Wolfgang Formann
2009-Jun-09 08:27 UTC
[Xen-users] Cannot ping DomU from Dom0 / cannot ping same site from two DomUs at the same time
Hello!
I have two problems. One is, that I cannot ping a DomU from Dom0 (or any
other host in my local network) and the second one is, that I cannot
ping the same site (eg. www.suse.com) from two DomU''s at the same time.
I have a fresh installation of openSuse 11.0 with Kernel
2.6.25.20-0.1-xen and my box has two physical ethernet cards.
As far as I have investigated, eth0 is the one which is grabbed by the
Xen-scripts, als you can see here:
# brctl show
bridge name bridge id STP enabled interfaces
eth0 8000.003048d69cfa no peth0
tap0
vif7.0
The file xend-config.sxp is unmodified, I filter here all those comments:
# egrep -v "^$|^#" xend-config.sxp
(xen-api-server ((unix none)))
(xend-unix-server yes)
(xend-relocation-hosts-allow ''^localhost$
^localhost\\.localdomain$'')
(network-script network-bridge)
(vif-script vif-bridge)
(dom0-min-mem 512)
(dom0-cpus 0)
(vncpasswd '''')
ifconfig shows these one, while one DomU is running.
# ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:30:48:D6:9C:FA
inet addr:192.168.222.16 Bcast:192.168.222.255 Mask:255.255.255.0
inet6 addr: fe80::230:48ff:fed6:9cfa/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1032642 errors:0 dropped:0 overruns:0 frame:0
TX packets:668426 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1101565708 (1050.5 Mb) TX bytes:83483260 (79.6 Mb)
eth1 Link encap:Ethernet HWaddr 00:30:48:D6:9C:FB
inet addr:192.168.224.1 Bcast:192.168.224.255 Mask:255.255.255.0
inet6 addr: fe80::230:48ff:fed6:9cfb/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2093348 errors:0 dropped:0 overruns:0 frame:0
TX packets:2372864 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:177871101 (169.6 Mb) TX bytes:7055283604 (6728.4 Mb)
Interrupt:20 Base address:0xe000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:329651 errors:0 dropped:0 overruns:0 frame:0
TX packets:329651 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1269637544 (1210.8 Mb) TX bytes:1269637544 (1210.8 Mb)
peth0 Link encap:Ethernet HWaddr 00:30:48:D6:9C:FA
inet6 addr: fe80::230:48ff:fed6:9cfa/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:1322260 errors:0 dropped:0 overruns:0 frame:0
TX packets:739433 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1319675729 (1258.5 Mb) TX bytes:92076405 (87.8 Mb)
Interrupt:20 Base address:0xa000
tap0 Link encap:Ethernet HWaddr 00:FF:C5:E9:26:66
inet6 addr: fe80::2ff:c5ff:fee9:2666/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:216 errors:0 dropped:0 overruns:0 frame:0
TX packets:1313 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:40640 (39.6 Kb) TX bytes:96970 (94.6 Kb)
vif7.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:1497 overruns:0 carrier:0
collisions:0 txqueuelen:32
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
It also seems, that all those various arp-addresses are set up fine.
00:16:3e:1f:0b:3c is the one I see inside the DomU
# brctl showmacs eth0
port no mac addr is local? ageing timer
1 00:03:c5:01:4d:52 no 0.29
2 00:16:3e:1f:0b:3c no 109.27
1 00:17:f2:c4:a0:ca no 8.32
1 00:30:48:d6:9c:fa yes 0.00
1 00:50:ba:70:05:87 no 193.89
1 00:e0:7d:79:a6:c1 no 0.92
2 00:ff:c5:e9:26:66 yes 0.00
1 08:00:20:0b:cf:35 no 0.92
3 fe:ff:ff:ff:ff:ff yes 0.00
Now when I do a ping from Dom0 to DomU I see the following tcpdump:
09:45:43.191701 arp who-has 192.168.222.102 tell 192.168.222.16
and no answer within a few seconds.
So it seems that something with arp is not fine. Any ideas what to do next?
#######
The other problem which may be related is a little bit more strange. I have set
up two DomU''s, one with Vista-32bit and one with Vista-64bit. Both have
differend IP-addresses and different MAC-addresses. I can ping whatever host (in
my LAN or in the internet) with both DomU''s. No problem. I can also
ping any
host, even on a different subnet in my LAN from both DomU''s at the same
time.
But when I try to ping www.suse.com (or any other host in the internet) at the
same time only that DomU pings successfully where I started the ping first, the
other DomU fails. If one DomU pings www.slashdot.org an other other pings
www.suse.com both pings work fine. Ping also works fine, when I ping any other
host in my LAN from both DomU''s. This one puzzles mee too. I
crosschecked and
can ping from any other pair of my machines to the outside without problems.
