WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-users] 802.1Q VLAN vs xenbr0

from [Dariusz Malec] [Permanent Link][Original]
To: Tiago Cruz <tiagocruz@xxxxxxxxxxxx>
Subject: Re: [Xen-users] 802.1Q VLAN vs xenbr0
From: Dariusz Malec <dariusz.malec@xxxxxxxxx>
Date: Thu, 06 Mar 2008 09:38:46 +0100
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Thu, 06 Mar 2008 00:40:53 -0800
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:user-agent:mime-version:to:cc:subject:references:in-reply-to:x-enigmail-version:openpgp:content-type:content-transfer-encoding; bh=XyocKE0iJbv65wSaZJfVzrid4jdq4PXxPbBxVASV68E=; b=Mkux0/2oWEVGpl2iWqeq3SUjjEmYIBvjY77pt/PmW6xklpDHjIssvPh9vLkGYlas8BV/yy2JZt4xmka+jUaHD37rQvXiD4RFRemCxQXbSM3aHK6F3ckd30+vAYFJewxuMDwuCDuxmRcz5x1s+9msTDm0tOVvkSRq4p7WOTnOVf8=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject:references:in-reply-to:x-enigmail-version:openpgp:content-type:content-transfer-encoding; b=yHbzjjeLBkTClMI6YkqtW3lDKFquFcmQBrXiu8jD3rEfZj2/nwYmL9/xsIfjaoIY9OVq9zqDyM7BZEJqVlyXowLCzA6IwZrTE5LWhaO+dMC7p+/xku4X2sFAgvi89/oei0bDPEMthdV1LI3uX21pDeqHBnM7BLi0AGn8VEA+0Vo=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <1204756968.20400.49.camel@xxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Openpgp: id=27A3383F; url=http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x27A3383F
References: <1204741650.20400.26.camel@xxxxxxxxxxxxxxxxxxx> <47CEEBAB.9060003@xxxxxxxxx> <1204743888.20400.32.camel@xxxxxxxxxxxxxxxxxxx> <47CEF186.8050200@xxxxxxxxx> <1204756968.20400.49.camel@xxxxxxxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Thunderbird 2.0.0.9 (X11/20071207) 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Tiago Cruz pisze:
> On Wed, 2008-03-05 at 20:16 +0100, Dariusz Malec wrote:
> 
>> brctl addbr xenbr0
>>
>> This command will create a bridge named xenbr0 and that name is also a
>> interface name which you can assign ip address or use just as a bridge
>> itself.
> 
> Hello Malec,
> 
> Thanks for your tip.
> 
> But, when I does this command:
> btctl addif xenbr0 eth0.260
> 
> I lost my VLAN 260. And the same for 261. The network stop to ping and
> stop to work... Did you have any other tip?
> 
> Thanks
> 

What does it mean "you lost your vlan"? if you have assign an ip addres
to eth0.260 interface you will lost a communication when you add this
interface to the bridge.
Try to configure eth0.260 with no ip addr assigned, add this interface
to the bridge and assign ip address to the xenbr0 interface. You should
be able to ping your hosts in vlan260 from dom0.
I assume that you want to start new virtual machine and you want to
communicate with it from dom0 and vlan260, so you need to add this
iptables rules:

iptables -A FORWARD -m physdev --physdev-in tap+ -j ACCEPT
iptables -m physdev --physdev-out tap+ -j ACCEPT
iptables -m physdev --physdev-in eth0.260 -j ACCEPT
iptables -m physdev --physdev-out eth0.260 -j ACCEPT

- ------------------------------------------------------------------

My bridge configuration is:
mamut:~# brctl show
bridge name     bridge id               STP enabled     interfaces
br0             8000.001a4ba48746       no              vlan115
                                                        tap0
                                                        vif9.0
mamut:~# ip a
1: eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:1a:4b:a4:87:46 brd ff:ff:ff:ff:ff:ff

132: vlan115@eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc noqueue
    link/ether 00:1a:4b:a4:87:46 brd ff:ff:ff:ff:ff:ff
133: br0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc noqueue
    link/ether 00:1a:4b:a4:87:46 brd ff:ff:ff:ff:ff:ff
    inet 10.100.250.230/24 brd 10.100.250.255 scope global br0
135: vif9.0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast
qlen 32
    link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
136: tap0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 500
    link/ether 12:7f:d7:e4:77:f5 brd ff:ff:ff:ff:ff:ff

mamut:~# iptables -L FORWARD -v -n
Chain FORWARD (policy DROP 1 packets, 40 bytes)
 pkts bytes target     prot opt in     out     source
destination
  236 32002 ACCEPT     0    --  *      *       0.0.0.0/0
0.0.0.0/0           PHYSDEV match --physdev-in tap+
 4113  358K ACCEPT     0    --  *      *       0.0.0.0/0
0.0.0.0/0           PHYSDEV match --physdev-out tap+
 4107  356K ACCEPT     0    --  *      *       0.0.0.0/0
0.0.0.0/0           PHYSDEV match --physdev-in vlan115
    0     0 ACCEPT     0    --  *      *       0.0.0.0/0
0.0.0.0/0           PHYSDEV match --physdev-out vlan115
    0     0 ACCEPT     0    --  *      *       0.0.0.0/0
0.0.0.0/0           PHYSDEV match --physdev-in vif9.0

So you can see that my interface vlan115 have no ip assigned. The br0
interface have an ip, co i can communicate with vlan115 through br0
interface. iptables rules makes the bridge forward all packages from
virtual interface tap0 and from vlan.

- --
Pozdrawiam Dariusz Malec
http://www.kos.wsiz.rzeszow.pl
http://www.kos.wsiz.rzeszow.pl/~dmalec
GG:1720216
JID:dmalec@xxxxxxxxxxxxxxxxxxxxxxxxxx

"Podwładny powinien przed obliczem przełożonego mieć wygląd lichy i
durnowaty, tak by swoim pojmowaniem istoty sprawy, nie peszyć przełożonego."
Ukaz Cara Rosji Piotra I z 9 grudnia 1708 roku

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHz62WjT0NFyejOD8RAgfSAJ4+OeYbh30C8RFI3VfKG8RmDDo15wCdFwNV
Vqpk3BU/Ijqy6gsBIAi7PRI=
=Z9Tv
-----END PGP SIGNATURE-----

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-users] restoring files to guest domains, Nico Kadel-Garcia
Next by Date:  [Xen-devel] RE: general protection fault: 0000 [#1], Jan Beulich
Previous by Thread:  Re: [Xen-users] 802.1Q VLAN vs xenbr0, Angel L. Mateo
Next by Thread:  Re: [Xen-users] 802.1Q VLAN vs xenbr0, Tiago Cruz
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy