Hi, I want to setup a domU node, as a member of different VLAN addresses. I configured the switch where the dom0 is connected to tag the VLAN''s for the domU. In the domU, i configured vlan interfaces on top of eth0. On the dom0 I have a bridge0, where the eth0 of the dom0, and the virtual Interface of the domU is a member. Unfortunately the bridge0 seems to strip the VLAN tags from the VLAN packets. A tcpdump on the eth0 in the domU showed that the packets arriving there, but not on the vlan interface. This plainly did not worked. Then I removed the vlan interface in the domU. I added a bridge1 in the dom0, created a vlan interface on the dom0, added that to the bridge1. Then I added a second interface to the domU, assigned it to the bridge1. Now I have a bridge0, where I can communicate with untagged vlan packets, and a bridge1 that allows me to communicated with the domU with tagged vlan packets. For all the vlan''s I want to use, I have to create a bridge interface on the dom0. This is working. Is the second way the way to go, or is there a better way? In my eyes it seems a bit complicated, but maybe it is just the way as it is intended to work. Any hint would be appreciated. kind regards Sebastian _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Le Wed, Nov 21, 2007 at 06:29:46PM +0100, Sebastian Reitenbach [sebastia@l00-bugdead-prods.de] a écrit: [...]> I added a bridge1 in the dom0, created a vlan interface on the dom0, added > that to the bridge1. Then I added a second interface to the domU, assigned > it to the bridge1. > Now I have a bridge0, where I can communicate with untagged vlan packets, > and a bridge1 that allows me to communicated with the domU with tagged vlan > packets. > For all the vlan''s I want to use, I have to create a bridge interface on the > dom0. > This is working.That''s only way I managed to get VLANs to work with vifs. A few months ago, there was a thread on the subject, there is some MTU limit in the vif code that don''t allow tagged frames (that are larger thant 1500 bytes) to go through. -- Dominique Rousseau Neuronnexion, Prestataire Internet & Intranet 57, route de Paris 80000 Amiens tel: 03 22 71 61 90 - fax: 03 22 71 61 99 - http://www.neuronnexion.fr _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Dominique Rousseau wrote:> Le Wed, Nov 21, 2007 at 06:29:46PM +0100, Sebastian Reitenbach [sebastia@l00-bugdead-prods.de] a écrit: > [...] >> I added a bridge1 in the dom0, created a vlan interface on the dom0, added >> that to the bridge1. Then I added a second interface to the domU, assigned >> it to the bridge1. >> Now I have a bridge0, where I can communicate with untagged vlan packets, >> and a bridge1 that allows me to communicated with the domU with tagged vlan >> packets. >> For all the vlan''s I want to use, I have to create a bridge interface on the >> dom0. >> This is working. > > That''s only way I managed to get VLANs to work with vifs. > > A few months ago, there was a thread on the subject, there is some MTU > limit in the vif code that don''t allow tagged frames (that are larger > thant 1500 bytes) to go through. > > >Hi. I have it also on bridges. I have 3 nics. I have bridge on each: $XENDIR/network-bridge "$@" netdev=eth0 bridge=xenbr0 vifnum=0 $XENDIR/network-bridge "$@" netdev=eth1 bridge=xenbr1 vifnum=1 $XENDIR/network-bridge "$@" netdev=eth2 bridge=xenbr2 vifnum=2 Then I have in DomU (debian stable) configuration for vlans and everything works fine. #auto eth0 vlan2 vlan3 vlan4 # VLAN 1 - native management VLAN iface eth0 inet static address 192.168.31.254 netmask 255.255.255.0 vlan_raw_device eth0 # VLAN 2 - ADSL Modem VLAN iface vlan2 inet static address 192.168.1.5 netmask 255.255.255.0 vlan_raw_device eth0 # VLAN 3 - DMZ VLAN iface vlan3 inet static address 60.241.247.213 netmask 255.255.255.248 vlan_raw_device eth0 # VLAN 4 - IntNet VLAN iface vlan4 inet static address 192.168.30.254 netmask 255.255.255.0 vlan_raw_device eth0 Jiri _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Hi, Dominique Rousseau <d.rousseau@nnx.com> wrote:> Le Wed, Nov 21, 2007 at 06:29:46PM +0100, Sebastian Reitenbach[sebastia@l00-bugdead-prods.de] a écrit:> [...] > > I added a bridge1 in the dom0, created a vlan interface on the dom0,added> > that to the bridge1. Then I added a second interface to the domU,assigned> > it to the bridge1. > > Now I have a bridge0, where I can communicate with untagged vlanpackets,> > and a bridge1 that allows me to communicated with the domU with taggedvlan> > packets. > > For all the vlan''s I want to use, I have to create a bridge interface onthe> > dom0. > > This is working. > > That''s only way I managed to get VLANs to work with vifs.ok, than it seems the way to go.> > A few months ago, there was a thread on the subject, there is some MTU > limit in the vif code that don''t allow tagged frames (that are larger > thant 1500 bytes) to go through.I''ve seen that thread, but I did not tried to lower the MTU on the vlan interfaces on the domU, because I thought, the vlan headers are not arriving there, it would make no difference. Thanks Sebastian _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users