Further update on this - if I assign xapi7 an actual IP address
(192.168.30.201) manually in dom0, I am able to ping the guest
(192.168.30.200) without any difficulty:
[root@nnexen1 ~]# ifconfig xapi7
xapi7 Link encap:Ethernet HWaddr 00:18:71:78:0A:3E
inet addr:192.168.30.201 Bcast:192.168.30.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:411465 errors:0 dropped:0 overruns:0 frame:0
TX packets:35 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:17283426 (16.4 MiB) TX bytes:1526 (1.4 KiB)
[root@nnexen1 ~]# ping -c 3 192.168.30.200
PING 192.168.30.200 (192.168.30.200) 56(84) bytes of data.
64 bytes from 192.168.30.200: icmp_seq=1 ttl=64 time=1.13 ms
64 bytes from 192.168.30.200: icmp_seq=2 ttl=64 time=0.286 ms
64 bytes from 192.168.30.200: icmp_seq=3 ttl=64 time=0.267 ms
And if I set up a second guest (running sysrescueCD, but it isn''t
important
what) on the #7 VLAN, I''m able to ping the first guest without
problems.
I moved the physical connection to a different switch (but same VLAN
configuration for that port) in order to monitor traffic and what I found is
that the traffic OUTBOUND from the domU looks fine (for example, arp
requests look fully formed and are tagged for VLAN7), but responses
don''t
appear to make it from the network to the domU (the do go down the wire to
the dom0 actual physical NIC). With dom0 having an active IP on VLAN7, I see
that dom0 is also unable to communicate over VLAN7 to the outside world
either.
Partial tcpdump on dom0 xapi7:
08:22:27.674617 arp who-has 192.168.30.237 tell 192.168.30.200
08:22:28.675624 arp who-has 192.168.30.237 tell 192.168.30.200
08:22:29.676596 arp who-has 192.168.30.237 tell 192.168.30.200
Partial tcpdump on 192.168.30.237 against the same VLAN (these clocks are
not in sync as dom0 doesn''t have NTP connectivity, but .237 does)
08:22:29.139872 ARP, Request who-has 192.168.30.237 tell 192.168.30.200,
length 42
08:22:29.139895 ARP, Reply 192.168.30.237 is-at 00:16:36:7e:56:cb, length 28
08:22:30.140866 ARP, Request who-has 192.168.30.237 tell 192.168.30.200,
length 42
08:22:30.140885 ARP, Reply 192.168.30.237 is-at 00:16:36:7e:56:cb, length 28
08:22:31.141864 ARP, Request who-has 192.168.30.237 tell 192.168.30.200,
length 42
08:22:31.141886 ARP, Reply 192.168.30.237 is-at 00:16:36:7e:56:cb, length 28
So I''m assuming there is something I''m doing wrong with the
openvswitch
setup within dom0, but I have no idea what it is.
On Fri, Sep 17, 2010 at 2:33 PM, Tundra Slosek <ivoryring@gmail.com>
wrote:
> Setting up XCP 0.5, I''ve used OpenXenCenter to create our VLANs.
The
> network switch has the admin VLAN set to untagged, all others set to tagged
> (for our Xen 3.1/3.2 Debian dom0 machines we set all VLANs tagged - but
they
> use vconfig/brctl not openvswitch so my experience from them
doesn''t seem to
> be helpful).
>
> I have (pfSense 1.2.3) guest (for the purpose of this test, IP
> 192.168.30.200) on two VLANs, however the traffic doesn''t seem to
be leaving
> the XCP host (management IP is 192.168.31.51) correctly.
>
> From the XCP command prompt, if I use tcpdump, I see network traffic on the
> interface named xapi7. tcpdump on eth0 definitely shows something strange,
> as if I ask it to filter to just arp traffic, it doesn''t show
traffic from
> the guest, but if I ask it to show all traffic and grep the output for arp,
> it shows traffic from the guest. I am suspecting two things but not sure
how
> to prove them: a.) tcpdump on XCP 0.5 doesn''t understand VLAN
tags. b.) I am
> not passing the VLAN tags up to the network switch correctly so the packets
> are just falling on the floor.
>
> Unless I''m misunderstanding something, tcpdump against xapi7
should show
> all traffic that the network switch hands down to the NIC that is tagged
for
> VLAN 7 - my tcpdump of xapi7 shows this is not working as I expect.
>
> [root@nnexen1 log]# xe vm-vif-list vm=cmgate3left
> uuid ( RO) : 6889e3dc-aeb4-eb2d-3664-0af2f2ebd3c1
> vm-name-label ( RO): cmgate3left
> device ( RO): 2
> MAC ( RO): 4a:f2:73:9c:6b:7b
> network-uuid ( RO): 7dcd9c10-87fd-2b51-ca1b-ab7b16ee8f2b
> network-name-label ( RO): cminternet0
>
>
> uuid ( RO) : 641782d8-c752-97ae-9fdf-c806d8b5e775
> vm-name-label ( RO): cmgate3left
> device ( RO): 1
> MAC ( RO): 7e:de:c8:f0:71:8e
> network-uuid ( RO): 548ade1a-4f24-ab08-9dbd-3ce7bd90f347
> network-name-label ( RO): cmguest0
>
>
> [root@nnexen1 log]# xe network-param-list
> uuid=548ade1a-4f24-ab08-9dbd-3ce7bd90f347
> uuid ( RO) : 548ade1a-4f24-ab08-9dbd-3ce7bd90f347
> name-label ( RW): cmguest0
> name-description ( RW):
> VIF-uuids (SRO): 641782d8-c752-97ae-9fdf-c806d8b5e775
> PIF-uuids (SRO): dd30f6d6-cf69-4132-95bb-d3ccf31c86d4
> MTU ( RW): 1500
> bridge ( RO): xapi7
> other-config (MRW): automatic: false
> blobs ( RO):
>
>
> [root@nnexen1 log]# xe pif-list uuid=dd30f6d6-cf69-4132-95bb-d3ccf31c86d4
> uuid ( RO) : dd30f6d6-cf69-4132-95bb-d3ccf31c86d4
> device ( RO): eth0
> currently-attached ( RO): true
> VLAN ( RO): 7
> network-uuid ( RO): 548ade1a-4f24-ab08-9dbd-3ce7bd90f347
>
> [root@nnexen1 log]# tcpdump -n -c 3 -i xapi7
> tcpdump: WARNING: xapi7: no IPv4 address assigned
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on xapi7, link-type EN10MB (Ethernet), capture size 96 bytes
> 14:22:30.031651 arp who-has 192.168.30.237 tell 192.168.30.200
> 14:22:31.032574 arp who-has 192.168.30.237 tell 192.168.30.200
> 14:22:32.033560 arp who-has 192.168.30.237 tell 192.168.30.200
> 3 packets captured
> 3 packets received by filter
> 0 packets dropped by kernel
>
> [root@nnexen1 log]# tcpdump -n -i eth0 port not 22 and port not https |
> grep arp
> tcpdump: WARNING: eth0: no IPv4 address assigned
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
> 14:24:14.065131 arp who-has 192.168.31.38 tell 192.168.31.51
> 14:24:14.136640 arp who-has 192.168.30.237 tell 192.168.30.200
> 14:24:15.065282 arp who-has 192.168.31.38 tell 192.168.31.51
> 14:24:15.137645 arp who-has 192.168.30.237 tell 192.168.30.200
>
> [root@nnexen1 log]# tcpdump -n -i eth0 arp
> tcpdump: WARNING: eth0: no IPv4 address assigned
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
> 14:24:26.095128 arp who-has 192.168.31.38 tell 192.168.31.51
> 14:24:27.095189 arp who-has 192.168.31.38 tell 192.168.31.51
>
>
_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users