WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] network-bridge breaks networking when eth0:1 is added

On Wed, Apr 29, 2009 at 1:37 AM, Kai Schaetzl <maillists@xxxxxxxxxxxxx> wrote:
> dom0:
> brctl show
> bridge name     bridge id               STP enabled     interfaces
> xenbr0          8000.001ec9fefbab       no              eth0
>                                                        vif14.0
> xenbr1          8000.001ec9fefbac       no              eth1
>                                                        vif14.1
>
> ip addr list | grep "inet "
>    inet 127.0.0.1/8 scope host lo
>    inet 192.168.2.4/27 brd 192.168.2.31 scope global eth2
>    inet 192.168.1.24/24 brd 192.168.1.255 scope global xenbr0
>    inet 192.168.2.3/27 brd 192.168.2.31 scope global xenbr1

You have an error here.
you assign eth2 and xenbr1 IPs from the same IP subnet (192.168.2.4
and 192.168.2.3 are both on 192.168.2.0/27), yet they're not on the
same physical network (not on the same bridge, and not connected to
the same switch/vlan).

If the interfaces are on different physical network, you need to
assign different IP subnet.  I believe this is the root cause of
problem on your setup : basic TCP/IP networking.

>
> ip route
> 192.168.2.10 via 192.168.2.3 dev xenbr1  scope link

This one should not be necessary. When you setup the ip addresses
correctly you don't need to assign this route.

> 192.168.2.0/27 dev eth2  proto kernel  scope link  src 192.168.2.4
> 192.168.2.0/27 dev xenbr1  proto kernel  scope link  src 192.168.2.3

The correct way to fix the problem depends on how you want things to work.

First possibilty : If you want eth2 and xenbr1 to be on the same
network, you need to REMOVE eth2's IP address and assign it as a
bridge to xenbr1, so "brctl show" should look like this

xenbr1          8000.001ec9fefbac       no              eth1
                                                        eth2
                                                        vif14.1

Note that this means you put eth1 and eth2 on the same physical
network. Meaning :
- If both eth1 and eth2 are connected to the same switch, this setup
has the same effect as plugging a crossover cable on two switch ports.
- If eth1 is connected to a switch and eth2 is connected to another
server via a crossover cabel, this setup has the same effect as
connecting the second server directly to the switch.


Second possibilty : if eth2 and xenbr1 is intended to be a separate
network, you need to change the IP address so they're on a different
subnet.

> domU is straight forward:
> no bridge
>
> ip addr list | grep "inet "
>    inet 127.0.0.1/8 scope host lo
>    inet 212.202.99.237/28 brd 212.202.99.239 scope global eth0
>    inet 192.168.1.237/24 brd 192.168.1.255 scope global eth0:1
>    inet 192.168.2.10/27 brd 192.168.2.31 scope global eth1

Again, the same question. Does domU's eth1 supposed to be on the same
network as dom0's eth1, or is it supposed to be on the same network as
dom0's eth2? Or both?

>
> So, just to make it clear, *this* setup with the additional route is
> working now in all directions.

Bad idea.

> I now realize that my best option is
> probably to use a different subnet each for eth1 and eth2

Correct.

> Oh, and I just find that using different nets for eth1 and eth2 solves the
> problem, anyway, without a static route. Like so:
> ip route
> 192.168.3.0/27 dev eth2  proto kernel  scope link  src 192.168.3.1
> 192.168.2.0/27 dev xenbr1  proto kernel  scope link  src 192.168.2.3
> 192.168.1.0/24 dev xenbr0  proto kernel  scope link  src 192.168.1.24
> default via 192.168.1.1 dev xenbr0

exactly :)
So I gather you chose the second possibilty?
This would mean that dom0 and domU can communicate (through bridging
on xenbr1). But this also mean domU will NOT be able to communicate to
whatever machine connected to dom0's eth2 (a4 machine?). If you want
it you need to :
- Setup dom0 as router, OR
- create another bridge for eth2 (say xenbr2) and add another vif on
domU connected to that bridge.

I suggest you enlist the help of network admins with your setup. To
make it simpler, think of bridge as another dumb switch without vlan
support.

Hope that helps. Good luck with your setup.

Regards,

Fajar

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users