WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-users] Dom0 gateway

from [Rob Dyke] [Permanent Link][Original]
To: "Sergio Maffioletti (CSCS)" <sergio.maffioletti@xxxxxxx>
Subject: Re: [Xen-users] Dom0 gateway
From: Rob Dyke <robdyke@xxxxxxxxx>
Date: Fri, 25 Nov 2005 12:51:06 +0000
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Fri, 25 Nov 2005 12:51:09 +0000
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:references; b=hwgNrmNY+McBCuDG9DDOBZ6Tbn803LXDUk4nrfn6jvF1vBg/lgwRuBXmfl09sTmDuxhsvQ4HwssxbSbQiIbZYVh+RU9M7D8tzBVlIqndz31FR1Nmkwz2uFblEylIb2hWblZcl+doHhr1wxHlGOHM7026Sxece9rHHdVLixLhsvM=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <200511251121.51478.sergio.maffioletti@xxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <200511251121.51478.sergio.maffioletti@xxxxxxx>
Reply-to: emailme@xxxxxxxxxxx
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Sergio, All,

This is very similar to the question I posted a couple of days ago regarding the networking setup on a colo server with public IPs.

My settings are similar - but I have not got an IP assigned to eth0 on domU....

On domU (FC4):
[root@dellserver ~]# brctl show xen-br0
bridge name     bridge id               STP enabled     interfaces
xen-br0         8000.00142272e278       no              eth0
                                                        vif1.0

[root@dellserver ~]# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:14:22:72:E2:78 
          inet6 addr: fe80::214:22ff:fe72:e278/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:15940810 errors:0 dropped:0 overruns:0 frame:0
          TX packets:42 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:4185960609 (3.8 GiB)  TX bytes:3566 (3.4 KiB)
          Base address:0xecc0 Memory:dfde0000-dfe00000

eth1      Link encap:Ethernet  HWaddr 00:14:22:72:E2:79 
          inet addr:85.234.137.34  Bcast:85.234.137.255  Mask:255.255.255.0
          inet6 addr: fe80::214:22ff:fe72:e279/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1117214 errors:0 dropped:0 overruns:0 frame:0
          TX packets:62116 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:81320608 (77.5 MiB)  TX bytes:86637157 (82.6 MiB)
          Base address:0xdcc0 Memory:df9e0000-dfa00000

eth1:0    Link encap:Ethernet  HWaddr 00:14:22:72:E2:79 
          inet addr:85.234.137.35  Bcast:85.234.137.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Base address:0xdcc0 Memory:df9e0000-dfa00000

eth1:1    Link encap:Ethernet  HWaddr 00:14:22:72:E2:79 
          inet addr:85.234.137.36  Bcast:85.234.137.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Base address:0xdcc0 Memory:df9e0000-dfa00000

lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:3591 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3591 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:290872 (284.0 KiB)  TX bytes:290872 (284.0 KiB)

vif1.0    Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF 
          inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:35 errors:0 dropped:0 overruns:0 frame:0
          TX packets:467698 errors:0 dropped:4424 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:2702 (2.6 KiB)  TX bytes:26353434 (25.1 MiB)

xen-br0   Link encap:Ethernet  HWaddr 00:14:22:72:E2:78 
          inet6 addr: fe80::200:ff:fe00:0/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1081281 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:62848349 (59.9 MiB)  TX bytes:378 (378.0 b)

[root@dellserver ~]# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
85.234.137.0    *               255.255.255.0   U     0      0        0 eth1
169.254.0.0     *               255.255.0.0     U     0      0        0 eth1
default         85-234-137-1.po 0.0.0.0         UG    0      0        0 eth1
[root@dellserver ~]#


on my dom0 (FC4 also)
[root@dellserver ~]# xm console vm-colo1
************ REMOTE CONSOLE: CTRL-] TO QUIT ********

[root@vm-colo1 ~]# ifconfig
eth0      Link encap:Ethernet  HWaddr BA:D0:C0:FF:EE:01 
          inet addr:85.234.137.244  Bcast:85.234.137.255  Mask:255.255.255.0
          inet6 addr: fe80::b8d0:c0ff:feff:ee01/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:560282 errors:0 dropped:0 overruns:0 frame:0
          TX packets:35 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:31647509 (30.1 MiB)  TX bytes:2702 (2.6 KiB)

lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:560 (560.0 b)  TX bytes:560 (560.0 b)

[root@vm-colo1 ~]# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
85.234.137.0    *               255.255.255.0   U     0      0        0 eth0
169.254.0.0     *               255.255.0.0     U     0      0        0 eth0
default         dellserver.comw 0.0.0.0         UG    0      0        0 eth0
[root@vm-colo1 ~]#

What happens with this network configuration? Well I can ping eth1 on domU but I am not able to ping e.g. the network gateway.

As you can see from my iptables output I have tried to use the rules as outlined in the xensource wiki.

root@dellserver ~]# iptables -L
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination        
ACCEPT     all  --  anywhere             anywhere            PHYSDEV match --physdev-in eth0 ! --physdev-out eth0
ACCEPT     all  --  anywhere             anywhere            PHYSDEV match ! --physdev-in eth0 --physdev-out eth0
RH-Firewall-1-INPUT  all  --  anywhere             anywhere           

Chain INPUT (policy ACCEPT)
target     prot opt source               destination        
RH-Firewall-1-INPUT  all  --  anywhere             anywhere           

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination        

Chain RH-Firewall-1-INPUT (2 references)
target     prot opt source               destination        
ACCEPT     all  --  anywhere             anywhere           
ACCEPT     icmp --  anywhere             anywhere            icmp any
ACCEPT     ipv6-crypt--  anywhere             anywhere           
ACCEPT     ipv6-auth--  anywhere             anywhere           
ACCEPT     udp  --  anywhere             224.0.0.251         udp dpt:5353
ACCEPT     udp  --  anywhere             anywhere            udp dpt:ipp
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:imap
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:smtp
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:http
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited
[root@dellserver ~]#


Any thoughts on how I should be structuring my networking to resolve this problem please?

Thanks.
Rob



On 11/25/05, Sergio Maffioletti (CSCS) <sergio.maffioletti@xxxxxxx> wrote:
Dear All

I'm getting little bit confuse with networking settings for Dom0 when domUs
are configured with public IP addresses.

I'm not really sure whether dom0 really needs to setup any particular iptable
or not.

basically each domU I have uses the subnet gateway and the default DNS as they
were "ordinary" nodes.

on dom0 (debian 2.4.30) : ifconfig
-----------------
eth0      Link encap:Ethernet  HWaddr 00:0F:1F:D8:3B:59
          inet addr:148.187.33.171  Bcast:148.187.33.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:11167773 errors:0 dropped:0 overruns:0 frame:0
          TX packets:12111328 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:932153715 (888.9 MiB)  TX bytes:3032069910 (2.8 GiB)
          Interrupt:16

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask: 255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:28372 errors:0 dropped:0 overruns:0 frame:0
          TX packets:28372 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:2153493 (2.0 MiB)  TX bytes:2153493 (2.0 MiB)

vif1.0    Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:28703 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2897647 errors:0 dropped:124 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:2278631 (2.1 MiB)  TX bytes:182743341 (174.2 MiB)

vif4.0    Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:45984 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2879171 errors:0 dropped:207 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:6263702 (5.9 MiB)  TX bytes:179213789 (170.9 MiB)

xen-br0   Link encap:Ethernet  HWaddr 00:0F:1F:D8:3B:59
          inet addr:148.187.33.171  Bcast:148.187.33.255  Mask:255.255.255.255
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:11149307 errors:0 dropped:0 overruns:0 frame:0
          TX packets:12099488 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:709590887 (676.7 MiB)  TX bytes:2982270139 (2.7 GiB)
-----------------

on domU vif4.0 (slc-3.0.5 kernel 2.4.30) ifconfig
eth0      Link encap:Ethernet  HWaddr AA:14:00:00:00:03
          inet addr:148.187.33.220  Bcast:148.187.33.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2891601 errors:0 dropped:0 overruns:0 frame:0
          TX packets:46389 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:179968772 (171.6 Mb)  TX bytes:6352167 (6.0 Mb)

on domU vif1.0 (slc-3.0.5 kernel 2.4.30) ifconfig
eth0      Link encap:Ethernet  HWaddr AA:14:00:00:00:01
          inet addr:148.187.33.168  Bcast:148.187.33.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2910674 errors:0 dropped:0 overruns:0 frame:0
          TX packets:28838 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:183542936 (175.0 Mb)  TX bytes:2288739 (2.1 Mb)


and everything seems to work beside that vif4.0 cannot ping vif1.0 (vice versa
works indeed)

I'm also experiencing temporary (order of 10 seconds) domUs unreachable.
does this has anything to do with the scheduler ?
or am I just lucky that with a screwed up configuration things are randomly
working ?

thanks for any suggestion
Regards
Sergio :)

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-users] How to get the X started on the DomU, Sanjay Upadhyay
Next by Date:  Re: [Xen-users] Error on xm create, Steven Hand
Previous by Thread:  [Xen-users] Dom0 gateway, Sergio Maffioletti (CSCS)
Next by Thread:  [Xen-users] Error on xm create, Andrew Turnbull
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy