WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

[Xen-users] One nic in dom0, two nics in domU

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] One nic in dom0, two nics in domU
From: heinzel <gentoo@xxxxxxxxxxxxxx>
Date: Thu, 15 Mar 2007 15:43:04 +0100
Delivery-date: Thu, 15 Mar 2007 07:42:16 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Hi,

I have got a problem with network bridging. Maybe somebody sees, where 
my fault is. 

My physical host has one nic (eth0). But in my first domU I want to 
setup two nics (eth0, eth1).
If I understood it correct eth1@domU#1 is connected to vif1.1@dom0 
which is connected to xenbr0@dom0.

So I thought something like this should work:

peth0 <-> xenbr0 <-> vif0.0 <-> eth0 @ dom0   (00:04:75:FA:CF:C9, 
               |                               172.22.8.33, em-becker)
               |
               + <-> vif1.0 <-> eth0 @ domU#1 (aa:00:00:00:00:02, 
               |                               172.22.8.2, em-vsrv2)
               |
               + <-> vif1.1 <-> eth1 @ domU#1 (aa:00:00:00:00:22, 
                                               172.22.8.22, em-vsrv2b)

But this did not work, as I expect.
While I can ping eth0@domU#1 from everywhere I want, I cannot ping
eth1@domU#1 from a host that is not in the same network.

I setup some iptables LOG rules in dom0 and domU#1 INPUT, OUTPUT and 
FORWARD chains to see what happens:

If I send a ping to domU#1's eth0 from a host within the same network 
(em-stigler, 172.22.8.29), everything looks good:
em-stigler$ ping -c 1 em-vsrv2
-- messages at dom0 --
Mar 15 14:24:00 em-becker kernel: IN=xenbr0 OUT=xenbr0 PHYSIN=peth0 
PHYSOUT=vif1.0 SRC=172.22.8.29 DST=172.22.8.2 LEN=84 TOS=0x00 PREC=0x00 TTL=64 
ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=21297 SEQ=1 
Mar 15 14:24:00 em-becker kernel: IN=xenbr0 OUT=xenbr0 PHYSIN=vif1.0 
PHYSOUT=peth0 SRC=172.22.8.2 DST=172.22.8.29 LEN=84 TOS=0x00 PREC=0x00 TTL=64 
ID=397 PROTO=ICMP TYPE=0 CODE=0 ID=21297 SEQ=1 
-- messages at domU#1 --
Mar 15 14:24:00 em-vsrv2 kernel: IN=eth0 OUT= 
MAC=aa:00:00:00:00:02:00:0a:5e:20:10:89:08:00 SRC=172.22.8.29 DST=172.22.8.2 
LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=21297 
SEQ=1 
Mar 15 14:24:00 em-vsrv2 kernel: IN= OUT=eth0 SRC=172.22.8.2 DST=172.22.8.29 
LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=397 PROTO=ICMP TYPE=0 CODE=0 ID=21297 SEQ=1 

Same behaviour occours if the ping sending host is on another network.
So with eth0 everything is fine.

If I send a ping to domU#1's eth1 from em-stigler, I get a pong,
but the packet flow looks weird:
em-stigler$ ping -c 1 em-vsrv2b
-- messages at dom0 --
Mar 15 14:30:52 em-becker kernel: IN=xenbr0 OUT=xenbr0 PHYSIN=peth0 
PHYSOUT=vif1.0 SRC=172.22.8.29 DST=172.22.8.22 LEN=84 TOS=0x00 PREC=0x00 TTL=64 
ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=5428 SEQ=1 
Mar 15 14:30:52 em-becker kernel: IN=xenbr0 OUT=xenbr0 PHYSIN=vif1.0 
PHYSOUT=peth0 SRC=172.22.8.22 DST=172.22.8.29 LEN=84 TOS=0x00 PREC=0x00 TTL=64 
ID=400 PROTO=ICMP TYPE=0 CODE=0 ID=5428 SEQ=1 
-- messages at domU#1 --
Mar 15 14:30:52 em-vsrv2 kernel: IN=eth0 OUT= 
MAC=aa:00:00:00:00:02:00:0a:5e:20:10:89:08:00 SRC=172.22.8.29 DST=172.22.8.22 
LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=5428 SEQ=1 
Mar 15 14:30:52 em-vsrv2 kernel: IN= OUT=eth0 SRC=172.22.8.22 DST=172.22.8.29 
LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=400 PROTO=ICMP TYPE=0 CODE=0 ID=5428 SEQ=1 

Now, if I ping domU#1's eth1 from a host within another network
(em-pnueli, 172.22.10.40) I don't get a pong:
-- messages at dom0 --
Mar 15 14:33:47 em-becker kernel: IN=xenbr0 OUT=xenbr0 PHYSIN=peth0 
PHYSOUT=vif1.1 SRC=172.22.10.40 DST=172.22.8.22 LEN=84 TOS=0x00 PREC=0x00 
TTL=63 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=53508 SEQ=0 
Mar 15 14:33:47 em-becker kernel: IN=xenbr0 OUT=xenbr0 PHYSIN=peth0 
PHYSOUT=vif1.0 SRC=172.22.10.40 DST=172.22.8.22 LEN=84 TOS=0x00 PREC=0x00 
TTL=63 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=53508 SEQ=0 
Mar 15 14:33:47 em-becker kernel: IN=xenbr0 OUT=xenbr0 PHYSIN=peth0 
PHYSOUT=vif0.0 SRC=172.22.10.40 DST=172.22.8.22 LEN=84 TOS=0x00 PREC=0x00 
TTL=63 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=53508 SEQ=0 
-- no messages at domU#1 appear --

On both xen domains my FORWARD chain looks like that:
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
LOG        icmp --  0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 
4 
Also the other chains do nothing spectecular.

So, I do not understand, why the ping packet does not show up in
domU#1.
Any hint would be appreciated.

Regards,
        heinzel

-- 
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GCS d- s-:-- a- C++(---) UL++++$ P--- L+++ E--- W(--) N++ o? K? w---
O M- !V PS+++ PE Y+ PGP+ t 5- X- R* tv-- b++ DI-- D---- G e h++ r@ !y
------END GEEK CODE BLOCK------

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-users] One nic in dom0, two nics in domU, heinzel <=