Hope someone can help me here, apologies if this has been asked before:
I have two separate interfaces on the host XEN machine: eth0 and eth1.
eth1 is 192.168.2.220 on a /24 subnet with a router of 192.168.2.254
eth0 is 192.168.1.220 on a /24 subnet with a router of 192.168.1.254
because eth1 comes up second, the default route of the machine is
192.168.2.254 (these machines get their IP via static DHCP assignment)
I've setup my own networking-script which brings up/establishes xenbr0.
The guest machine (fully virtualized windows server 2003 32-bit)
acquires a DHCP lease on xenbr0 (eth0, 192.168.1.0/24 network)
successfully for the right interface. However, when trying to do
the same thing for the second network card (xenbr1) the DHCP request
never makes it out of the xen host, it's as if the xen hosts drops the
request, sends it
with bad data, or something else, I can't really tell.
The firewall is off, xenbr0/eth0 works fine, xenbr1/eth1 doesn't send
traffic at all (alternatively, traffic to a non-local destination goes
out eth1 fine, so the eth1 interface works fine; it's the bridge that
doesn't work)
Here's some configuration information in case it is of any help:
[root@xen1 ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:1A:92:E5:77:76
inet addr:192.168.1.220 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::21a:92ff:fee5:7776/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:243 errors:0 dropped:0 overruns:0 frame:0
TX packets:271 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:19996 (19.5 KiB) TX bytes:48256 (47.1 KiB)
eth1 Link encap:Ethernet HWaddr 00:1A:92:E5:77:3B
inet addr:192.168.2.220 Bcast:192.168.2.255 Mask:255.255.255.0
inet6 addr: fe80::21a:92ff:fee5:773b/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:73 errors:0 dropped:0 overruns:0 frame:0
TX packets:28 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:6753 (6.5 KiB) TX bytes:7778 (7.5 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:2277 errors:0 dropped:0 overruns:0 frame:0
TX packets:2277 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2872356 (2.7 MiB) TX bytes:2872356 (2.7 MiB)
peth0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
UP BROADCAST RUNNING NOARP MTU:1500 Metric:1
RX packets:268 errors:0 dropped:0 overruns:0 frame:0
TX packets:296 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:22568 (22.0 KiB) TX bytes:53426 (52.1 KiB)
Interrupt:24
peth1 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
UP BROADCAST RUNNING NOARP MTU:1500 Metric:1
RX packets:84 errors:0 dropped:0 overruns:0 frame:0
TX packets:26 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:7749 (7.5 KiB) TX bytes:7744 (7.5 KiB)
Interrupt:16
tap0 Link encap:Ethernet HWaddr A2:66:BD:2D:86:3B
inet6 addr: fe80::a066:bdff:fe2d:863b/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:354 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:0 (0.0 b) TX bytes:46335 (45.2 KiB)
tap1 Link encap:Ethernet HWaddr FE:05:7F:68:DA:ED
inet6 addr: fe80::fc05:7fff:fe68:daed/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:69 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:0 (0.0 b) TX bytes:8990 (8.7 KiB)
vif0.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
UP BROADCAST RUNNING NOARP MTU:1500 Metric:1
RX packets:332 errors:0 dropped:0 overruns:0 frame:0
TX packets:269 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:57442 (56.0 KiB) TX bytes:21556 (21.0 KiB)
vif0.1 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
UP BROADCAST RUNNING NOARP MTU:1500 Metric:1
RX packets:28 errors:0 dropped:0 overruns:0 frame:0
TX packets:73 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:7778 (7.5 KiB) TX bytes:6753 (6.5 KiB)
vif1.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
UP BROADCAST NOARP MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:32
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
vif1.1 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
UP BROADCAST NOARP MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:32
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
xenbr0 Link encap:Ethernet HWaddr A2:66:BD:2D:86:3B
UP BROADCAST RUNNING NOARP MTU:1500 Metric:1
RX packets:132 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:15745 (15.3 KiB) TX bytes:0 (0.0 b)
xenbr1 Link encap:Ethernet HWaddr FE:05:7F:68:DA:ED
UP BROADCAST RUNNING NOARP MTU:1500 Metric:1
RX packets:83 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:12037 (11.7 KiB) TX bytes:0 (0.0 b)
[root@xen1 ~]# cat /etc/xen/scripts/my-network-script
#!/bin/sh
dir=$(dirname "$0")
"$dir/network-bridge" "$@" vifnum=0
"$dir/network-bridge" "$@" vifnum=1
(originally this also had bridge information in it, apparently it's not
a big deal if it's written this way; it also didn't work the previous
way so this was something different)
[root@xen1 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere PHYSDEV
match --physdev -in vif1.1
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@xen1 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere PHYSDEV
match --physdev-in vif1.1
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
forwarding is turned off, but we're not doing routing here and I'm using
bridging anyways... doesn't matter if this rule is there or not; tried
it with it there and removed as well - didn't affect anything.
Nov 19 14:06:40 localhost kernel: tun: Universal TUN/TAP device driver, 1.6
Nov 19 14:06:40 localhost kernel: tun: (C) 1999-2004 Max Krasnyansky
<maxk@xxxxxxxxxxxx>
Nov 19 14:06:40 localhost kernel: device tap0 entered promiscuous mode
Nov 19 14:06:40 localhost kernel: device tap1 entered promiscuous mode
Nov 19 14:06:40 localhost kernel: xenbr0: port 3(tap0) entering learning
state
Nov 19 14:06:40 localhost kernel: xenbr0: topology change detected,
propagating
Nov 19 14:06:40 localhost kernel: xenbr0: port 3(tap0) entering
forwarding state
Nov 19 14:06:40 localhost kernel: xenbr1: port 3(tap1) entering learning
state
Nov 19 14:06:40 localhost kernel: xenbr1: topology change detected,
propagating
Nov 19 14:06:40 localhost kernel: xenbr1: port 3(tap1) entering
forwarding state
Nov 19 14:06:42 localhost avahi-daemon[2874]: New relevant interface
tap0.IPv6 for mDNS.
Nov 19 14:06:42 localhost avahi-daemon[2874]: Joining mDNS multicast
group on interface tap0.IPv6 with address fe80::a066:bdff:fe2d:863b.
Nov 19 14:06:42 localhost avahi-daemon[2874]: Registering new address
record for fe80::a066:bdff:fe2d:863b on tap0.
Nov 19 14:06:42 localhost avahi-daemon[2874]: New relevant interface
tap1.IPv6 for mDNS.
Nov 19 14:06:42 localhost avahi-daemon[2874]: Joining mDNS multicast
group on interface tap1.IPv6 with address fe80::fc05:7fff:fe68:daed.
Nov 19 14:06:42 localhost avahi-daemon[2874]: Registering new address
record for fe80::fc05:7fff:fe68:daed on tap1.
Nov 19 14:06:42 localhost kernel: device vif1.0 entered promiscuous mode
Nov 19 14:06:42 localhost kernel: device vif1.1 entered promiscuous mode
Nov 19 14:06:42 localhost kernel: ADDRCONF(NETDEV_UP): vif1.0: link is
not ready
Nov 19 14:06:42 localhost kernel: ADDRCONF(NETDEV_UP): vif1.1: link is
not ready
Nov 19 14:06:42 localhost kernel: loop: loaded (max 8 devices)
Nov 19 14:06:42 localhost kernel: ip_tables: (C) 2000-2006 Netfilter
Core Team
Nov 19 14:06:42 localhost logger: /etc/xen/scripts/vif-bridge: iptables
-A FORWARD -m physdev --physdev-in vif1.0 -j ACCEPT failed. If you are
using iptables, this may affect networking for guest domains.
Nov 19 14:06:48 localhost init: open(/dev/pts/0): No such file or directory
Nov 19 14:06:48 localhost init: open(/dev/pts/0): No such file or directory
Nov 19 14:06:49 localhost pcscd: winscard.c:219:SCardConnect() Reader
E-Gate 0 0 Not Found
I noticed the rule failure; I ran the command myself with success (no
error message or state); did not affect the guest's networking issue.
[root@xen1 ~]# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt
Iface
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0
eth1
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0
eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0
eth1
0.0.0.0 192.168.2.254 0.0.0.0 UG 0 0 0
eth1
any suggestions people? apologies for the long email; everything I've
read says this works fine, but not for me; so I must be doing something
wrong.
Using CentOS 5, Xen version 3.0.3-25.0.4 libs same version.
David Todd
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
| 
Home