WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-devel] Re: Qestion about the Xen network?

from [Bei Guan] [Permanent Link][Original]
To: Samuel Thibault <samuel.thibault@xxxxxxxxxxxx>, Xen Devel <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject: [Xen-devel] Re: Qestion about the Xen network?
From: Bei Guan <gbtju85@xxxxxxxxx>
Date: Thu, 28 Oct 2010 21:24:06 +0800
Cc:
Delivery-date: Thu, 28 Oct 2010 06:24:49 -0700
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:content-type; bh=XF97DgcMeSQO9rSnU+TD12jbcmFzRq466ipaksYND/A=; b=UmczR/e42TyO4Db2FUB3i9oL815MHwJyDhg0xqfbUPgnD6HtD3m8Kuk0eMvz8QKYp0 9qf4IWLJ/47e0llfqITkGuL73BOtWnEnmZo9g469q4CItAuF+f46r3ekFfCj83wR1m43 igHPf60KMbCHKoJB6KniHha+/DRpLoZFSCY/I=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=ZLnA+Nc1bh15oXMRLIRaLDeRFcuSb/9Q2jNqfXu/H4ojJ7J5frqS0rv+OO9MAQi26N 6XBH1WSCRpsc5QUfZwNrzU0293DpArMHW/ZxDYEkCY54CM1BM+zio/U/tl5TyArOXuva N27wjHP2Fb0gpVIDGluM1u/OqAtpurMwvSAh8=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <20101022143251.GB5227@xxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <AANLkTikju8iBPZ+RTNOnCsOfpCvQwcxi3c0+pHFb_6+F@xxxxxxxxxxxxxx> <20101022143251.GB5227@xxxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx


2010/10/22 Samuel Thibault <samuel.thibault@xxxxxxxxxxxx>
Bei Guan, le Fri 22 Oct 2010 22:25:02 +0800, a écrit :
> What's the relationship between the eth0 and peth0? Which is my real
> network device card?

That's what you missed in the scheme: the xen scripts rename your real
network device card into peth0, and puts it into a bridge called eth0.
So you need to use the bridge called "eth0" in your PV scripts.


Hi Samuel,

With the libvrit, my PV can access to the outside network now. But it is something like NAT network, outside host can not access to the PV.  

Now I try to using the Xen bridge to configure my PV's network. As you say, the bridge here is "eth0", not "xenbr0".
So in the PV configuration file, the net interface is
vif = ['bridge=eth0']

After the PV (ubuntu) rebooting, I set its ip as 192.168.1.186. I can "ping" other host that are the in the same ethernet with the PV (192.168) successfully from Ubuntu. However, I can not access to my Ubuntu from host in ethernet "192.168". And my Ubuntu also can not "ping" the outside networ such as " 61.135.169.105". I think maybe some configuration is not correct, but i can not find it.

The following data maybe useful to find the reason.


Ping the outside internet from PV Ubuntu(192.168.1.186).
root@ubuntu:~# ping 61.135.169.105
connect: Network is unreachable



Ping the PV Ubuntu(192.168.1.186) from host(192.168.1.215) in the same ethernet. My Dom0’s ip is 192.168.1.129.
[root@localhost ~]# ping 192.168.1.186
PING 192.168.1.186 (192.168.1.186) 56(84) bytes of data.
>From 192.168.1.129 icmp_seq=1 Destination Host Prohibited
>From 192.168.1.129 icmp_seq=2 Destination Host Prohibited
>From 192.168.1.129 icmp_seq=3 Destination Host Prohibited
>From 192.168.1.129 icmp_seq=4 Destination Host Prohibited
>From 192.168.1.129 icmp_seq=5 Destination Host Prohibited
>From 192.168.1.129 icmp_seq=6 Destination Host Prohibited
>From 192.168.1.129 icmp_seq=7 Destination Host Prohibited

--- 192.168.1.186 ping statistics ---
7 packets transmitted, 0 received, +7 errors, 100% packet loss, time 5995ms

The data tcpdump caught as following.
[root@localhost ~]# tcpdump -i eth0 -nn host 192.168.1.186
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
21:03:46.478403 arp who-has 192.168.1.186 tell 192.168.1.215
21:03:46.478452 arp reply 192.168.1.186 is-at 00:21:9b:67:fb:b5
21:03:46.479022 IP 192.168.1.215 > 192.168.1.186: ICMP echo request, id 20242, seq 1, length 64
21:03:47.471539 IP 192.168.1.215 > 192.168.1.186: ICMP echo request, id 20242, seq 2, length 64
21:03:48.470562 IP 192.168.1.215 > 192.168.1.186: ICMP echo request, id 20242, seq 3, length 64
21:03:49.469642 IP 192.168.1.215 > 192.168.1.186: ICMP echo request, id 20242, seq 4, length 64
21:03:50.468594 IP 192.168.1.215 > 192.168.1.186: ICMP echo request, id 20242, seq 5, length 64
21:03:51.468415 IP 192.168.1.215 > 192.168.1.186: ICMP echo request, id 20242, seq 6, length 64
21:03:52.468643 IP 192.168.1.215 > 192.168.1.186: ICMP echo request, id 20242, seq 7, length 64


My dom0 iptables:
[root@localhost test1]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination        
ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:domain
ACCEPT     udp  --  anywhere             anywhere            udp dpt:bootps
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:bootps
RH-Firewall-1-INPUT  all  --  anywhere             anywhere           

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination        
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED PHYSDEV match --physdev-out vif7.1
ACCEPT     udp  --  anywhere             anywhere            PHYSDEV match --physdev-in vif7.1 udp spt:bootpc dpt:bootps
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED PHYSDEV match --physdev-out vif7.1
ACCEPT     all  --  localhost            anywhere            PHYSDEV match --physdev-in vif7.1
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED PHYSDEV match --physdev-out vif7.0
ACCEPT     all  --  anywhere             anywhere            PHYSDEV match --physdev-in vif7.0
ACCEPT     all  --  anywhere             localhost/24        state RELATED,ESTABLISHED
ACCEPT     all  --  localhost/24         anywhere           
ACCEPT     all  --  anywhere             anywhere           
REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable
REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination        

Chain RH-Firewall-1-INPUT (1 references)
target     prot opt source               destination        
ACCEPT     all  --  anywhere             anywhere           
ACCEPT     icmp --  anywhere             anywhere            icmp any
ACCEPT     esp  --  anywhere             anywhere           
ACCEPT     ah   --  anywhere             anywhere           
ACCEPT     udp  --  anywhere             224.0.0.251         udp dpt:mdns
ACCEPT     udp  --  anywhere             anywhere            udp dpt:ipp
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ipp
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ftp
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:nfs
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:telnet
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:https
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:smtp

My bridge info:
[root@localhost test1]# brctl show
bridge name     bridge id               STP enabled     interfaces
eth0            8000.0024e839fa54       no              peth0
                                                        vif7.0
                                                        vif7.1
virbr0          8000.000000000000       no


My network interface:

[root@localhost test1]# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:24:E8:39:FA:54 
          inet addr:192.168.1.129  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::224:e8ff:fe39:fa54/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:138634 errors:0 dropped:0 overruns:0 frame:0
          TX packets:31385 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:29362891 (28.0 MiB)  TX bytes:5957728 (5.6 MiB)

lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:1915 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1915 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:3136132 (2.9 MiB)  TX bytes:3136132 (2.9 MiB)

peth0     Link encap:Ethernet  HWaddr 00:24:E8:39:FA:54 
          inet6 addr: fe80::224:e8ff:fe39:fa54/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:144620 errors:0 dropped:0 overruns:0 frame:0
          TX packets:31686 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:31634537 (30.1 MiB)  TX bytes:6025862 (5.7 MiB)
          Memory:fe6e0000-fe700000

vif7.0    Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF 
          inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:64 errors:0 dropped:0 overruns:0 frame:0
          TX packets:17333 errors:0 dropped:28 overruns:0 carrier:0
          collisions:0 txqueuelen:32
          RX bytes:16284 (15.9 KiB)  TX bytes:1075564 (1.0 MiB)

vif7.1    Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF 
          inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:43 errors:0 dropped:17360 overruns:0 carrier:0
          collisions:0 txqueuelen:32
          RX bytes:0 (0.0 b)  TX bytes:8116 (7.9 KiB)

virbr0    Link encap:Ethernet  HWaddr 00:00:00:00:00:00 
          inet addr:192.168.122.1  Bcast:192.168.122.255  Mask:255.255.255.0
          inet6 addr: fe80::200:ff:fe00:0/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:37 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:5621 (5.4 KiB)


Any advice from you is appreciated.
Thank you very much!

Bei Guan


 
Samuel

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-devel] Re: xend does not start, Keir Fraser
Next by Date:  Re: [Xen-devel] Re: xend does not start, David Cemin
Previous by Thread:  [Xen-devel] Re: Qestion about the Xen network?, Bei Guan
Next by Thread:  [Xen-devel] Re: Qestion about the Xen network?, Bei Guan
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy