[Xen-users] network: bridging problem accessing domU from dom0

To:	xen-users@xxxxxxxxxxxxxxxxxxx
Subject:	[Xen-users] network: bridging problem accessing domU from dom0
From:	Moritz Bunkus <m.bunkus@xxxxxxxxxxxxxxxxx>
Date:	Wed, 18 Jan 2006 11:59:30 +0100
Delivery-date:	Wed, 18 Jan 2006 11:07:53 +0000
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxxx
List-help:	<mailto:xen-users-request@lists.xensource.com?subject=help>
List-id:	Xen user discussion <xen-users.lists.xensource.com>
List-post:	<mailto:xen-users@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Organization:	LINET Services
Sender:	xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent:	KMail/1.9.1

Hey,

I'm trying to set up the following with Xen 3.0:

http://www.linet-services.de/~mbunkus/xen-test-setup.png
(tried to do with ASCII graphics but failed ;))

The idea is:

* The dom0 is accessible via its eth0.
* The dom0's eth1 is bridged into the "router" domU.
* The "router" domU has a second interface which is bridged inside the
  dom0 to the "server" domUs.

This setup works nearly perfectly so far. I'm using custom vif-scripts
for setting this up.

Now my problem: I cannot use TCP apps like SSH or a web browser (w3m,
wget...) from the dom0 to one of the domUs, but pinging works.

I'm on the dom0. I ping 172.16.2.1 (the "server1" domU) and receive
replies. I start tcpdump on the "server1" domU and see the pings and the
replies with the proper addresses (172.16.2.253 <-> 172.16.2.1).

Then I try to ssh from dom0 to "server1". In the tcpdump I see the
following:

- The handshake is OK: SYN, SYN+ACK, ACK are all sent and received. The
  TCP connection is established.
- The "server1" sends the server "greeting" which is ACKed by the dom0.
- The dom0 now sends its first "real" data packet -- but from this point
  on no packets are ever ACKed by the "server1" domU. However, the tcpdump
  running on the dumU does see those packets! So they are arriving
  there, but they somehow seem not to be picked up by the kernel... And
  I have no clue whatsoever why this happens.

Some output from my dom0:

ls-bs-vm-xenh1:/etc/xen# ifconfig
br-rou-ex Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:6 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:1392 (1.3 KiB)  TX bytes:0 (0.0 b)

br-rou-sr Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF  
          inet addr:172.16.2.253  Bcast:172.16.2.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:42 errors:0 dropped:0 overruns:0 frame:0
          TX packets:27 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:1553 (1.5 KiB)  TX bytes:2776 (2.7 KiB)

eth0      Link encap:Ethernet  HWaddr 00:0A:5E:52:6D:50  
          inet addr:172.16.0.2  Bcast:172.16.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:5036 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2846 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:563869 (550.6 KiB)  TX bytes:361819 (353.3 KiB)
          Interrupt:16 Base address:0x2000 

eth1      Link encap:Ethernet  HWaddr 00:0D:61:B1:85:A1  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:3719 errors:0 dropped:0 overruns:0 frame:0
          TX packets:10307 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1166977 (1.1 MiB)  TX bytes:3298596 (3.1 MiB)
          Interrupt:17 Base address:0xc400 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:44 errors:0 dropped:0 overruns:0 frame:0
          TX packets:44 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:4536 (4.4 KiB)  TX bytes:4536 (4.4 KiB)

vif-rou-e Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:311 errors:0 dropped:0 overruns:0 frame:0
          TX packets:424 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:45591 (44.5 KiB)  TX bytes:40995 (40.0 KiB)

vif-rou-s Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:43 errors:0 dropped:0 overruns:0 frame:0
          TX packets:60 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:2183 (2.1 KiB)  TX bytes:4162 (4.0 KiB)

(Interface names cut short by ifconfig)

ls-bs-vm-xenh1:/etc/xen# brctl show
bridge name     bridge id               STP enabled     interfaces
br-rou-ext              8000.feffffffffff       no              eth1
                                                        vif-rou-ext
br-rou-srv              8000.feffffffffff       no              vif-rou-srv

(again layout messed up by long interface names)

Any idea how I can solve or at least debug this?

Thanks.

Mosu

-- 
LINET Services GbR

Gotenweg 15                      Tel.: 0531-280 191 71
38106 Braunschweig               Fax.: 0531-280 191 72

http://www.linet-services.de
mailto:info@xxxxxxxxxxxxxxxxx

pgpkHWrplYdia.pgp
Description: PGP signature

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

WARNING - OLD ARCHIVES

xen-users

[Xen-users] network: bridging problem accessing domU from dom0