WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] Xen on production enviroment

On Wed, 2005-09-07 at 10:07 -0400, Tim Durack wrote:
> > I tried every possible network setup, routed, bridged-new, bridged-old,
> > all to no avail. I ended up with the old style bridged setup because it
> > was the last one I tried.
> 
> > Everything else works, I evenhave a DHCP server in one of the guest
> 
> > domains, which serves machines on a different subnet from the rest of
> > the machines, and everything works fine (as it was before), but I
> > cannot, for instance, ssh from Domain_0 to a guest domain.
> 
> 
> > I can ssh to anyother machine and ssh back to the guest domain from
> > there, and it works fine, only the direct connection fails, it hangs
> > never completes. I even used ethereal to try to figure what was going
> 
> > on, but couldn't find anything, the connection just hangs there waiting
> > for a packet that never arrives.
> 
> Sounds like the problem I have been experiencing.
> 
> If you examine your packet capture carefully on the failed connections, you 
> will probably see some transport layer checksum errors (tcp/udp.)
> 
> 
> If you want a routed setup, a workaround is to build gre tunnels over the top 
> of the Dom0 vifX.0 <-> guest eth0 links.
> 
> The new style bridged setup works, with the apparent limitation that Dom0 can 
> now only be attached to one bridge group.
> 
> 
> If I remember correctly, vif0.0 should be bridged with vifX.0. veth0 should 
> be assigned an appropriate address for your network.
> Dom0 veth0 is the equivalent of eth0 in a guest, vif0.0 being the matching 
> end of the virtual link.
> 
> 
> Outside network access should work if you bridge eth0 in the same bridge 
> group. Have fun if you want to run a firewall...
> 
> Tim:>
<snip>
Hmmm . . . I'll take a stab in the dark at this.  I've seen those types
of errors with checksum offloading.  Someone on this list in reply to a
problem I was having mentioned that unstable implements checksum
offloading.  What happens if you disable it? - John
-- 
John A. Sullivan III
Open Source Development Corporation
+1 207-985-7880
jsullivan@xxxxxxxxxxxxxxxxxxx

If you would like to participate in the development of an open source
enterprise class network security management system, please visit
http://iscs.sourceforge.net


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users