Xen users - Dec 2011 - Xen networking troubles

Hi all,

For a customer i received a pre-installed CentOS server with the basic Xen
installation running on it. I also received a Public IP range with 6 IP
adresses to use for the VM''s.
The eth0 on the server does have a IP adres in a different net.
There is also a eth1 in the server which isn''t used.

Now i am in the process of create a (windows 2008) HVM, but i can''t get
this HVM connected to the internet by use of one of the public IP adresses
given.

I tried this setup: http://www.debian-administration.org/articles/360 but
that didn''t work for me.
I also tried to setup eth1 with one of my public IP adresses and get it
connected to the xenbr0 bridge, but that didn''t work either.

Can anyone give some clue''s/guidance how to get this setup working?
Thanks a lot!

-- 

Met vriendelijke groet / with kind regards,

Johan Barelds


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

For a customer i received a pre-installed CentOS server with the basic Xen
installation running on it. I also received a Public IP range with 6 IP adresses
to use for the VM''s.
The eth0 on the server does have a IP adres in a different net. 
There is also a eth1 in the server which isn''t used.

Now i am in the process of create a (windows 2008) HVM, but i can''t get
this HVM connected to the internet by use of one of the public IP adresses
given.

I tried this setup: http://www.debian-administration.org/articles/360 but that
didn''t work for me.
I also tried to setup eth1 with one of my public IP adresses and get it
connected to the xenbr0 bridge, but that didn''t work either.

Can anyone give some clue''s/guidance how to get this setup working?
Thanks a lot!


There are several options open but I''ll suggest one using the spare
eth1 interface.  There are different ways to accomplish the bridge creation
which will depend a bit on your setup.  Personally I am using Xen 4.1.2 and rely
on my system network scripts for all the bridge and interface configuration.

1. Create a new bridge called breth1 on the system and add eth1 to it:
 # brctl addbr breth1
 # brctl addif breth1 eth1
Note it is not necessary to assign an IP to the eth1 interface on the dom0 for
this to work.  That''s only required if you want access to the dom0 via
that interface.

2. Change your vif line in your HVM configuration to use the breth1 device
vif = [ ''bridge=breth1'' ]

3. Configure the appropriate IP/netmask in your HVM

James
This message and the information contained herein is proprietary and
confidential and subject to the Amdocs policy statement,
you may review at http://www.amdocs.com/email_disclaimer.asp

Please keep replies on-list so other people can also benefit from any knowledge
and contribute to the discussion.  Also the list convention is to bottom post.
:)

Thanks for your quick response James!
I tried it and it''s not working yet.
On the Windows network card i got the yellow triangle saying: "Unidentified
Network".
What should i use for Default Gateway on my HVM btw?
I used now the one IP from my public range that i configured on my eth1

- Do you have a separate device on the 6 IP subnet that is already a router or
will your dom0 perform this function?  If it will be your dom0 via the eth0
interface then you will need to assign an IP address from the 6 IP subnet to the
bridge and enable IP forwarding by adding the line
net.ipv4.ip_forward = 1
to /etc/sysctl.conf and executing sysctl -p
You''ll also need to make sure that the rest of your network knows to
route the domU subnet via the dom0.
If your eth1 isn''t actually connected to the network then you can use
the bridge without a physical interface attached to it.

And about setting up the extra bridge breth1: does that stick if i reboot the
server?
And if not how can i make ik more permanent?
- To make it permanent you''ll need to edit the network scripts. 
I''m afraid I don''t have specific RHEL/CentOS knowledge.  But
http://acidborg.wordpress.com/2010/01/20/how-to-configure-a-network-bridge-in-red-hat-fedora/
looks like it should give you enough information though.


2011/12/2 James Dingwall <james.dingwall@amdocs.com>

For a customer i received a pre-installed CentOS server with the basic Xen
installation running on it. I also received a Public IP range with 6 IP adresses
to use for the VM''s.
The eth0 on the server does have a IP adres in a different net. 
There is also a eth1 in the server which isn''t used.

