This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-users] routing in xen 3.0 domU: icmp gets routed, but tcp/ip on

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] routing in xen 3.0 domU: icmp gets routed, but tcp/ip only partially
From: Florian Kirstein <xenlist@xxxxxxxxxxxxxx>
Date: Sun, 2 Apr 2006 14:05:41 +0200
Cc: Peter Fokkinga <peter@xxxxxxxxxxx>
Delivery-date: Sun, 02 Apr 2006 12:07:32 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <20060402094818.wd63u0a88d0k4g8w@xxxxxxxxxxxxxxxx>; from peter@xxxxxxxxxxx on Sun, Apr 02, 2006 at 09:48:18AM +0200
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <20060402094818.wd63u0a88d0k4g8w@xxxxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mutt/

> I have a really strange routing problem
from my experience, most of the "ICMP works but TCP seems connected and no
data gets through" problems in routed xen3 setups are due to the
cheksum-offloading featue. See my post on the devel list:
for a patch for the Dom0 kernel which disables this. Search for offloading
for more information :) The basic problem: the intention was to save
CPU power by not calculating checksums on internal interfaces (as there 
won't be any transmission errors there anyway :) and let the real NIC add
this on the way out (modern NICs have HW accelleration for that).
Unfortunately this doesn't work out in all cases currently.

> In all these cases I get connected, but no output;
To see if you've really got the checksum problem use tcpdump -vv in the
Domain not receiving data. For example:
tcpdump -vv -n -i eth0 
and then transfer some tcp or udp data to it. If you see something like
 [bad udp cksum f566!]
and it looks like the host didn't receive the packet (no answer, gets in again
and again), you might well have hit the checksum offloading problem.

> Help me, Obi-Wan Xenobi; you're my only hope.
Tried my best :)

(:ul8er, r@y

Xen-users mailing list