Xen users - Jun 2011 - bridge networking issue from dom0 to the world

Hi,
  I''m trying to setup xen and have figured out most of my issues.
However I''m
stuck with a networking issue.

From my dom0 I can ping the world and my domU. However I cannot ping anything 
except the dom0 from inside my domU.

dom0 is a clean opensuse 11.4 with XEN 4.1.1 added to it (using the default 
kernel 2.6.37.6-0.5-xen).

domU is ubuntu server 8.04 with all recent updates (and using the kernel 
above).

I''ve manually setup the xen cfg for my domU (xen-create-tool was not
available
on SuSE and I could not seem to get virt-manager to do what I wanted - or made 
sence of it :( ).

After starting up domU the dom0 config looks like :
# ifconfig
br0       Link encap:Ethernet  HWaddr <MAC>
          inet addr:x.y.z.117  Bcast:x.y.z.127  Mask:255.255.255.224
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1166 errors:0 dropped:0 overruns:0 frame:0
          TX packets:733 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:85307 (83.3 Kb)  TX bytes:112363 (109.7 Kb)

eth0      Link encap:Ethernet  HWaddr <MAC>
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1133 errors:0 dropped:0 overruns:0 frame:0
          TX packets:828 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:100941 (98.5 Kb)  TX bytes:117725 (114.9 Kb)
          Interrupt:230 Base address:0x8000 

vif2.0    Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF  
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:22 errors:0 dropped:0 overruns:0 frame:0
          TX packets:41 errors:0 dropped:4 overruns:0 carrier:0
          collisions:0 txqueuelen:32 
          RX bytes:1296 (1.2 Kb)  TX bytes:2718 (2.6 Kb)

vif2.1    Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF  
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:43 errors:0 dropped:4 overruns:0 carrier:0
          collisions:0 txqueuelen:32 
          RX bytes:0 (0.0 b)  TX bytes:2886 (2.8 Kb)

# brctl show
bridge name     bridge id               STP enabled     interfaces
br0             8000.4061862a1fa4       no              eth0
                                                        vif2.0
                                                        vif2.1

# route -n

Kernel IP routing table
Destination     Gateway      Genmask         Flags Metric Ref    Use Iface
x.y.z.97     0.0.0.0         255.255.255.255 UH    0      0        0 eth0
x.y.z.96     0.0.0.0         255.255.255.224 U     0      0        0 br0
127.0.0.0    0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0      x.y.z.97        0.0.0.0         UG    0      0        0 br0


# cat /etc/sysctl.conf
net.ipv4.ip_forward=1
net.ipv4.conf.all.rp_filter=1
net.ipv4.icmp_echo_ignore_broadcasts=1

# cat /etc/xen/xend-config.sxp | grep -v <empty lines and comments>
(xend-http-server yes)
(xend-unix-server yes)
(xend-unix-path /var/lib/xend/xend-socket)
(xend-port            8000)
(xend-address localhost)
(xend-relocation-hosts-allow ''^localhost$
^localhost\\.localdomain$'')
(network-script ''network-bridge bridge=br0'')
(vif-script vif-bridge)
(dom0-min-mem 512)
(enable-dom0-ballooning yes)
(total_available_memory 0) 
(dom0-cpus 0)

The dom0 has no iptables rules active.

Finally the domU looks like :
# route -n
Kernel IP routing table
Destination     Gateway         Genmask      Flags Metric Ref    Use Iface
x.y.z.96        0.0.0.0      255.255.255.224 U     0      0        0 eth0
0.0.0.0         x.y.z.97     0.0.0.0         UG    100    0        0 eth0
0.0.0.0         x.y.z.117    0.0.0.0         UG    100    0        0 eth0

#ifconfig
eth0      Link encap:Ethernet  HWaddr 00:16:.....  
          inet addr:x.y.z.125  Bcast:x.y.z.127  Mask:255.255.255.224
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:54 errors:0 dropped:0 overruns:0 frame:0
          TX packets:75 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:3644 (3.5 KB)  TX bytes:5975 (5.8 KB)

Thanks for any pointers or insights you may have.
CPH

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Hi,
  I''m trying to setup xen and have figured out most of my issues.
However I''m
stuck with a networking issue.

From my dom0 I can ping the world and my domU. However I cannot ping anything 
except the dom0 from inside my domU.

dom0 is a clean opensuse 11.4 with XEN 4.1.1 added to it (using the default 
kernel 2.6.37.6-0.5-xen).

domU is ubuntu server 8.04 with all recent updates (and using the kernel 
above).

I''ve manually setup the xen cfg for my domU (xen-create-tool was not
available
on SuSE and I could not seem to get virt-manager to do what I wanted - or made 
sence of it :( ).

After starting up domU the dom0 config looks like :
# ifconfig
br0       Link encap:Ethernet  HWaddr <MAC>
          inet addr:x.y.z.117  Bcast:x.y.z.127  Mask:255.255.255.224
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1166 errors:0 dropped:0 overruns:0 frame:0
          TX packets:733 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:85307 (83.3 Kb)  TX bytes:112363 (109.7 Kb)

eth0      Link encap:Ethernet  HWaddr <MAC>
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1133 errors:0 dropped:0 overruns:0 frame:0
          TX packets:828 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:100941 (98.5 Kb)  TX bytes:117725 (114.9 Kb)
          Interrupt:230 Base address:0x8000 

vif2.0    Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF  
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:22 errors:0 dropped:0 overruns:0 frame:0
          TX packets:41 errors:0 dropped:4 overruns:0 carrier:0
          collisions:0 txqueuelen:32 
          RX bytes:1296 (1.2 Kb)  TX bytes:2718 (2.6 Kb)

vif2.1    Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF  
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:43 errors:0 dropped:4 overruns:0 carrier:0
          collisions:0 txqueuelen:32 
          RX bytes:0 (0.0 b)  TX bytes:2886 (2.8 Kb)

# brctl show
bridge name     bridge id               STP enabled     interfaces
br0             8000.4061862a1fa4       no              eth0
                                                        vif2.0
                                                        vif2.1

# route -n

Kernel IP routing table
Destination     Gateway      Genmask         Flags Metric Ref    Use Iface
x.y.z.97     0.0.0.0         255.255.255.255 UH    0      0        0 eth0
x.y.z.96     0.0.0.0         255.255.255.224 U     0      0        0 br0
127.0.0.0    0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0      x.y.z.97        0.0.0.0         UG    0      0        0 br0


# cat /etc/sysctl.conf
net.ipv4.ip_forward=1
net.ipv4.conf.all.rp_filter=1
net.ipv4.icmp_echo_ignore_broadcasts=1

# cat /etc/xen/xend-config.sxp | grep -v <empty lines and comments>
(xend-http-server yes)
(xend-unix-server yes)
(xend-unix-path /var/lib/xend/xend-socket)
(xend-port            8000)
(xend-address localhost)
(xend-relocation-hosts-allow ''^localhost$
^localhost\\.localdomain$'')
(network-script ''network-bridge bridge=br0'')
(vif-script vif-bridge)
(dom0-min-mem 512)
(enable-dom0-ballooning yes)
(total_available_memory 0) 
(dom0-cpus 0)

The dom0 has no iptables rules active.

Finally the domU looks like :
# route -n
Kernel IP routing table
Destination     Gateway         Genmask      Flags Metric Ref    Use Iface
x.y.z.96        0.0.0.0      255.255.255.224 U     0      0        0 eth0
0.0.0.0         x.y.z.97     0.0.0.0         UG    100    0        0 eth0
0.0.0.0         x.y.z.117    0.0.0.0         UG    100    0        0 eth0

#ifconfig
eth0      Link encap:Ethernet  HWaddr 00:16:.....  
          inet addr:x.y.z.125  Bcast:x.y.z.127  Mask:255.255.255.224
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:54 errors:0 dropped:0 overruns:0 frame:0
          TX packets:75 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:3644 (3.5 KB)  TX bytes:5975 (5.8 KB)

Thanks for any pointers or insights you may have.
CPH

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

On Thu, Jun 23, 2011 at 11:47 AM, Con Hennessy <con.hennessy@openapp.ie>
wrote:
> Hi,
> I''ve manually setup the xen cfg for my domU (xen-create-tool was
not available
> on SuSE and I could not seem to get virt-manager to do what I wanted - or
made
> sence of it :( ).
Can you post the domU config file that you are trying to use?

Thanks,
Todd

-- 
Todd Deshane
http://www.linkedin.com/in/deshantm
http://www.xen.org/products/cloudxen.html
http://runningxen.com/

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

On Thu 23 Jun 2011 21:32:34 Todd Deshane wrote:
> On Thu, Jun 23, 2011 at 11:47 AM, Con Hennessy
<con.hennessy@openapp.ie>
wrote:
> > Hi,
> > I''ve manually setup the xen cfg for my domU (xen-create-tool
was not
> > available on SuSE and I could not seem to get virt-manager to do what
I
> > wanted - or made sence of it :( ).
> 
> Can you post the domU config file that you are trying to use?
Damn. I was trying to make sure I forgot nothing - except the obvious :)

# grep -v "^#"  test2.cfg | grep -vE "^$"

kernel = "/boot/vmlinuz-xen"
ramdisk = "/boot/initrd-xen"
memory = 512
name = "test2"
vcpus = 1
vif = [ ''mac=00:16:00:00:00:43, ip=x.y.z.125'',
''bridge=br0'' ]
disk = [
''phy:vgvm/xenvm01,xvda1,w'',''phy:vgvm/xenvm01-swap,xvda2,w''
]
root = "/dev/xvda1"
extra = " console=xvc0"



_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

> -----Ursprüngliche Nachricht-----
> Von: xen-users-bounces@lists.xensource.com [mailto:xen-users-
> bounces@lists.xensource.com] Im Auftrag von Con Hennessy
> Gesendet: Donnerstag, 23. Juni 2011 22:56
> An: xen-users@lists.xensource.com
> Betreff: Re: [Xen-users] bridge networking issue from dom0 to the world
> 
> On Thu 23 Jun 2011 21:32:34 Todd Deshane wrote:
> > On Thu, Jun 23, 2011 at 11:47 AM, Con Hennessy
<con.hennessy@openapp.ie>
> wrote:
> > > Hi,
> > > I''ve manually setup the xen cfg for my domU
(xen-create-tool was not
> > > available on SuSE and I could not seem to get virt-manager to do
what I
> > > wanted - or made sence of it :( ).
> >
> > Can you post the domU config file that you are trying to use?
> 
> Damn. I was trying to make sure I forgot nothing - except the obvious :)
> 
> # grep -v "^#"  test2.cfg | grep -vE "^$"
> 
> kernel = "/boot/vmlinuz-xen"
> ramdisk = "/boot/initrd-xen"
> memory = 512
> name = "test2"
> vcpus = 1
> vif = [ ''mac=00:16:00:00:00:43, ip=x.y.z.125'',
''bridge=br0'' ]
> disk = [
''phy:vgvm/xenvm01,xvda1,w'',''phy:vgvm/xenvm01-swap,xvda2,w''
]
> root = "/dev/xvda1"
> extra = " console=xvc0"
Hi,

try
vif = [ ''mac=00:16:00:00:00:43'' ]
and assign IP in domu.

Hope it helps
Guido


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

On Thu 23 Jun 2011 22:32:19 Guido Hecken wrote:
> > -----Ursprüngliche Nachricht-----
> > Von: xen-users-bounces@lists.xensource.com [mailto:xen-users-
> > bounces@lists.xensource.com] Im Auftrag von Con Hennessy
> > Gesendet: Donnerstag, 23. Juni 2011 22:56
> > An: xen-users@lists.xensource.com
> > Betreff: Re: [Xen-users] bridge networking issue from dom0 to the
world
> > 
> > On Thu 23 Jun 2011 21:32:34 Todd Deshane wrote:
> > > On Thu, Jun 23, 2011 at 11:47 AM, Con Hennessy
> > > <con.hennessy@openapp.ie>
> > 
> > wrote:
> > > > Hi,
> > > > I''ve manually setup the xen cfg for my domU
(xen-create-tool was not
> > > > available on SuSE and I could not seem to get virt-manager
to do what
> > > > I wanted - or made sence of it :( ).
> > > 
> > > Can you post the domU config file that you are trying to use?
> > 
> > Damn. I was trying to make sure I forgot nothing - except the obvious
:)
> > 
> > # grep -v "^#"  test2.cfg | grep -vE "^$"
> > 
> > kernel = "/boot/vmlinuz-xen"
> > ramdisk = "/boot/initrd-xen"
> > memory = 512
> > name = "test2"
> > vcpus = 1
> > vif = [ ''mac=00:16:00:00:00:43, ip=x.y.z.125'',
''bridge=br0'' ]
> > disk = [
''phy:vgvm/xenvm01,xvda1,w'',''phy:vgvm/xenvm01-swap,xvda2,w''
]
> > root = "/dev/xvda1"
> > extra = " console=xvc0"
> 
> Hi,
> 
> try
> vif = [ ''mac=00:16:00:00:00:43'' ]
> and assign IP in domu.
It made no difference :(