Now i am in the process of create a (windows 2008) HVM, but i can''t get
this HVM connected to the internet by use of one of the public IP adresses
given.

I tried this setup: http://www.debian-administration.org/articles/360 but that
didn''t work for me.
I also tried to setup eth1 with one of my public IP adresses and get it
connected to the xenbr0 bridge, but that didn''t work either.

Can anyone give some clue''s/guidance how to get this setup working?
Thanks a lot!

There are several options open but I''ll suggest one using the spare
eth1 interface.  There are different ways to accomplish the bridge creation
which will depend a bit on your setup.  Personally I am using Xen 4.1.2 and rely
on my system network scripts for all the bridge and interface configuration.

1. Create a new bridge called breth1 on the system and add eth1 to it:
 # brctl addbr breth1
 # brctl addif breth1 eth1
Note it is not necessary to assign an IP to the eth1 interface on the dom0 for
this to work.  That''s only required if you want access to the dom0 via
that interface.

2. Change your vif line in your HVM configuration to use the breth1 device
vif = [ ''bridge=breth1'' ]

3. Configure the appropriate IP/netmask in your HVM

This message and the information contained herein is proprietary and
confidential and subject to the Amdocs policy statement,
you may review at http://www.amdocs.com/email_disclaimer.asp

James Dingwall wrote:
>1. Create a new bridge called breth1 on the system and add eth1 to it:
>  # brctl addbr breth1
>  # brctl addif breth1 eth1
>Note it is not necessary to assign an IP to the eth1 interface on 
>the dom0 for this to work.
But you may have to explicitly set the interface to up. When I first 
started experimenting (some time ago), I struggled for a long time 
unable to get traffic to flow because of this !

-- 
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.

2011/12/2 James Dingwall <james.dingwall@amdocs.com>
> Thanks for your quick response James!
> I tried it and it''s not working yet.
> On the Windows network card i got the yellow triangle saying:
> "Unidentified Network".
> What should i use for Default Gateway on my HVM btw?
> I used now the one IP from my public range that i configured on my eth1
>
> - Do you have a separate device on the 6 IP subnet that is already a
> router or will your dom0 perform this function?  If it will be your dom0
> via the eth0 interface then you will need to assign an IP address from the
> 6 IP subnet to the bridge and enable IP forwarding by adding the line
> net.ipv4.ip_forward = 1
> to /etc/sysctl.conf and executing sysctl -p
> You''ll also need to make sure that the rest of your network knows
to route
> the domU subnet via the dom0.
> If your eth1 isn''t actually connected to the network then you can
use the
> bridge without a physical interface attached to it.
>
> And about setting up the extra bridge breth1: does that stick if i reboot
> the server?
> And if not how can i make ik more permanent?
> - To make it permanent you''ll need to edit the network scripts. 
I''m
> afraid I don''t have specific RHEL/CentOS knowledge.  But
>
http://acidborg.wordpress.com/2010/01/20/how-to-configure-a-network-bridge-in-red-hat-fedora/looks
like it should give you enough information though.
>
>
> Hi James,
I do not have a separate device in my IP range that functions as a router.
Can you explain how i assign an IP address from the 6 IP subnet to the
bridge?
I assume you mean the xenbr0 bridge?

Thanks again!

Gr. Johan



-- 

Met vriendelijke groet / with kind regards,

Johan Barelds

*Good IT!
*M: +31 (0)6 54253750
E: j.barelds@good-it.com
W: http://www.good-it.com


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

From: xen-users-bounces@lists.xensource.com
[mailto:xen-users-bounces@lists.xensource.com] On Behalf Of Johan Barelds
Sent: 2 December 2011 10:30
To: xen-users@lists.xensource.com
Subject: Re: [Xen-users] Xen networking troubles

2011/12/2 James Dingwall <james.dingwall@amdocs.com>
Thanks for your quick response James!
I tried it and it''s not working yet.
On the Windows network card i got the yellow triangle saying: "Unidentified
Network".
What should i use for Default Gateway on my HVM btw?
I used now the one IP from my public range that i configured on my eth1
- Do you have a separate device on the 6 IP subnet that is already a router or
will your dom0 perform this function?  If it will be your dom0 via the eth0
interface then you will need to assign an IP address from the 6 IP subnet to the
bridge and enable IP forwarding by adding the line
net.ipv4.ip_forward = 1
to /etc/sysctl.conf and executing sysctl -p
You''ll also need to make sure that the rest of your network knows to
route the domU subnet via the dom0.
If your eth1 isn''t actually connected to the network then you can use
the bridge without a physical interface attached to it.

And about setting up the extra bridge breth1: does that stick if i reboot the
server?
And if not how can i make ik more permanent?
- To make it permanent you''ll need to edit the network scripts.
 I''m afraid I don''t have specific RHEL/CentOS knowledge.  But
http://acidborg.wordpress.com/2010/01/20/how-to-configure-a-network-bridge-in-red-hat-fedora/
looks like it should give you enough information though.

Hi James,

I do not have a separate device in my IP range that functions as a router.
Can you explain how i assign an IP address from the 6 IP subnet to the bridge?
I assume you mean the xenbr0 bridge?

You would need to assign an IP from the 6 to the new bridge that you created. 
xenbr0 should have the current IP of your dom0 assigned.  From the command line
it would be something like:
# ifconfig breth1 192.168.1.1 netmask 255.255.255.248

Let''s say the domU subnet is 10.10.10.0/29, usable IPs .1 to .6.  The
dom0 eth0 interface is wired to a network where 192.168.10.1 is the router.


			dom0

	    eth0			    eth1		Physical interfaces
              |				      |
	   xenbr0			   breth1		Bridges (created by Xen or OS script)
	192.168.1.10/24			10.10.10.1/29		IP assigned to the bridge
					      |
					    domUs
				10.10.10.2-6/29, g/w 10.10.10.1	IPs available to domU


The routing table in the dom0 has a default gateway entry that looks like
0.0.0.0         192.168.1.1     0.0.0.0         UG        0 0          0 xenbr0


The g/w for the domU indicates traffic should be sent to the dom0, 10.10.10.1. 
With ip_forward = 1 the dom0 can now use its routing table to forward traffic
via the eth0 interface to 192.168.10.1 which will know about the rest of the
network.  This router must know that return traffic for 10.10.10.0/29 is to be
forwarded to the eth0 IP of the dom0, 192.168.1.10 in this example.


This message and the information contained herein is proprietary and
confidential and subject to the Amdocs policy statement,
you may review at http://www.amdocs.com/email_disclaimer.asp

2011/12/2 James Dingwall <james.dingwall@amdocs.com>
>
> From: xen-users-bounces@lists.xensource.com [mailto:
> xen-users-bounces@lists.xensource.com] On Behalf Of Johan Barelds
> Sent: 2 December 2011 10:30
> To: xen-users@lists.xensource.com
> Subject: Re: [Xen-users] Xen networking troubles
>
> 2011/12/2 James Dingwall <james.dingwall@amdocs.com>
> Thanks for your quick response James!
> I tried it and it''s not working yet.
> On the Windows network card i got the yellow triangle saying:
> "Unidentified Network".
> What should i use for Default Gateway on my HVM btw?
> I used now the one IP from my public range that i configured on my eth1
> - Do you have a separate device on the 6 IP subnet that is already a
> router or will your dom0 perform this function?  If it will be your dom0
> via the eth0 interface then you will need to assign an IP address from the
> 6 IP subnet to the bridge and enable IP forwarding by adding the line
> net.ipv4.ip_forward = 1
> to /etc/sysctl.conf and executing sysctl -p
> You''ll also need to make sure that the rest of your network knows
to route
> the domU subnet via the dom0.
> If your eth1 isn''t actually connected to the network then you can
use the
> bridge without a physical interface attached to it.
>
> And about setting up the extra bridge breth1: does that stick if i reboot
> the server?
> And if not how can i make ik more permanent?
> - To make it permanent you''ll need to edit the network scripts. 
I''m
> afraid I don''t have specific RHEL/CentOS knowledge.  But
>
http://acidborg.wordpress.com/2010/01/20/how-to-configure-a-network-bridge-in-red-hat-fedora/looks
like it should give you enough information though.
>
> Hi James,
>
> I do not have a separate device in my IP range that functions as a router.
> Can you explain how i assign an IP address from the 6 IP subnet to the
> bridge?
> I assume you mean the xenbr0 bridge?
>
> You would need to assign an IP from the 6 to the new bridge that you
> created.  xenbr0 should have the current IP of your dom0 assigned.  From
> the command line it would be something like:
> # ifconfig breth1 192.168.1.1 netmask 255.255.255.248
>
> Let''s say the domU subnet is 10.10.10.0/29, usable IPs .1 to .6. 
The
> dom0 eth0 interface is wired to a network where 192.168.10.1 is the router.
>
>
>                        dom0
>
>            eth0                            eth1                Physical
> interfaces
>              |                               |
>           xenbr0                          breth1               Bridges
> (created by Xen or OS script)
>        192.168.1.10/24                 10.10.10.1/29           IP
> assigned to the bridge
>                                              |
>                                            domUs
>                                10.10.10.2-6/29, g/w 10.10.10.1 IPs
> available to domU
>
>
> The routing table in the dom0 has a default gateway entry that looks like
> 0.0.0.0         192.168.1.1     0.0.0.0         UG        0 0          0
> xenbr0
>
>
> The g/w for the domU indicates traffic should be sent to the dom0,
> 10.10.10.1.  With ip_forward = 1 the dom0 can now use its routing table to
> forward traffic via the eth0 interface to 192.168.10.1 which will know
> about the rest of the network.  This router must know that return traffic
> for 10.10.10.0/29 is to be forwarded to the eth0 IP of the dom0,
> 192.168.1.10 in this example.
>
>
> This message and the information contained herein is proprietary and
> confidential and subject to the Amdocs policy statement,
> you may review at http://www.amdocs.com/email_disclaimer.asp
>
>
Ok, i think i am beginning to understand..:-)

*Default gateway*
My default gateway on dom0 looks now like this:
default         192.168.1.1     0.0.0.0         UG        0 0          0
eth0

So the interface is eth0 and not xenbr0.
I don''t know if this makes a difference and if i need to change it and
how
to do that.

Thanks again!

-- 

Met vriendelijke groet / with kind regards,

Johan Barelds


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

2011/12/2 James Dingwall <james.dingwall@amdocs.com>
>
>
> The g/w for the domU indicates traffic should be sent to the dom0,
> 10.10.10.1.  With ip_forward = 1 the dom0 can now use its routing table to
> forward traffic via the eth0 interface to 192.168.10.1 which will know
> about the rest of the network.  This router must know that return traffic
> for 10.10.10.0/29 is to be forwarded to the eth0 IP of the dom0,
> 192.168.1.10 in this example.
>
>
> This message and the information contained herein is proprietary and
> confidential and subject to the Amdocs policy statement,
> you may review at http://www.amdocs.com/email_disclaimer.asp
>
>
Halleluja! Got it working..:-)
The trick was to assign a IP adress to the new bridge.
After that it worked flawless..:-)
Now i am going to prepare a script to configure all the steps at boot.
Thanks again for your help!

Gr. Johan

-- 

Met vriendelijke groet / with kind regards,

Johan Barelds

*Good IT!
*M: +31 (0)6 54253750
E: j.barelds@good-it.com
W: http://www.good-it.com


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Johan Barelds wrote:
>The trick was to assign a IP adress to the new bridge.
>After that it worked flawless..:-)
It working is possibly a side effect of adding an IP address. When 
your OS config scripts configure an IP address on an interface, they 
will set the interface state to up. It may well be that all you need 
to do is manually set the interface to up - "ifconfig ethx up" I 
think.

This stumped me for a while in my early days of experimenting with Xen.

If you don''t actually need an address/working Dom0 interface on that 
bridge, then it''s more secure to not configure one.

-- 
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.