Hi I''m setting up Xen 4.1 on a remote box, host plus three guests all running Gentoo Linux. Everything is working fine so far, however, I''m having trouble wrapping my mind around bridged networking. Dom0 has one physical interface eth0 installed which is currently assigned a public static IP. I have three more public static IPs, one for each DomU. The goal: Each Dom is communicating with it''s own public static IP. Apparently, the first step is to create a bridge with eth0 being on end of it. However, I''m not sure how to configure the bridge and how to set up the other end of it. Maybe somebody with a similar scenario could help? Thanks a lot!
On Fri, 2012-12-07 at 09:37 +0000, Sven wrote:> Hi > > I''m setting up Xen 4.1 on a remote box, host plus three guests all running > Gentoo Linux. Everything is working fine so far, however, I''m having trouble > wrapping my mind around bridged networking. > > Dom0 has one physical interface eth0 installed which is currently assigned a > public static IP. I have three more public static IPs, one for each DomU. The > goal: Each Dom is communicating with it''s own public static IP. > > Apparently, the first step is to create a bridge with eth0 being on end of it. > However, I''m not sure how to configure the bridge and how to set up the other > end of it. > > Maybe somebody with a similar scenario could help?Have you had a look at the wiki, e.g. http://wiki.xen.org/wiki/Network_Configuration_Examples_%28Xen_4.1%2B%29 ? Ian.
> Have you had a look at the wiki, e.g. > http://wiki.xen.org/wiki/Network_Configuration_Examples_%28Xen_4.1%2B%29Yes, I have, but I''m not sure how to configure the bridge in my case. Currenty, eth0 is configured with the public static IP of Dom0. Do I have to move this configuration to xenbr0? Which interface will Dom0 use after the bridge is up? -sven
On Fri, 2012-12-07 at 10:56 +0000, Sven wrote:> > Have you had a look at the wiki, e.g. > > http://wiki.xen.org/wiki/Network_Configuration_Examples_%28Xen_4.1%2B%29 > > Yes, I have, but I''m not sure how to configure the bridge in my case. > > Currenty, eth0 is configured with the public static IP of Dom0. Do I have to > move this configuration to xenbr0? Which interface will Dom0 use after the > bridge is up?Yes, you want to put the IP configuration on xenbr0. The existing eth0 will become a port on that bridge and traffic will go xenbr0->eth0->network. There are no Gentoo examples on our page but the first hit on google for "gentoo bridge" is http://en.gentoo-wiki.com/wiki/Bridging_Network_Interfaces and the second is http://www.gentoo-wiki.info/Bridging . Ian.
On 2012-12-07 10:56, Sven wrote:>> Have you had a look at the wiki, e.g. >> >> http://wiki.xen.org/wiki/Network_Configuration_Examples_%28Xen_4.1%2B%29 > > Yes, I have, but I''m not sure how to configure the bridge in my case. > > Currenty, eth0 is configured with the public static IP of Dom0. Do I > have to > move this configuration to xenbr0? Which interface will Dom0 use > after the > bridge is up?Assuming your dom0 is also Gentoo try the following in your /etc/conf.d/net config_eth0="null" dns_domain_eth0="example.com" dns_servers_eth0="dnsip1 dnsip2" dns_search_eth0="example.com search.com" routes_eth0="" bridge_breth0="eth0" config_breth0="dom0ip/netmask" brctl_breth0="setfd 0 sethello 10 stp off" routes_breth0="default via gatewayip" rc_net_need_breth0="net.eth0" Create suitable links in /etc/init.d from net.lo to net.eth0 and net.breth0 then rc-update to add them to the default runlevel. rc-update add net.eth0 default rc-update add net.breth0 default You could probably consolidate the dns settings to the bridge configuration. In my guest configuration file I have: vif = [ ''bridge=breth0'' ]
bridge_xenbr0="eth0" config_xenbr0="xxx.xxx.xxx.xxx/28" routes_xenbr0="default gw yyy.yyy.yyy.yyy" Dne 7.12.2012 12:05, Ian Campbell napsal(a):> On Fri, 2012-12-07 at 10:56 +0000, Sven wrote: >>> Have you had a look at the wiki, e.g. >>> http://wiki.xen.org/wiki/Network_Configuration_Examples_%28Xen_4.1%2B%29 >> Yes, I have, but I''m not sure how to configure the bridge in my case. >> >> Currenty, eth0 is configured with the public static IP of Dom0. Do I have to >> move this configuration to xenbr0? Which interface will Dom0 use after the >> bridge is up? > Yes, you want to put the IP configuration on xenbr0. The existing eth0 > will become a port on that bridge and traffic will go > xenbr0->eth0->network. > > There are no Gentoo examples on our page but the first hit on google for > "gentoo bridge" is > http://en.gentoo-wiki.com/wiki/Bridging_Network_Interfaces and the > second is http://www.gentoo-wiki.info/Bridging . > > Ian. > > > _______________________________________________ > Xen-users mailing list > Xen-users@lists.xen.org > http://lists.xen.org/xen-users_______________________________________________ Xen-users mailing list Xen-users@lists.xen.org http://lists.xen.org/xen-users
(Jan Hejl, sorry for missent email) ;) 07.12.2012 18:22, Jan Hejl пишет:> bridge_xenbr0="eth0" > > config_xenbr0="xxx.xxx.xxx.xxx/28" > routes_xenbr0="default gw yyy.yyy.yyy.yyy" >or, in my case: modules="iproute2" # empty, because of it is only domU interfaces inside it, eth0 is outside bridge_xen="" config_xen="<routed_ipv6_subnet>::1/128" routes_xen="<routes_to_domUs_network>" config_eth0="<eth0_uplink_IPs>" routes_eth0="<eth0_uplink_routes>" (btw, sorry, for little offtop, but can this configuration be the reason of speed issues between internal domUs network and Internet?) _______________________________________________ Xen-users mailing list Xen-users@lists.xen.org http://lists.xen.org/xen-users
> Assuming your dom0 is also Gentoo try the following in your > /etc/conf.d/netThanks a bunch for your hints, James, I''ll give it a shot later today. -sven
Hi I''ve altered my configs as per James'' examples. The bridge on Dom0 works fine and with "xl create dom1" creates the vif, no errors at all. I can log on with "xl console dom1" and see eth0 came up alright and configured. Still no networking in Dom1: | ~# telnet 74.125.230.196 80 # google.com | Trying 74.125.230.196... | telnet: Unable to connect to remote host: No route to host After googling and trying things for a few hours, I still haven''t figured out how come. :-/ I''m only doing IPv4 for now since I have individual IPv4 for all Doms. No iptables on any Dom at this point. Since no problems are displayed or logged, I have no clue how to further debug this and help is very welcome! Thanks a lot, -sven Dom0 ---- # ifconfig -a | eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 | inet6 ****::****:****:****:**** prefixlen 64 scopeid 0x20<link> | ether **:**:**:**:**:e1 txqueuelen 1000 (Ethernet) | RX packets 1286 bytes 117136 (114.3 KiB) | RX errors 0 dropped 0 overruns 0 frame 0 | TX packets 965 bytes 309882 (302.6 KiB) | TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 | vif1.0: flags=4098<BROADCAST,MULTICAST> mtu 1500 | ether fe:ff:ff:ff:ff:ff txqueuelen 32 (Ethernet) | RX packets 0 bytes 0 (0.0 B) | RX errors 0 dropped 0 overruns 0 frame 0 | TX packets 0 bytes 0 (0.0 B) | TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 | xenbr0: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST> mtu 1500 | inet **.