Thanks
Wolfgang
_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users
Fajar A. Nugraha
2009-Jun-09 09:04 UTC
Re: [Xen-users] Cannot ping DomU from Dom0 / cannot ping same site from two DomUs at the same time
On Tue, Jun 9, 2009 at 3:27 PM, Wolfgang Formann<wformann@arcor.de> wrote:> Now when I do a ping from Dom0 to DomU I see the following tcpdump: > 09:45:43.191701 arp who-has 192.168.222.102 tell 192.168.222.16 > and no answer within a few seconds. > > So it seems that something with arp is not fine. Any ideas what to do next?Dump Suse? Kidding :) If it were ARP issue your domU would be completely disconnected from network. Since you say you can ping other host from domU, that''s probably not it. I''d check domU''s firewall first, most likely its blocking things (including ICMP echo). Disable it first for troubleshooting purposes.> The other problem which may be related is a little bit more strange. I have set > up two DomU''s, one with Vista-32bit and one with Vista-64bit. Both have > differend IP-addresses and different MAC-addresses. I can ping whatever host (in > my LAN or in the internet) with both DomU''s. No problem. I can also ping any > host, even on a different subnet in my LAN from both DomU''s at the same time. > > But when I try to ping www.suse.com (or any other host in the internet) at the > same time only that DomU pings successfully where I started the ping first, the > other DomU fails. If one DomU pings www.slashdot.org an other other pings > www.suse.com both pings work fine. Ping also works fine, when I ping any other > host in my LAN from both DomU''s. This one puzzles mee too. I crosschecked and > can ping from any other pair of my machines to the outside without problems.At this point I suggest check your networking setup. Perhaps your router/firewall to the internet is doing something funny? -- Fajar _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Wolfgang Formann
2009-Jun-09 10:07 UTC
Re: [Xen-users] Cannot ping DomU from Dom0 / cannot ping same site from two DomUs at the same time
Fajar A. Nugraha wrote:> On Tue, Jun 9, 2009 at 3:27 PM, Wolfgang Formann<wformann@arcor.de> wrote: > >>Now when I do a ping from Dom0 to DomU I see the following tcpdump: >>09:45:43.191701 arp who-has 192.168.222.102 tell 192.168.222.16 >>and no answer within a few seconds. >> >>So it seems that something with arp is not fine. Any ideas what to do next? > > > Dump Suse? > > Kidding :):-)> If it were ARP issue your domU would be completely disconnected from > network. Since you say you can ping other host from domU, that''s > probably not it. I''d check domU''s firewall first, most likely its > blocking things (including ICMP echo). Disable it first for > troubleshooting purposes.Argh! I forgot that "fine" Windows firewall. Ping from one DomU to the other works now fine. Ping from any host in my LAN to DomU works fine too. Shame on me, many thanks to you.>>The other problem which may be related is a little bit more strange. I have set >>up two DomU''s, one with Vista-32bit and one with Vista-64bit. Both have >>differend IP-addresses and different MAC-addresses. I can ping whatever host (in >>my LAN or in the internet) with both DomU''s. No problem. I can also ping any >>host, even on a different subnet in my LAN from both DomU''s at the same time. >> >>But when I try to ping www.suse.com (or any other host in the internet) at the >>same time only that DomU pings successfully where I started the ping first, the >>other DomU fails. If one DomU pings www.slashdot.org an other other pings >>www.suse.com both pings work fine. Ping also works fine, when I ping any other >>host in my LAN from both DomU''s. This one puzzles mee too. I crosschecked and >>can ping from any other pair of my machines to the outside without problems. > > > > At this point I suggest check your networking setup. Perhaps your > router/firewall to the internet is doing something funny?My Router/Firewall is a good old Sun IPX (yeah! Still alive an running NetBSD), a tcpdump on this machine shows the following: # /usr/sbin/tcpdump -n net 192.168.222.100/30 tcpdump: listening on le0 11:46:58.189533 192.168.222.103.62525 > 192.168.222.7.53: 12258+ A? www.suse.com. (30) 11:46:58.248031 192.168.222.7.53 > 192.168.222.103.62525: 12258* 1/3/3 A[|domain] 11:46:58.288924 192.168.222.103 > 195.135.220.3: icmp: echo request seq 128 11:46:58.311730 195.135.220.3 > 192.168.222.103: icmp: echo reply seq 128 11:46:59.276963 192.168.222.103 > 195.135.220.3: icmp: echo request seq 129 11:46:59.302697 195.135.220.3 > 192.168.222.103: icmp: echo reply seq 129 11:47:00.293260 192.168.222.103 > 195.135.220.3: icmp: echo request seq 130 11:47:00.316296 195.135.220.3 > 192.168.222.103: icmp: echo reply seq 130 11:47:01.308183 192.168.222.103 > 195.135.220.3: icmp: echo request seq 131 11:47:01.330296 195.135.220.3 > 192.168.222.103: icmp: echo reply seq 131 11:47:01.632880 arp who-has 192.168.222.7 tell 192.168.222.102 11:47:01.633120 arp reply 192.168.222.7 is-at 8:0:20:b:cf:35 11:47:01.633755 192.168.222.102.51889 > 192.168.222.7.53: 46997+ A? www.suse.com. (30) 11:47:01.637738 192.168.222.7.53 > 192.168.222.102.51889: 46997 1/3/3 A 195.135.220.3 (171) ## here the second DomU send out a ping 11:47:01.706935 192.168.222.102 > 195.135.220.3: icmp: echo request seq 13 11:47:02.323624 192.168.222.103 > 195.135.220.3: icmp: echo request seq 132 11:47:02.347712 195.135.220.3 > 192.168.222.103: icmp: echo reply seq 132 11:47:02.761024 arp who-has 192.168.222.7 (8:0:20:b:cf:35) tell 192.168.222.103 11:47:02.761270 arp reply 192.168.222.7 is-at 8:0:20:b:cf:35 11:47:03.339145 192.168.222.103 > 195.135.220.3: icmp: echo request seq 133 11:47:03.361077 195.135.220.3 > 192.168.222.103: icmp: echo reply seq 133 11:47:04.338974 192.168.222.103 > 195.135.220.3: icmp: echo request seq 134 11:47:04.360643 195.135.220.3 > 192.168.222.103: icmp: echo reply seq 134 11:47:05.339085 192.168.222.103 > 195.135.220.3: icmp: echo request seq 135 11:47:05.361956 195.135.220.3 > 192.168.222.103: icmp: echo reply seq 135 11:47:06.354563 192.168.222.103 > 195.135.220.3: icmp: echo request seq 136 11:47:06.378167 195.135.220.3 > 192.168.222.103: icmp: echo reply seq 136 ## here the second DomU send out the next ping 11:47:06.508449 192.168.222.102 > 195.135.220.3: icmp: echo request seq 14 11:47:07.382269 192.168.222.103 > 195.135.220.3: icmp: echo request seq 137 11:47:07.404318 195.135.220.3 > 192.168.222.103: icmp: echo reply seq 137 11:47:08.416702 192.168.222.103 > 195.135.220.3: icmp: echo request seq 138 11:47:08.438996 195.135.220.3 > 192.168.222.103: icmp: echo reply seq 138 11:47:09.416554 192.168.222.103 > 195.135.220.3: icmp: echo request seq 139 11:47:09.439017 195.135.220.3 > 192.168.222.103: icmp: echo reply seq 139 11:47:10.432055 192.168.222.103 > 195.135.220.3: icmp: echo request seq 140 11:47:10.454572 195.135.220.3 > 192.168.222.103: icmp: echo reply seq 140 11:47:11.447678 192.168.222.103 > 195.135.220.3: icmp: echo request seq 141 11:47:11.470148 195.135.220.3 > 192.168.222.103: icmp: echo reply seq 141 11:47:11.507820 192.168.222.102 > 195.135.220.3: icmp: echo request seq 15 11:47:12.464524 192.168.222.103 > 195.135.220.3: icmp: echo request seq 142 11:47:12.487608 195.135.220.3 > 192.168.222.103: icmp: echo reply seq 142 ... So it seems, that the remote host does not reply. Please note, when I ping from Dom0 *and* from one of the DomU''s at the same time, it works fine. Just en excerpt from tcpdump in this case. 11:56:19.338397 192.168.222.103 > 195.135.220.3: icmp: echo request seq 254 11:56:19.360969 195.135.220.3 > 192.168.222.103: icmp: echo reply seq 254 11:56:19.930122 192.168.222.16 > 195.135.220.3: icmp: echo request seq 12 (DF) 11:56:19.953969 195.135.220.3 > 192.168.222.16: icmp: echo reply seq 12 11:56:20.338293 192.168.222.103 > 195.135.220.3: icmp: echo request seq 255 11:56:20.367243 195.135.220.3 > 192.168.222.103: icmp: echo reply seq 255 11:56:20.934662 192.168.222.16 > 195.135.220.3: icmp: echo request seq 13 (DF) 11:56:20.971703 195.135.220.3 > 192.168.222.16: icmp: echo reply seq 13 11:56:21.353869 192.168.222.103 > 195.135.220.3: icmp: echo request seq 256 11:56:21.388060 195.135.220.3 > 192.168.222.103: icmp: echo reply seq 256 11:56:21.937585 192.168.222.16 > 195.135.220.3: icmp: echo request seq 14 (DF) 11:56:21.960194 195.135.220.3 > 192.168.222.16: icmp: echo reply seq 14 However, I will investigate this at a later moment. Thanks Wolfgang _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users