On Wed, 2005-09-07 at 10:07 -0400, Tim Durack wrote:
> > I tried every possible network setup, routed, bridged-new, bridged-old,
> > all to no avail. I ended up with the old style bridged setup because it
> > was the last one I tried.
>
> > Everything else works, I evenhave a DHCP server in one of the guest
>
> > domains, which serves machines on a different subnet from the rest of
> > the machines, and everything works fine (as it was before), but I
> > cannot, for instance, ssh from Domain_0 to a guest domain.
>
>
> > I can ssh to anyother machine and ssh back to the guest domain from
> > there, and it works fine, only the direct connection fails, it hangs
> > never completes. I even used ethereal to try to figure what was going
>
> > on, but couldn't find anything, the connection just hangs there waiting
> > for a packet that never arrives.
>
> Sounds like the problem I have been experiencing.
>
> If you examine your packet capture carefully on the failed connections, you
> will probably see some transport layer checksum errors (tcp/udp.)
>
>
> If you want a routed setup, a workaround is to build gre tunnels over the top
> of the Dom0 vifX.0 <-> guest eth0 links.
>
> The new style bridged setup works, with the apparent limitation that Dom0 can
> now only be attached to one bridge group.
>
>
> If I remember correctly, vif0.0 should be bridged with vifX.0. veth0 should
> be assigned an appropriate address for your network.
> Dom0 veth0 is the equivalent of eth0 in a guest, vif0.0 being the matching
> end of the virtual link.
>
>
> Outside network access should work if you bridge eth0 in the same bridge
> group. Have fun if you want to run a firewall...
>
> Tim:>
<snip>
Hmmm . . . I'll take a stab in the dark at this. I've seen those types
of errors with checksum offloading. Someone on this list in reply to a
problem I was having mentioned that unstable implements checksum
offloading. What happens if you disable it? - John
--
John A. Sullivan III
Open Source Development Corporation
+1 207-985-7880
jsullivan@xxxxxxxxxxxxxxxxxxx
If you would like to participate in the development of an open source
enterprise class network security management system, please visit
http://iscs.sourceforge.net
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|