**.97.72 netmask 255.255.255.224 broadcast **.**.97.95 | inet6 ****::****:****:****:**** prefixlen 64 scopeid 0x20<link> | ether <<same as eth0>> txqueuelen 0 (Ethernet) | RX packets 1286 bytes 99112 (96.7 KiB) | RX errors 0 dropped 0 overruns 0 frame 0 | TX packets 959 bytes 309414 (302.1 KiB) | TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 # route -n | Destination Gateway Genmask Flags Metric Ref Use Iface | 0.0.0.0 **.**.97.65 0.0.0.0 UG 4 0 0 xenbr0 | **.**.97.64 0.0.0.0 255.255.255.224 U 0 0 0 xenbr0 | 127.0.0.0 127.0.0.1 255.0.0.0 UG 0 0 0 lo # brctl show | bridge name bridge id STP enabled interfaces | xenbr0 8000.**********e1 no eth0 # cat /etc/sysctl.conf | net.ipv4.ip_forward = 1 Dom1 ---- # ifconfig | eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 | inet **.**.97.66 netmask 255.255.255.224 broadcast **.**.97.95 | inet6 ****::***:****:****:**** prefixlen 64 scopeid 0x20<link> | ether **:**:**:**:**:08 txqueuelen 1000 (Ethernet) | RX packets 0 bytes 0 (0.0 B) | RX errors 0 dropped 0 overruns 0 frame 0 | TX packets 30 bytes 1476 (1.4 KiB) | TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 | device interrupt 25 # route -n | Destination Gateway Genmask Flags Metric Ref Use Iface | 0.0.0.0 **.**.97.65 0.0.0.0 UG 2 0 0 eth0 | **.**.97.64 0.0.0.0 255.255.255.224 U 0 0 0 eth0 | 127.0.0.0 127.0.0.1 255.0.0.0 UG 0 0 0 lo # console (network related stuff) | [ 0.000000] Xen version: 4.1.1 (preserve-AD) | [ 0.000000] Kernel command line: root=/dev/xvda1 console=hvc0 root=/dev/xvda1 ro 3 | [ 0.012011] NET: Registered protocol family 16 | [ 0.016136] PCI: System does not support PCI | [ 0.016237] NetLabel: Initializing | [ 0.016240] NetLabel: domain hash size = 128 | [ 0.016242] NetLabel: protocols = UNLABELED CIPSOv4 | [ 0.016248] NetLabel: unlabeled traffic allowed by default | [ 0.017472] NET: Registered protocol family 2 | [ 0.017828] IP route cache hash table entries: 262144 (order: 9, 2097152 bytes) | [ 0.019279] TCP established hash table entries: 524288 (order: 11, 8388608 bytes) | [ 0.020341] TCP bind hash table entries: 65536 (order: 8, 1048576 bytes) | [ 0.020456] TCP: Hash tables configured (established 524288 bind 65536) | [ 0.020459] TCP: reno registered | [ 0.020484] UDP hash table entries: 4096 (order: 5, 131072 bytes) | [ 0.020523] UDP-Lite hash table entries: 4096 (order: 5, 131072 bytes) | [ 0.020583] NET: Registered protocol family 1 | [ 0.020616] PCI-DMA: Using software bounce buffering for IO (SWIOTLB) | [ 0.025036] brd: module loaded | [ 0.025541] loop: module loaded | [ 0.044880] Initialising Xen virtual ethernet driver. | [ 0.261392] nf_conntrack version 0.5.0 (16384 buckets, 65536 max) | [ 0.261559] ip_tables: (C) 2000-2006 Netfilter Core Team | [ 0.261569] TCP: cubic registered | [ 0.261691] NET: Registered protocol family 10 | [ 0.261827] ip6_tables: (C) 2000-2006 Netfilter Core Team | [ 0.261841] sit: IPv6 over IPv4 tunneling driver | [ 0.261951] NET: Registered protocol family 17 | [ 0.261964] Bridge firewalling registered
Hello Sven, i''ve encountered same problem few moths ago with Gentoo Live CD. After "xl create domU.config" i saw vif1.0 and tap1.0 on Dom0, but then when Live CD boot up, tap1.0 device dissapeared. It was something with ACPI. I''ve got this in DomU config: acpi=1 apic=0 and DomU networking works. I didn''t figered out what was the problem but this may help you. Jan On 12/20/2012 07:09 PM, Sven wrote:> Hi > > I''ve altered my configs as per James'' examples. The bridge on Dom0 works fine > and with "xl create dom1" creates the vif, no errors at all. I can log on with > "xl console dom1" and see eth0 came up alright and configured. Still no > networking in Dom1: > > | ~# telnet 74.125.230.196 80 # google.com > | Trying 74.125.230.196... > | telnet: Unable to connect to remote host: No route to host > > After googling and trying things for a few hours, I still haven''t figured out > how come. :-/ > > I''m only doing IPv4 for now since I have individual IPv4 for all Doms. No > iptables on any Dom at this point. > > Since no problems are displayed or logged, I have no clue how to further debug > this and help is very welcome! > > Thanks a lot, -sven > > > Dom0 > ---- > > # ifconfig -a > | eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 > | inet6 ****::****:****:****:**** prefixlen 64 scopeid 0x20<link> > | ether **:**:**:**:**:e1 txqueuelen 1000 (Ethernet) > | RX packets 1286 bytes 117136 (114.3 KiB) > | RX errors 0 dropped 0 overruns 0 frame 0 > | TX packets 965 bytes 309882 (302.6 KiB) > | TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > | vif1.0: flags=4098<BROADCAST,MULTICAST> mtu 1500 > | ether fe:ff:ff:ff:ff:ff txqueuelen 32 (Ethernet) > | RX packets 0 bytes 0 (0.0 B) > | RX errors 0 dropped 0 overruns 0 frame 0 > | TX packets 0 bytes 0 (0.0 B) > | TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > | xenbr0: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST> mtu 1500 > | inet **.**.97.72 netmask 255.255.255.224 broadcast **.**.97.95 > | inet6 ****::****:****:****:**** prefixlen 64 scopeid 0x20<link> > | ether <<same as eth0>> txqueuelen 0 (Ethernet) > | RX packets 1286 bytes 99112 (96.7 KiB) > | RX errors 0 dropped 0 overruns 0 frame 0 > | TX packets 959 bytes 309414 (302.1 KiB) > | TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > > # route -n > | Destination Gateway Genmask Flags Metric Ref Use Iface > | 0.0.0.0 **.**.97.65 0.0.0.0 UG 4 0 0 xenbr0 > | **.**.97.64 0.0.0.0 255.255.255.224 U 0 0 0 xenbr0 > | 127.0.0.0 127.0.0.1 255.0.0.0 UG 0 0 0 lo > > # brctl show > | bridge name bridge id STP enabled interfaces > | xenbr0 8000.**********e1 no eth0 > > # cat /etc/sysctl.conf > | net.ipv4.ip_forward = 1 > > > Dom1 > ---- > > # ifconfig > | eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 > | inet **.**.97.66 netmask 255.255.255.224 broadcast **.**.97.95 > | inet6 ****::***:****:****:**** prefixlen 64 scopeid 0x20<link> > | ether **:**:**:**:**:08 txqueuelen 1000 (Ethernet) > | RX packets 0 bytes 0 (0.0 B) > | RX errors 0 dropped 0 overruns 0 frame 0 > | TX packets 30 bytes 1476 (1.4 KiB) > | TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > | device interrupt 25 > > # route -n > | Destination Gateway Genmask Flags Metric Ref Use Iface > | 0.0.0.0 **.**.97.65 0.0.0.0 UG 2 0 0 eth0 > | **.**.97.64 0.0.0.0 255.255.255.224 U 0 0 0 eth0 > | 127.0.0.0 127.0.0.1 255.0.0.0 UG 0 0 0 lo > > # console (network related stuff) > | [ 0.000000] Xen version: 4.1.1 (preserve-AD) > | [ 0.000000] Kernel command line: root=/dev/xvda1 console=hvc0 > root=/dev/xvda1 ro 3 > | [ 0.012011] NET: Registered protocol family 16 > | [ 0.016136] PCI: System does not support PCI > | [ 0.016237] NetLabel: Initializing > | [ 0.016240] NetLabel: domain hash size = 128 > | [ 0.016242] NetLabel: protocols = UNLABELED CIPSOv4 > | [ 0.016248] NetLabel: unlabeled traffic allowed by default > | [ 0.017472] NET: Registered protocol family 2 > | [ 0.017828] IP route cache hash table entries: 262144 (order: 9, 2097152 > bytes) > | [ 0.019279] TCP established hash table entries: 524288 (order: 11, 8388608 > bytes) > | [ 0.020341] TCP bind hash table entries: 65536 (order: 8, 1048576 bytes) > | [ 0.020456] TCP: Hash tables configured (established 524288 bind 65536) > | [ 0.020459] TCP: reno registered > | [ 0.020484] UDP hash table entries: 4096 (order: 5, 131072 bytes) > | [ 0.020523] UDP-Lite hash table entries: 4096 (order: 5, 131072 bytes) > | [ 0.020583] NET: Registered protocol family 1 > | [ 0.020616] PCI-DMA: Using software bounce buffering for IO (SWIOTLB) > | [ 0.025036] brd: module loaded > | [ 0.025541] loop: module loaded > | [ 0.044880] Initialising Xen virtual ethernet driver. > | [ 0.261392] nf_conntrack version 0.5.0 (16384 buckets, 65536 max) > | [ 0.261559] ip_tables: (C) 2000-2006 Netfilter Core Team > | [ 0.261569] TCP: cubic registered > | [ 0.261691] NET: Registered protocol family 10 > | [ 0.261827] ip6_tables: (C) 2000-2006 Netfilter Core Team > | [ 0.261841] sit: IPv6 over IPv4 tunneling driver > | [ 0.261951] NET: Registered protocol family 17 > | [ 0.261964] Bridge firewalling registered > > > > _______________________________________________ > Xen-users mailing list > Xen-users@lists.xen.org > http://lists.xen.org/xen-users_______________________________________________ Xen-users mailing list Xen-users@lists.xen.org http://lists.xen.org/xen-users
Hello. El 20/12/12 12:09, Sven escribió:> | ~# telnet 74.125.230.196 80 # google.com > | Trying 74.125.230.196... > | telnet: Unable to connect to remote host: No route to host > > After googling and trying things for a few hours, I still haven''t figured out > how come. :-/Look on it with tcpdump, it can show you the network traffic, and where does it stops. Run it on Dom0. On vif1.0, you shall see the packets trying to leave DomU. If you don''t see the same packets on xenbr0, then the problem is within the bridge itself.> Dom0 > ---- > > # brctl show > | bridge name bridge id STP enabled interfaces > | xenbr0 8000.**********e1 no eth0Where is your vif1.0? I assume your DomU ID is "1", so vif1.0 should be attached to xenbr0. If it is non, than this might be the problem.> # cat /etc/sysctl.conf > | net.ipv4.ip_forward = 1BTW, this is not needed for bridged network on Dom0.> Dom1 > ---- > > # route -n > | Destination Gateway Genmask Flags Metric Ref Use Iface > | 0.0.0.0 **.**.97.65 0.0.0.0 UG 2 0 0 eth0 > | **.**.97.64 0.0.0.0 255.255.255.224 U 0 0 0 eth0 > | 127.0.0.0 127.0.0.1 255.0.0.0 UG 0 0 0 loIs **.**.97.65 reachable/pingable from DomU? I guess it''s reachable from Dom0, since it is Dom0''s gateway. Greetings. -- Alexandre Kouznetsov
Alexandre Kouznetsov <alk <at> ondore.com> writes:> > # brctl show > > | bridge name bridge id STP enabled interfaces > > | xenbr0 8000.**********e1 no eth0 > Where is your vif1.0? I assume your DomU ID is "1", so vif1.0 should be > attached to xenbr0. If it is non, than this might be the problem.Yes, Dom1 has ID 1. I tried adding the interface manually with "brctl addif xenbr0 vif1.0": | bridge name bridge id STP enabled interfaces | xenbr0 8000.**********e1 no eth0 | vif1.0 Unfortunately, still no networking on Dom1. According to the docs, "xl create" should call the /etc/xen/scripts/vif-bridge script. However, I can rename it to vif-bridge-OFF and everything remains the same: The vif is created but not added to the bridge. It seems the script is not executed after all. This is in my xl.conf: | # default vif script | vifscript="vif-bridge" | #vifscript="vif-route"> Is **.**.97.65 reachable/pingable from DomU? I guess it''s reachable from > Dom0, since it is Dom0''s gateway.Nope, I can''t ping the gateway. (BTW @Jan: acpi=1 apic=0 doesn''t help neither.)
Open the "virt-manager" and check which bridge "DOM1" is connected to. If it is something other then "Xenbr0" then change it to "Xenbr0". I suppose you are configuring the Xen in bridge mode? If so, make sure that the NIC interface of DOM1 is set to "share a Network device" rather then "NAT..." On Thu, Dec 20, 2012 at 11:09 PM, Sven <svoop@delirium.ch> wrote:> *-- SysNet Lab, FAST-National University, H-11/4 A.K. Brohi Road, Islamabad, Pakistan _______________________________________________ Xen-users mailing list Xen-users@lists.xen.org http://lists.xen.org/xen-users
> Open the "virt-manager" and check which bridge "DOM1" is connected to. > If it is something other then "Xenbr0" then change it to "Xenbr0". > I suppose you are configuring the Xen in bridge mode? If so, make sure > that the NIC interface of DOM1 is set to "share a Network device" > rather then "NAT..."This is a server with no window manager installed. I''d like to keep it that way since virt-manager would require over 100 packages to be installed and maintained. -sven
Hello, Sven. El 20/12/12 13:33, Sven escribió:> Alexandre Kouznetsov <alk <at> ondore.com> writes: > >>> # brctl show >>> | bridge name bridge id STP enabled interfaces >>> | xenbr0 8000.**********e1 no eth0 >> Where is your vif1.0? I assume your DomU ID is "1", so vif1.0 should be >> attached to xenbr0. If it is non, than this might be the problem. > > Yes, Dom1 has ID 1. I tried adding the interface manually with "brctl addif > xenbr0 vif1.0": > > | bridge name bridge id STP enabled interfaces > | xenbr0 8000.**********e1 no eth0 > | vif1.0 > > Unfortunately, still no networking on Dom1.This configuration should make traffic from vif1.0 to be visible on xenbr0. It should be traceable by tcpdump.> According to the docs, "xl create" should call the /etc/xen/scripts/vif-bridge > script. However, I can rename it to vif-bridge-OFF and everything remains the > same: The vif is created but not added to the bridge. It seems the script is not > executed after all. This is in my xl.conf: > > | # default vif script > | vifscript="vif-bridge" > | #vifscript="vif-route"As I see it, you are dealing with two problems. The first is to get your DomU networking to work, the second is to make you Xen scripts to build the working configuration automatically. Normally, both problems should be closed by the same solution, but it looks like this is not the case. Probably it''s good idea to get the concept working first, then see what''s wrong with xl and why it can''t reproduce the working configuration.>> Is **.**.97.65 reachable/pingable from DomU? I guess it''s reachable from >> Dom0, since it is Dom0''s gateway. > > Nope, I can''t ping the gateway.Another relevant test would be to test connectivity between DomU and Dom0. If you where affected by some restriction outside of your box, this test would reveal it. Ping from DomU to Dom0 don''t have to leave the bridge. Greetings. -- Alexandre Kouznetsov
Hi Alexandre I couldn''t continue debugging my network issue due to family reasons, but I''m now back at it with news. After some issues with the not yet stable Xen 4.2 package on Gentoo, I could install it meanwhile. And on Xen 4.2 some of the issues are gone. I left all Xen configs at their default and use the following guest definition now: name = "dom1-tango" uuid = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx" bootloader = "pygrub" root = "/dev/xvda1 ro" extra = "3" # runlevel memory = 5000 disk = [ ''phy:/dev/md1,xvda1,w'' ] vif = [ ''bridge=xenbr0'' ] After creating the domU, I have the following on dom0: vif1.0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet6 fe80::fcff:ffff:feff:ffff prefixlen 64 scopeid 0x20<link> ether fe:ff:ff:ff:ff:ff txqueuelen 32 (Ethernet) RX packets 82 bytes 3756 (3.6 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 58 bytes 4314 (4.2 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 xenbr0: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST> mtu 1500 inet xx.xx.xx.72 netmask 255.255.255.224 broadcast xx.xx.xx.95 inet6 xxxx::xxxx:xxxx:xxxx:ede1 prefixlen 64 scopeid 0x20<link> ether xx:xx:xx:xx:xx:e1 txqueuelen 0 (Ethernet) RX packets 11424 bytes 734781 (717.5 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 5683 bytes 899447 (878.3 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 bridge name bridge id STP enabled interfaces xenbr0 8000.xxxxxxxxxxe1 no eth0 vif1.0 So far, so good. I have full network on dom0 and I can ping dom0 on domU as well. However, I can''t ping the gateway on domU. Apparently, the problem is on dom0 since the traffic from domU gets to the bridge - but not beyond. Any ideas what I could try next?
Hello. El 13/01/13 05:31, Sven escribió:>[...] > bridge name bridge id STP enabled interfaces > xenbr0 8000.xxxxxxxxxxe1 no eth0 > vif1.0 > So far, so good. I have full network on dom0 and I can ping dom0 on domU as > well. However, I can''t ping the gateway on domU. > > Apparently, the problem is on dom0 since the traffic from domU gets to the > bridge - but not beyond.Firewalling on DomO or on the gateway? ACL on the switch? Wrong network mask?
> Firewalling on DomO or on the gateway? > ACL on the switch? > Wrong network mask?I figured it out: Since I followed the Gentoo guide, the kernel had a support compiled in for netfilter to see bridge traffic. Adding a few rules or removing support and my DomU is online. (Only on Xen 4.2 though. On 4.1 the bridge script is broken and even adding it manually doesn''t wire the DomU.) Thanks for your help!
Hello. El 15/01/13 11:25, Sven escribió:>> Firewalling on DomO or on the gateway? >> ACL on the switch? >> Wrong network mask? > > I figured it out: Since I followed the Gentoo guide, the kernel had a support > compiled in for netfilter to see bridge traffic. Adding a few rules or removing > support and my DomU is online.Great! xend is supposed to be able to add the needed ipfilter rules, to allow DomU''s traffic, on a firewalled Dom0. Refernece: http://lists.xen.org/archives/html/xen-users/2012-11/msg00226.html http://wiki.xen.org/wiki/Network_Configuration_Examples_%28Xen_4.1%2B%29 Honestly, Xen''s iptables management never worked fine for me, I always used a external iptables script. Something like this: iptables -A FORWARD -m physdev --physdev-in vif+ -j ACCEPT iptables -A FORWARD -m physdev --physdev-out vif+ -j ACCEPT> (Only on Xen 4.2 though. On 4.1 the bridge script > is broken and even adding it manually doesn''t wire the DomU.)Bridge-script is known to be broken since a while ago. The general recommendation is to build the bridge itself with OS''s means, and make Xen to use as is. Greetings. -- Alexandre Kouznetsov