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

On Thu, Jun 23, 2011 at 5:32 PM, Guido Hecken
<guido.hecken@gwsnettech.de> wrote:
> try
> vif = [ ''mac=00:16:00:00:00:43'' ]
I think you actually mean [''mac=00:16:00:00:00:43,bridge=br0'']

The problem with the original is the you ended the single quote too
soon for the bridge.

The config that you had will produce two domU nics, not one. And you
want the bridge to be associated with the first nic.

Todd

-- 
Todd Deshane
http://www.linkedin.com/in/deshantm
http://www.xen.org/products/cloudxen.html
http://runningxen.com/

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

> -----Ursprüngliche Nachricht-----
> Von: todd.deshane.xen@gmail.com [mailto:todd.deshane.xen@gmail.com] Im
Auftrag
> von Todd Deshane
> Gesendet: Donnerstag, 23. Juni 2011 23:54
> An: Guido Hecken; cp.hennessy@openapp.ie
> Cc: xen-users@lists.xensource.com
> Betreff: Re: [Xen-users] bridge networking issue from dom0 to the world
> 
> On Thu, Jun 23, 2011 at 5:32 PM, Guido Hecken
> <guido.hecken@gwsnettech.de> wrote:
> 
> > try
> > vif = [ ''mac=00:16:00:00:00:43'' ]
> 
> I think you actually mean
[''mac=00:16:00:00:00:43,bridge=br0'']
> 
> The problem with the original is the you ended the single quote too
> soon for the bridge.
> 
> The config that you had will produce two domU nics, not one. And you
> want the bridge to be associated with the first nic.
@Todd,
afaik the line
vif = [ ''mac=00:16:00:00:00:43'' ]
creates an interface on the standard bridge with the above mac.
I have this line on a lot of domu without problems so far.

@CP
These two lines (xend-config.sxp) are from a running system
(network-script ''network-bridge'')
(vif-script vif-bridge)
Give it a try with the above single vif statement and the above network
statements in xend-config.sxp.
You might have to restart at least the xend processes.
Perhaps, reboot the hole machine.

Guido


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

On Thu 23 Jun 2011 23:12:22 Guido Hecken wrote:
> > -----Ursprüngliche Nachricht-----
> > Von: todd.deshane.xen@gmail.com [mailto:todd.deshane.xen@gmail.com] Im
> > Auftrag von Todd Deshane
> > Gesendet: Donnerstag, 23. Juni 2011 23:54
> > An: Guido Hecken; cp.hennessy@openapp.ie
> > Cc: xen-users@lists.xensource.com
> > Betreff: Re: [Xen-users] bridge networking issue from dom0 to the
world
> > 
> > On Thu, Jun 23, 2011 at 5:32 PM, Guido Hecken
> > 
> > <guido.hecken@gwsnettech.de> wrote:
> > > try
> > > vif = [ ''mac=00:16:00:00:00:43'' ]
> > 
> > I think you actually mean
[''mac=00:16:00:00:00:43,bridge=br0'']
> > 
> > The problem with the original is the you ended the single quote too
> > soon for the bridge.
> > 
> > The config that you had will produce two domU nics, not one. And you
> > want the bridge to be associated with the first nic.
> 
> @Todd,
> afaik the line
> vif = [ ''mac=00:16:00:00:00:43'' ]
> creates an interface on the standard bridge with the above mac.
> I have this line on a lot of domu without problems so far.
> 
> @CP
> These two lines (xend-config.sxp) are from a running system
> (network-script ''network-bridge'')
> (vif-script vif-bridge)
> Give it a try with the above single vif statement and the above network
> statements in xend-config.sxp. You might have to restart at least the xend
> processes.
> Perhaps, reboot the hole machine.
Hi,
  With those changes my domU still cannot ping an external site.

Another other hints or tips ?
Thanks,
CPH

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

On 23 Jun 2011, at 16:47, Con Hennessy wrote:
> Hi,
>  I''m trying to setup xen and have figured out most of my issues.
However I''m
> stuck with a networking issue.
> 
> From my dom0 I can ping the world and my domU. However I cannot ping
anything
> except the dom0 from inside my domU.
Can you ping the domU from the outside world?
> # cat /etc/xen/xend-config.sxp | grep -v <empty lines and comments>
> (xend-http-server yes)
> (xend-unix-server yes)
> (xend-unix-path /var/lib/xend/xend-socket)
> (xend-port            8000)
> (xend-address localhost)
> (xend-relocation-hosts-allow ''^localhost$
^localhost\\.localdomain$'')
> (network-script ''network-bridge bridge=br0'')
> (vif-script vif-bridge)
> (dom0-min-mem 512)
> (enable-dom0-ballooning yes)
> (total_available_memory 0) 
> (dom0-cpus 0)
Are you using the xm toolstack still (e.g. xm create /etc/xen/test2.cfg)?

If you are using the XL toolstack then you should look at /etc/xen/xl.conf and
uncomment the bridge line there.

Also if using XL then you need to disable the init.d script for xend and enable
init.d script for xencommons.

If you''re not using the XL toolstack, have you tried that?

Iain




_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

--- On Thu, 6/23/11, CP Hennessy <cp.hennessy@openapp.ie> wrote:
> From: CP Hennessy <cp.hennessy@openapp.ie>
> Subject: [Xen-users] bridge networking issue from dom0 to the world
> To: xen-users@lists.xensource.com
> Date: Thursday, June 23, 2011, 12:26 PM
> Hi,
>   I''m trying to setup xen and have figured out most of
> my issues. However I''m 
> stuck with a networking issue.
> 
> From my dom0 I can ping the world and my domU. However I
> cannot ping anything 
> except the dom0 from inside my domU.
> 
> dom0 is a clean opensuse 11.4 with XEN 4.1.1 added to it
> (using the default 
> kernel 2.6.37.6-0.5-xen).
> 
> domU is ubuntu server 8.04 with all recent updates (and
> using the kernel 
> above).
> 
> I''ve manually setup the xen cfg for my domU
> (xen-create-tool was not available 
> on SuSE and I could not seem to get virt-manager to do what
> I wanted - or made 
> sence of it :( ).
> 
> 
> # cat /etc/sysctl.conf
> net.ipv4.ip_forward=1
> net.ipv4.conf.all.rp_filter=1
> net.ipv4.icmp_echo_ignore_broadcasts=1
Turn on proxy arp in dom0
echo ''net.ipv4.conf.all.proxy_arp = 1'' >>
/etc/sysctl.conf

Consider using the same gateway in dom0 and domU *.96

Your provider must allocate multiple IP''s for your /16

-- 
Mark

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

On Thu 23 Jun 2011 23:46:57 Iain Kay wrote:
> On 23 Jun 2011, at 16:47, Con Hennessy wrote:
> > Hi,
> > 
> >  I''m trying to setup xen and have figured out most of my
issues. However
> >  I''m
> > 
> > stuck with a networking issue.
> > 
> > From my dom0 I can ping the world and my domU. However I cannot ping
> > anything except the dom0 from inside my domU.
> 
> Can you ping the domU from the outside world?
No.


[snip]
> 
> Are you using the xm toolstack still (e.g. xm create /etc/xen/test2.cfg)?
Yes.

 
> If you are using the XL toolstack then you should look at /etc/xen/xl.conf
> and uncomment the bridge line there.
I''m not using the XL toolstack - I did not even know of if until your
email :(

Also the xl.conf file has no uncommented lines (and the commented lines do not 
contain anything related to bridging ).

 
> Also if using XL then you need to disable the init.d script for xend and
> enable init.d script for xencommons.
> 
> If you''re not using the XL toolstack, have you tried that?
From what I''ve read about XL (and understood) then the networking is 
completely setup by the admin(me). But surely I need to get the networking 
working first ?

Thanks
CPH

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users