WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-users] HELP: xenbr on vlan if --> tcp checksum error

from [luc@xxxxxxxxxxx] [Permanent Link][Original]
To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] HELP: xenbr on vlan if --> tcp checksum error
From: "luc@xxxxxxxxxxx" <luc@xxxxxxxxxxx>
Date: Thu, 15 Dec 2005 21:49:14 +0100
Cc: "Lockenvitz, Jan \(EXT\)" <Jan.Lockenvitz.extern@xxxxxxxxxxxxxx>
Delivery-date: Thu, 15 Dec 2005 20:51:27 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <9A720EE40C925143B9CC537221BDFD746DA31D@xxxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <9A720EE40C925143B9CC537221BDFD746DA31D@xxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mozilla Thunderbird 1.0.7 (X11/20051013) 
Lockenvitz, Jan (EXT) wrote:

Hi

I'm testing around with xen 3.0 snapshot from last week. And i'm now
having a problem with a xenbr which is based on a vlan if (dot1q).

this is all in dom0

os: debian testing network: tg3

I can start the bridge based on my normal physical eth0 which is
working without any problems. My clan without bridge is also working.
 I can start the bridge based on a vlan if with help of the following
command:

# network-bridge start netdev=vlan100 bridge=xenbr0

The bridge is started (as i think) correctly. My interfaces and
bridge looks like this:

# ifconfig


 [ ... ]


# brctl show
bridge name bridge id STP enabled interfaces xenbr0 8000.feffffffffff no pvlan100 vif0.0 

a ping to an other machine is fine

But i can't ssh to any other machine. I started tracing on another
machine and ethereal shows an incorrect TCP checksum. And the TCP
checksum is this case seems to depend on the packet size. I also
traced in dom0 on the following IF: vlan100, pvlan100 and eth0 (where
the vlan is bound to) On vlan100 i can see the same packets as on the
destination machine, but on pvlan100 and eth0 the TCP checksum is
correct.

Is this problem known?
This sounds like an issue we found in our test-lab when using two physical ethernetcards in a machine (and bridges on both). When the 1th domainU is configured as a NAT-firewall, a 2nd domainU on the inside network, behind this firewall can succesfully ping through the NAT-firewall to an other physical machine in the outside network. However, from this 2nd domainU it is not possible to ssh/telnet through this NAT-firewall to the machine on the outside network. 
When the firewall is only routing, the issue does not occur.



 ----xen-br1          outside network
       |
      eth0
      xxxxx            1th domainU (firewall/router)
      eth1
       |
 ----xen-br2          inside network
       |
      eth0
      xxxxx            2nd domainU
The issue does also not occur when a second physical machine is used which is connected to the inside network. Then, the NAT-firewall does it's job succesfully.
We found this in both in the three weeks old testing, the released stable of this week, the 32 and the 64 bit version. Distribution is Debian stable(sarge) 

[root@dom0]# brctl show
bridge name     bridge id               STP enabled     interfaces
xen-br0         8000.000e2e333b62       no              eth0
                                                        vif1.0
...
xen-br1         8000.0000212fecc1       no              eth1
xen-br2         8000.0011091e4b64       no              eth2




Can someone help to solve this? I can post some traces if necessary

Thanx in advance, Jan



Regards,
Luc

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-users] PXE installation of domU, Karsten M. Self
Next by Date:  Re: [Xen-users] Device 2049 (vbd) could not be connected. Backenddevice not found., Borja Sotomayor
Previous by Thread:  [Xen-users] HELP: xenbr on vlan if --> tcp checksum error, Lockenvitz, Jan \(EXT\)
Next by Thread:  [Xen-users] xen and vlans, Manuel da Costa
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy