| |
|
 |
|
 |
|
|
|
| |
|
|
xen-users
Re: Re; [Xen-users] Ethernet has Alzheimers
Hi,
For some reason my XENBR0 was being created with ARP turned on and changing
/etc/xen/scripts/xen-network-common.sh has fixed the initial problem.
Problem #2 (!) seemed to be based on this but turned out to be something
altogether different.
I'm using Dom0 as a MySQL cluster node / manager, and DomU's as MySQL instances.
I then have a Dom0 on a second machine acting as the arbiter.
For some reason, my iptables were catching the occasional packet on ports 1186
and 2202, which was causing the MySQL cluster configuration to randomly throw a
wobbler.
It would be really nice to get some definitive direction re; firewalling rules.
This is what I have at the moment and it seems to have cured the problem;
version 5
interface eth0 private
policy accept
interface eth1 public
server ssh accept src "$FULLACCESS"
server icmp accept
server multicast drop
server cups drop
server netbios_dgm drop
server netbios_ns drop
server netbios_ssn drop
server microsoft_ds drop
server bootp drop
client all accept
router router inface any outface any
route all accept
interface xenbr0 xen0
policy accept
interface xenbr1 xen1
server multicast drop
policy accept
interface peth0 phy0
policy accept
interface peth1 phy1
server multicast drop
policy accept
interface 0 zero
policy accept
The problem occurs if I "don't" explicitly have "policy accept" on all the
interfaces OR I try to filter the interfaces in some way ... I'm not sure this
is a problem, I guess all the DomU's have their own firewalls should it should
be Ok (?)
----- Original Message -----
From: "Gareth Bult" <gareth@xxxxxxxxxxxxx>
To: "James Harper" <james.harper@xxxxxxxxxxxxxxxx>
Cc: xen-users@xxxxxxxxxxxxxxxxxxx, "Gareth Bult" <gareth@xxxxxxxxxxxxx>,
"Matthew Crocker" <mcrocker@xxxxxxxxxxx>
Sent: Tuesday, January 8, 2008 3:04:03 AM (GMT) Europe/London
Subject: Re: Re; [Xen-users] Ethernet has Alzheimers
Ok,
I've a sneaking suspicion after a couple of tests that this may be the cure.
It needs to go into /etc/xen/scripts/xen-network-common.sh
I notice over recent versions there have been a number of people commenting on
what looks like the same problem, nobody seems to have a definitive fix.
My other fix (to date) it to insert static ARP entries with;
arp -s <address> <hwaddr>
This also seems to be working ...
Many thanks,
Gareth.
----- Original Message -----
From: "James Harper" <james.harper@xxxxxxxxxxxxxxxx>
To: "Gareth Bult" <gareth@xxxxxxxxxxxxx>, "Matthew Crocker"
<mcrocker@xxxxxxxxxxx>
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Sent: Tuesday, January 8, 2008 12:48:02 AM (GMT) Europe/London
Subject: RE: Re; [Xen-users] Ethernet has Alzheimers
> xenbr0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
>
> xenbr1 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Not sure if this is the problem, but I think you need to turn ARP off on
your bridge interfaces. Something like:
"
ip link set xen-br0 arp off
"
or, if you prefer ifconfig:
"
ifconfig xen-br0 -arp
"
should do the trick. On my system, xen-br0 would sometimes respond to
arp requests, even though it had no IP address of its own.
James
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
|
|
| |
|
Home