WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-users] Yet another question about multiple NICs

from [Philippe Combes] [Permanent Link][Original]
To: Simon Hobson <linux@xxxxxxxxxxxxxxxx>
Subject: Re: [Xen-users] Yet another question about multiple NICs
From: Philippe Combes <Philippe.Combes@xxxxxxxxxxx>
Date: Sun, 19 Dec 2010 16:16:23 +0100
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Sun, 19 Dec 2010 07:17:29 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <p06240834c9310fff54d6@xxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <4D0B4213.50303@xxxxxxxxxxx> <4D0B4544.4050202@xxxxxxxxxxxxxxxxxx> <p06240833c930ff2c6373@xxxxxxxxxxxxxxxxxxxxxx> <4D0B5B75.6090408@xxxxxxxxxxx> <p06240834c9310fff54d6@xxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Thunderbird 2.0.0.24 (X11/20100721) 
Hello Simon,

Thanks for your help.

Simon Hobson wrote :
I think the next thing I'd be doing is firing up wireshark (or rather it's text-only brother tshark). 

On Dom0, get the network working and ping another machine on the lan.
Fire up tshark on peth<n> and watch the traffic - you should see both the ping request and reply. Fire up a DomU, and do the same ping - which I gather doesn't work. Keep the ping going from Dom0. 
Keep watching the packet trace in Dom0 - of interest here are things like :


I am afraid we are about to reach the (short) limits of my competences
in networking. I tried nevertheless, and looking at the trace below, I
think I can answer your questions, if I really executed what you meant.


Did DomU send an ARP request for the remote device ?

Yes.


Did the remote device reply ?
Are the ping requests going out ?
Are the replies coming back ? To the right MAC ?

No, No, No.

$ ping 192.168.24.125 & tshark -i peth1
[1] 21099
PING 192.168.24.125 (192.168.24.125) 56(84) bytes of data.
Running as user "root" and group "root". This could be dangerous.
Capturing on peth1
  0.000000 SunMicro_40:ca:75 -> Broadcast    ARP Who has
192.168.24.125?  Tell 192.168.24.123
64 bytes from 192.168.24.125: icmp_seq=1 ttl=64 time=2004 ms
64 bytes from 192.168.24.125: icmp_seq=2 ttl=64 time=1004 ms
64 bytes from 192.168.24.125: icmp_seq=3 ttl=64 time=4.48 ms
  1.000061 SunMicro_40:ca:75 -> Broadcast    ARP Who has
192.168.24.125?  Tell 192.168.24.123
  1.000280 QuantaCo_e0:81:2c -> SunMicro_40:ca:75 ARP 192.168.24.125
is at 00:16:36:e0:81:2c
  1.000293 192.168.24.123 -> 192.168.24.125 ICMP Echo (ping) request
  1.000296 192.168.24.123 -> 192.168.24.125 ICMP Echo (ping) request
  1.000299 192.168.24.123 -> 192.168.24.125 ICMP Echo (ping) request
  1.000522 192.168.24.125 -> 192.168.24.123 ICMP Echo (ping) reply
  1.000541 192.168.24.125 -> 192.168.24.123 ICMP Echo (ping) reply
  1.000545 192.168.24.125 -> 192.168.24.123 ICMP Echo (ping) reply
64 bytes from 192.168.24.125: icmp_seq=4 ttl=64 time=0.137 ms
  2.000149 192.168.24.123 -> 192.168.24.125 ICMP Echo (ping) request
  2.000276 192.168.24.125 -> 192.168.24.123 ICMP Echo (ping) reply
  2.208653 Cisco_c8:90:30 -> Cisco_c8:90:30 LOOP Reply
64 bytes from 192.168.24.125: icmp_seq=5 ttl=64 time=0.298 ms
  3.000210 192.168.24.123 -> 192.168.24.125 ICMP Echo (ping) request
  3.000501 192.168.24.125 -> 192.168.24.123 ICMP Echo (ping) reply
  3.034484 Cisco_c8:90:30 -> CDP/VTP/DTP/PAgP/UDLD CDP Device ID:
sw_admin-3.gridmip.cict.fr  Port ID: FastEthernet0/48
64 bytes from 192.168.24.125: icmp_seq=6 ttl=64 time=0.213 ms
  4.000290 192.168.24.123 -> 192.168.24.125 ICMP Echo (ping) request
  4.000496 192.168.24.125 -> 192.168.24.123 ICMP Echo (ping) reply
64 bytes from 192.168.24.125: icmp_seq=7 ttl=64 time=0.128 ms
  5.000360 192.168.24.123 -> 192.168.24.125 ICMP Echo (ping) request
  5.000476 192.168.24.125 -> 192.168.24.123 ICMP Echo (ping) reply
64 bytes from 192.168.24.125: icmp_seq=8 ttl=64 time=0.291 ms
  6.000424 192.168.24.123 -> 192.168.24.125 ICMP Echo (ping) request
  6.000458 QuantaCo_e0:81:2c -> SunMicro_40:ca:75 ARP Who has
192.168.24.123?  Tell 192.168.24.125
  6.000467 SunMicro_40:ca:75 -> QuantaCo_e0:81:2c ARP 192.168.24.123
is at 00:14:4f:40:ca:75
  6.000708 192.168.24.125 -> 192.168.24.123 ICMP Echo (ping) reply
64 bytes from 192.168.24.125: icmp_seq=9 ttl=64 time=0.204 ms
  7.000496 192.168.24.123 -> 192.168.24.125 ICMP Echo (ping) request
  7.000693 192.168.24.125 -> 192.168.24.123 ICMP Echo (ping) reply
64 bytes from 192.168.24.125: icmp_seq=10 ttl=64 time=0.366 ms
-------------->>> Launching the ping from dom1
  7.497007 Xensourc_55:af:c3 -> Broadcast    ARP Who has
192.168.24.125?  Tell 192.168.24.81
  8.000575 192.168.24.123 -> 192.168.24.125 ICMP Echo (ping) request
  8.000932 192.168.24.125 -> 192.168.24.123 ICMP Echo (ping) reply
64 bytes from 192.168.24.125: icmp_seq=11 ttl=64 time=0.276 ms
  8.497069 Xensourc_55:af:c3 -> Broadcast    ARP Who has
192.168.24.125?  Tell 192.168.24.81
  9.000660 192.168.24.123 -> 192.168.24.125 ICMP Echo (ping) request
  9.000928 192.168.24.125 -> 192.168.24.123 ICMP Echo (ping) reply
64 bytes from 192.168.24.125: icmp_seq=12 ttl=64 time=0.189 ms
  9.497141 Xensourc_55:af:c3 -> Broadcast    ARP Who has
192.168.24.125?  Tell 192.168.24.81
 10.000729 192.168.24.123 -> 192.168.24.125 ICMP Echo (ping) request
 10.000912 192.168.24.125 -> 192.168.24.123 ICMP Echo (ping) reply
64 bytes from 192.168.24.125: icmp_seq=13 ttl=64 time=0.355 ms
 10.517213 Xensourc_55:af:c3 -> Broadcast    ARP Who has
192.168.24.125?  Tell 192.168.24.81
 11.000792 192.168.24.123 -> 192.168.24.125 ICMP Echo (ping) request
 11.001140 192.168.24.125 -> 192.168.24.123 ICMP Echo (ping) reply
64 bytes from 192.168.24.125: icmp_seq=14 ttl=64 time=0.273 ms
 11.517283 Xensourc_55:af:c3 -> Broadcast    ARP Who has
192.168.24.125?  Tell 192.168.24.81
 12.000869 192.168.24.123 -> 192.168.24.125 ICMP Echo (ping) request
 12.001136 192.168.24.125 -> 192.168.24.123 ICMP Echo (ping) reply
 12.211749 Cisco_c8:90:30 -> Cisco_c8:90:30 LOOP Reply
64 bytes from 192.168.24.125: icmp_seq=15 ttl=64 time=0.174 ms
 12.517356 Xensourc_55:af:c3 -> Broadcast    ARP Who has
192.168.24.125?  Tell 192.168.24.81
 13.000938 192.168.24.123 -> 192.168.24.125 ICMP Echo (ping) request
 13.001106 192.168.24.125 -> 192.168.24.123 ICMP Echo (ping) reply
-------------->>> Stopping the ping from dom1
64 bytes from 192.168.24.125: icmp_seq=16 ttl=64 time=0.348 ms
 14.000996 192.168.24.123 -> 192.168.24.125 ICMP Echo (ping) request
 14.001338 192.168.24.125 -> 192.168.24.123 ICMP Echo (ping) reply
64 bytes from 192.168.24.125: icmp_seq=17 ttl=64 time=0.262 ms
 15.001079 192.168.24.123 -> 192.168.24.125 ICMP Echo (ping) request
 15.001335 192.168.24.125 -> 192.168.24.123 ICMP Echo (ping) reply
64 bytes from 192.168.24.125: icmp_seq=18 ttl=64 time=0.176 ms
 16.001153 192.168.24.123 -> 192.168.24.125 ICMP Echo (ping) request
 16.001322 192.168.24.125 -> 192.168.24.123 ICMP Echo (ping) reply
64 bytes from 192.168.24.125: icmp_seq=19 ttl=64 time=0.338 ms
 17.001222 192.168.24.123 -> 192.168.24.125 ICMP Echo (ping) request
 17.001554 192.168.24.125 -> 192.168.24.123 ICMP Echo (ping) reply
64 bytes from 192.168.24.125: icmp_seq=20 ttl=64 time=0.255 ms
 18.001291 192.168.24.123 -> 192.168.24.125 ICMP Echo (ping) request
 18.001539 192.168.24.125 -> 192.168.24.123 ICMP Echo (ping) reply
64 bytes from 192.168.24.125: icmp_seq=21 ttl=64 time=0.166 ms
^C 19.001359 192.168.24.123 -> 192.168.24.125 ICMP Echo (ping) request
 19.001519 192.168.24.125 -> 192.168.24.123 ICMP Echo (ping) reply
56 packets captured
If you see requests going out, but no reply, try firing up a packet sniffer on the remote machine and see if the requests are reaching it. 

I used tshark on the target too. No packet reaches it.
Also, apart from the initial messages* when you fire up the DomU, are there any other bridge related messages in the logs ? 
* From memory, it should log :
Interface added
Interface going into learning mode
Interface going into active mode



I found no such message in my logs, but I remember I saw them on
the console, once when I had an access to it.
But looking those messages, I found something I never saw before,
because it was in /var/log/syslog, and I only looked in /var/log/xen/* so far: 
----
logger: /etc/xen/scripts/vif-bridge: Successful vif-bridge online for
vif1.0, bridge eth0
.
logger: /etc/xen/scripts/block: Writing
backend/vbd/1/51713/hotplug-status connected to x
enstore.
logger: /etc/xen/scripts/vif-bridge: Writing
backend/vif/1/0/hotplug-status connected to
xenstore.
logger: /etc/xen/scripts/vif-bridge: iptables -A FORWARD -m physdev
--physdev-in vif1.1
-j ACCEPT failed.#012If you are using iptables, this may affect
networking for guest domains.
logger: /etc/xen/scripts/vif-bridge: Successful vif-bridge online for
vif1.1, bridge eth1
.
logger: /etc/xen/scripts/vif-bridge: Writing
backend/vif/1/1/hotplug-status connected to
xenstore.
----

When I invert the vifs in the dom1 description, I get the same error
about iptables for the second vif.
Have anyone any idea how I could follow down this new track ? iptables -nvL seems ok. Anything else to check for ? 

Regards and thanks,
Philippe

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-users] SSH Console issues with Ubuntu, Kowshik Prakasam
Next by Date:  Re: [Xen-users] Yet another question about multiple NICs, Philippe Combes
Previous by Thread:  Re: [Xen-users] Yet another question about multiple NICs, Simon Hobson
Next by Thread:  Re: [Xen-users] Yet another question about multiple NICs, jpp@xxxxxxxxxxxxxxxxxx
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy