Xen users - Sep 2010 - [XCP] vlan from guests

Setting up XCP 0.5, I''ve used OpenXenCenter to create our VLANs. The
network
switch has the admin VLAN set to untagged, all others set to tagged (for our
Xen 3.1/3.2 Debian dom0 machines we set all VLANs tagged - but they use
vconfig/brctl not openvswitch so my experience from them doesn''t seem
to be
helpful).

I have (pfSense 1.2.3) guest (for the purpose of this test, IP
192.168.30.200) on two VLANs, however the traffic doesn''t seem to be
leaving
the XCP host (management IP is 192.168.31.51) correctly.
>From the XCP command prompt, if I use tcpdump, I see network traffic on the
interface named xapi7. tcpdump on eth0 definitely shows something strange,
as if I ask it to filter to just arp traffic, it doesn''t show traffic
from
the guest, but if I ask it to show all traffic and grep the output for arp,
it shows traffic from the guest. I am suspecting two things but not sure how
to prove them: a.) tcpdump on XCP 0.5 doesn''t understand VLAN tags. b.)
I am
not passing the VLAN tags up to the network switch correctly so the packets
are just falling on the floor.

Unless I''m misunderstanding something, tcpdump against xapi7 should
show all
traffic that the network switch hands down to the NIC that is tagged for
VLAN 7 - my tcpdump of xapi7 shows this is not working as I expect.

[root@nnexen1 log]# xe vm-vif-list vm=cmgate3left
uuid ( RO)                  : 6889e3dc-aeb4-eb2d-3664-0af2f2ebd3c1
         vm-name-label ( RO): cmgate3left
                device ( RO): 2
                   MAC ( RO): 4a:f2:73:9c:6b:7b
          network-uuid ( RO): 7dcd9c10-87fd-2b51-ca1b-ab7b16ee8f2b
    network-name-label ( RO): cminternet0


uuid ( RO)                  : 641782d8-c752-97ae-9fdf-c806d8b5e775
         vm-name-label ( RO): cmgate3left
                device ( RO): 1
                   MAC ( RO): 7e:de:c8:f0:71:8e
          network-uuid ( RO): 548ade1a-4f24-ab08-9dbd-3ce7bd90f347
    network-name-label ( RO): cmguest0


[root@nnexen1 log]# xe network-param-list
uuid=548ade1a-4f24-ab08-9dbd-3ce7bd90f347
uuid ( RO)                : 548ade1a-4f24-ab08-9dbd-3ce7bd90f347
          name-label ( RW): cmguest0
    name-description ( RW):
           VIF-uuids (SRO): 641782d8-c752-97ae-9fdf-c806d8b5e775
           PIF-uuids (SRO): dd30f6d6-cf69-4132-95bb-d3ccf31c86d4
                 MTU ( RW): 1500
              bridge ( RO): xapi7
        other-config (MRW): automatic: false
               blobs ( RO):


[root@nnexen1 log]# xe pif-list uuid=dd30f6d6-cf69-4132-95bb-d3ccf31c86d4
uuid ( RO)                  : dd30f6d6-cf69-4132-95bb-d3ccf31c86d4
                device ( RO): eth0
    currently-attached ( RO): true
                  VLAN ( RO): 7
          network-uuid ( RO): 548ade1a-4f24-ab08-9dbd-3ce7bd90f347

[root@nnexen1 log]# tcpdump -n -c 3 -i xapi7
tcpdump: WARNING: xapi7: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on xapi7, link-type EN10MB (Ethernet), capture size 96 bytes
14:22:30.031651 arp who-has 192.168.30.237 tell 192.168.30.200
14:22:31.032574 arp who-has 192.168.30.237 tell 192.168.30.200
14:22:32.033560 arp who-has 192.168.30.237 tell 192.168.30.200
3 packets captured
3 packets received by filter
0 packets dropped by kernel

[root@nnexen1 log]# tcpdump -n -i eth0 port not 22 and port not https | grep
arp
tcpdump: WARNING: eth0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
14:24:14.065131 arp who-has 192.168.31.38 tell 192.168.31.51
14:24:14.136640 arp who-has 192.168.30.237 tell 192.168.30.200
14:24:15.065282 arp who-has 192.168.31.38 tell 192.168.31.51
14:24:15.137645 arp who-has 192.168.30.237 tell 192.168.30.200

