This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-users] NAT on dom0 = network checksum errors in pv domU

To: Xen Users <xen-users@xxxxxxxxxxxxxxxxxxx>
Subject: [Xen-users] NAT on dom0 = network checksum errors in pv domU
From: Richie <listmail@xxxxxxxxxxxx>
Date: Sat, 15 May 2010 17:49:37 -0400
Delivery-date: Sat, 15 May 2010 14:50:59 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Thunderbird (X11/20090817)
I ran into an issue today which I (somewhat) understand can occur when NAT is involved on dom0 and the network interface is paravirtualized on the guest. When my pv domU was requesting a dhcp lease it would fail to ever accept the offer and instead show a checksum error for each packet. I am setting up a new xen installation where iptables has a basic setup for regulating incoming external interface traffic as well masquerading anything coming in from the lan to the internal interface (which is now bridged for xen).

A similar issue is documented here:
However, disabling tx checksum offload from within the domU *did not* help

I had to address it as described here:
by disabling it against the virtual interface in dom0 which doesn't exist until after the pvm has started.

I did not try the patch here -> http://lists.xensource.com/archives/html/xen-devel/2006-03/msg01445.html which does seem related.

I created a quick hack, which is working good enough for now [ given the amount of time I spent troubleshooting this as well as the fact that I'm by no means a network guy :) ]

So, for those of you that have/had encountered this issue, what are you doing to address it properly?

--- vif-bridge.orig     2010-05-15 16:45:28.000000000 -0400
+++ vif-bridge  2010-05-15 16:46:06.000000000 -0400
@@ -83,6 +83,7 @@
        setup_bridge_port "$vif"
        add_to_bridge "$bridge" "$vif"
+        /usr/sbin/ethtool -K "$vif" tx off
Xen-users mailing list
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-users] NAT on dom0 = network checksum errors in pv domU, Richie <=