Hey all
On Thu, Mar 26, 2009 at 3:18 AM, Luke S Crawford <lsc@xxxxxxxxx> wrote:
> "Fischer, Anna" <anna.fischer@xxxxxx> writes:
>
>> I guess you mean you do "arp -d x.x.x.x", and then "ping x.x.x.x", or
>> "arping x.x.x.x" where x.x.x.x is configured as your default gateway? That
>> should definitely cause an ARP request to go out. You do not have any weird
>> arpd/kernel configuration enabled?
>
> Exactly.
>
> I'm not doing anything with arptables or otherwise changing the arp config
> for this box (and it worked just fine for a period of months until one day
> it just... didn't.) this has happened on several DomUs, restarting the
> DomU fixes the problem.
>
>> Also, you do not have any weird network setup within your DomU? Like a
>> bridge, VLAN bonding, or IP forwarding, or IP aliases, or whatever else?
>
> It just has one IPv4 address on eth0. only one interface. No iptables, even.
> no bonding.
>
>> And, you only have a single interface assigned (and configured!) per virtual
>> machine? And you have /proc/sys/net/ipv4/conf/all/arp_filter set to 0?
>
> I have not touched the arp_filter proc. I checked on a box with the
> identical image and it is in fact zero. but yes, one IP and one eth
> per virtual machene.
>
>
>> I guess you capture at the interface level with tcpdump, but for incoming
>> packets it could also be that they are not received on the higher level,
>> e.g. if you have packet filtering enabled or something similar. I guess you
>> are not running a firewall or something?
>
> Nope, and from the domU, I see incoming packets in tcpdump just fine...
> only outgoing that has the problem.
>
> no packet filtering.
>
>> > > Do your interface counters / netstat values show any TX errors at
>> > all?
>> >
>> > None.
>>
>> Then this would be a failure somewhere in the IP stack, or possibly in the
>> ARP kernel code... If you are sure that you have not misconfigured anything,
>> then I would probably go for a kernel upgrade...
>
> Hm. OK. thanks. I will try that.
>
Arp kernel code appears to be fine. Incomming ARP packets keep the arp
table up to date. Our reply packet is just never seen "on the wire".
If we try to ping a host we dont know yet, we never see our arp packet
comming by, which doesnt mean arpd didnt try to send it. Pinging a
host we do know, just gives "unreachable", nothing seen "on the wire".
If i send some unsolicited UDP packet to the DomU, it triggers the
firewall. Anything else seems to come right by. Already tried to clear
iptables once. This is not the issue. The socket interface on the
affected DomU thinks everything works fine. I can send UDP packets
without errors. Again (ofcourse) nothing "on the wire".
How about poking a developer if he could imagine some race condition,
network driver/interrupt related, that could block outgoing traffic?
Or would they just yell at me for using those old kernels?
Regards,
Eric
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
Home