[root@nnexen1 log]# tcpdump -n -i eth0 arp
tcpdump: WARNING: eth0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
14:24:26.095128 arp who-has 192.168.31.38 tell 192.168.31.51
14:24:27.095189 arp who-has 192.168.31.38 tell 192.168.31.51


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Further update on this - if I assign xapi7 an actual IP address
(192.168.30.201) manually in dom0, I am able to ping the guest
(192.168.30.200) without any difficulty:

[root@nnexen1 ~]# ifconfig xapi7
xapi7     Link encap:Ethernet  HWaddr 00:18:71:78:0A:3E
          inet addr:192.168.30.201  Bcast:192.168.30.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:411465 errors:0 dropped:0 overruns:0 frame:0
          TX packets:35 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:17283426 (16.4 MiB)  TX bytes:1526 (1.4 KiB)

[root@nnexen1 ~]# ping -c 3 192.168.30.200
PING 192.168.30.200 (192.168.30.200) 56(84) bytes of data.
64 bytes from 192.168.30.200: icmp_seq=1 ttl=64 time=1.13 ms
64 bytes from 192.168.30.200: icmp_seq=2 ttl=64 time=0.286 ms
64 bytes from 192.168.30.200: icmp_seq=3 ttl=64 time=0.267 ms

And if I set up a second guest (running sysrescueCD, but it isn''t
important
what) on the #7 VLAN, I''m able to ping the first guest without
problems.

I moved the physical connection to a different switch (but same VLAN
configuration for that port) in order to monitor traffic and what I found is
that the traffic OUTBOUND from the domU looks fine (for example, arp
requests look fully formed and are tagged for VLAN7), but responses
don''t
appear to make it from the network to the domU (the do go down the wire to
the dom0 actual physical NIC). With dom0 having an active IP on VLAN7, I see
that dom0 is also unable to communicate over VLAN7 to the outside world
either.

Partial tcpdump on dom0 xapi7:

08:22:27.674617 arp who-has 192.168.30.237 tell 192.168.30.200
08:22:28.675624 arp who-has 192.168.30.237 tell 192.168.30.200
08:22:29.676596 arp who-has 192.168.30.237 tell 192.168.30.200

Partial tcpdump on 192.168.30.237 against the same VLAN (these clocks are
not in sync as dom0 doesn''t have NTP connectivity, but .237 does)

08:22:29.139872 ARP, Request who-has 192.168.30.237 tell 192.168.30.200,
length 42
08:22:29.139895 ARP, Reply 192.168.30.237 is-at 00:16:36:7e:56:cb, length 28
08:22:30.140866 ARP, Request who-has 192.168.30.237 tell 192.168.30.200,
length 42
08:22:30.140885 ARP, Reply 192.168.30.237 is-at 00:16:36:7e:56:cb, length 28
08:22:31.141864 ARP, Request who-has 192.168.30.237 tell 192.168.30.200,
length 42
08:22:31.141886 ARP, Reply 192.168.30.237 is-at 00:16:36:7e:56:cb, length 28

So I''m assuming there is something I''m doing wrong with the
openvswitch
setup within dom0, but I have no idea what it is.

On Fri, Sep 17, 2010 at 2:33 PM, Tundra Slosek <ivoryring@gmail.com>
wrote:
> Setting up XCP 0.5, I''ve used OpenXenCenter to create our VLANs.
The
> network switch has the admin VLAN set to untagged, all others set to tagged
> (for our Xen 3.1/3.2 Debian dom0 machines we set all VLANs tagged - but
they
> use vconfig/brctl not openvswitch so my experience from them
doesn''t seem to
> be helpful).
>
> I have (pfSense 1.2.3) guest (for the purpose of this test, IP
> 192.168.30.200) on two VLANs, however the traffic doesn''t seem to
be leaving
> the XCP host (management IP is 192.168.31.51) correctly.
>
> From the XCP command prompt, if I use tcpdump, I see network traffic on the
> interface named xapi7. tcpdump on eth0 definitely shows something strange,
> as if I ask it to filter to just arp traffic, it doesn''t show
traffic from
> the guest, but if I ask it to show all traffic and grep the output for arp,
> it shows traffic from the guest. I am suspecting two things but not sure
how
> to prove them: a.) tcpdump on XCP 0.5 doesn''t understand VLAN
tags. b.) I am
> not passing the VLAN tags up to the network switch correctly so the packets
> are just falling on the floor.
>
> Unless I''m misunderstanding something, tcpdump against xapi7
should show
> all traffic that the network switch hands down to the NIC that is tagged
for
> VLAN 7 - my tcpdump of xapi7 shows this is not working as I expect.
>
> [root@nnexen1 log]# xe vm-vif-list vm=cmgate3left
> uuid ( RO)                  : 6889e3dc-aeb4-eb2d-3664-0af2f2ebd3c1
>          vm-name-label ( RO): cmgate3left
>                 device ( RO): 2
>                    MAC ( RO): 4a:f2:73:9c:6b:7b
>           network-uuid ( RO): 7dcd9c10-87fd-2b51-ca1b-ab7b16ee8f2b
>     network-name-label ( RO): cminternet0
>
>
> uuid ( RO)                  : 641782d8-c752-97ae-9fdf-c806d8b5e775
>          vm-name-label ( RO): cmgate3left
>                 device ( RO): 1
>                    MAC ( RO): 7e:de:c8:f0:71:8e
>           network-uuid ( RO): 548ade1a-4f24-ab08-9dbd-3ce7bd90f347
>     network-name-label ( RO): cmguest0
>
>
> [root@nnexen1 log]# xe network-param-list
> uuid=548ade1a-4f24-ab08-9dbd-3ce7bd90f347
> uuid ( RO)                : 548ade1a-4f24-ab08-9dbd-3ce7bd90f347
>           name-label ( RW): cmguest0
>     name-description ( RW):
>            VIF-uuids (SRO): 641782d8-c752-97ae-9fdf-c806d8b5e775
>            PIF-uuids (SRO): dd30f6d6-cf69-4132-95bb-d3ccf31c86d4
>                  MTU ( RW): 1500
>               bridge ( RO): xapi7
>         other-config (MRW): automatic: false
>                blobs ( RO):
>
>
> [root@nnexen1 log]# xe pif-list uuid=dd30f6d6-cf69-4132-95bb-d3ccf31c86d4
> uuid ( RO)                  : dd30f6d6-cf69-4132-95bb-d3ccf31c86d4
>                 device ( RO): eth0
>     currently-attached ( RO): true
>                   VLAN ( RO): 7
>           network-uuid ( RO): 548ade1a-4f24-ab08-9dbd-3ce7bd90f347
>
> [root@nnexen1 log]# tcpdump -n -c 3 -i xapi7
> tcpdump: WARNING: xapi7: no IPv4 address assigned
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on xapi7, link-type EN10MB (Ethernet), capture size 96 bytes
> 14:22:30.031651 arp who-has 192.168.30.237 tell 192.168.30.200
> 14:22:31.032574 arp who-has 192.168.30.237 tell 192.168.30.200
> 14:22:32.033560 arp who-has 192.168.30.237 tell 192.168.30.200
> 3 packets captured
> 3 packets received by filter
> 0 packets dropped by kernel
>
> [root@nnexen1 log]# tcpdump -n -i eth0 port not 22 and port not https |
> grep arp
> tcpdump: WARNING: eth0: no IPv4 address assigned
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
> 14:24:14.065131 arp who-has 192.168.31.38 tell 192.168.31.51
> 14:24:14.136640 arp who-has 192.168.30.237 tell 192.168.30.200
> 14:24:15.065282 arp who-has 192.168.31.38 tell 192.168.31.51
> 14:24:15.137645 arp who-has 192.168.30.237 tell 192.168.30.200
>
> [root@nnexen1 log]# tcpdump -n -i eth0 arp
> tcpdump: WARNING: eth0: no IPv4 address assigned
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
> 14:24:26.095128 arp who-has 192.168.31.38 tell 192.168.31.51
> 14:24:27.095189 arp who-has 192.168.31.38 tell 192.168.31.51
>
>

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users