interface with the same network mask and
>>> everything so that ip addr show lists them the same way....
>>>
>>> *confused and frustrated*
>>>
>>>     
>>
>> You kidding! we''re only just getting started here. Actually, I
think
>> things are looking quite good. My next suggestion is as follows:
>>
>> Xen does not appear to like multiple addresses configured on the same
>> card, so lets configure one interface for each address. I should of
seen this
>> earlier, but there''s a lot of smoke around. Change the Dom1
config
>> file to read:
>>
>> vif=[ '''', '''', ''''
]
>>
>> I''m not sure if this will work as is, but it should create
three
>> interfaces for Dom1 and add them all to the default bridge. Sorry,
it''s
>> not convienient for me to test this with my present setup.  We might
>> need to add mac="..." and/or bridge="..."
statements - but hopefully it
>> should work as is.
>>
>> Then in Dom1 configure each interface (eth0, eth1, eth2) with their own
>> address.
>>
>> _______________________________________________
>> Xen-users mailing list
>> Xen-users@lists.xensource.com
>> http://lists.xensource.com/xen-users
>>
>>   
> ------------------------------------------------------------------------
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@lists.xensource.com
> http://lists.xensource.com/xen-users

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Hah, no kidding man.  Hey I really do appreciate everybody''s help.  I 
was supposed to have migrated off of my old server and canceled the 
contract several days ago so I''m hoping I can get migrated and be done 
with it by the morning now that I have this resolved.  Maybe I won''t be
charged.

In any event, thanks doesn''t say enough.

Jon

jez wrote:
> On Sun, Mar 11, 2007 at 12:01:39AM -0500, Jonathon Jones wrote:
>   
>> Yes!  I got it working.
>>
>> echo 1 > /proc/sys/net/ipv4/ip_forward
>>
>> Then to make it stick....
>>
>> edit /etc/sysctl.conf
>> change net.ipv4.ip_forward = 1
>>
>> although I have not reboot the machine to see if that makes it stick
for
>> sure since my machine is configured to attempt PXE boot form both nics 
>> and takes 10 minutes to reboot the machine.  That is my next project.
>>
>> Anyways, thanks for all of the help.  I think that the netmask changes 
>> may have also been needed.
>>
>>     
>
> Well done Jon, that''s great news. Really pleased you
don''t have to give
> up those 3 extra addresses - those things are like gold-dust where
I''m
> at! :-)
>
> jez
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@lists.xensource.com
> http://lists.xensource.com/xen-users
>
>   

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

On Sun, Mar 11, 2007 at 12:01:39AM -0500, Jonathon Jones
wrote:
> Yes!  I got it working.
> 
> echo 1 > /proc/sys/net/ipv4/ip_forward
> 
> Then to make it stick....
> 
> edit /etc/sysctl.conf
> change net.ipv4.ip_forward = 1
> 
> although I have not reboot the machine to see if that makes it stick for 
> sure since my machine is configured to attempt PXE boot form both nics 
> and takes 10 minutes to reboot the machine.  That is my next project.
> 
> Anyways, thanks for all of the help.  I think that the netmask changes 
> may have also been needed.
> 
Well done Jon, that''s great news. Really pleased you don''t
have to give
up those 3 extra addresses - those things are like gold-dust where I''m
at! :-)

jez

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users