WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

[Xen-users] Networking in DomU

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] Networking in DomU
From: Jessica L Hartog <jessica.hartog@xxxxxxxxxxxxxx>
Date: Fri, 11 Mar 2011 13:46:43 -0500
Delivery-date: Fri, 11 Mar 2011 10:48:11 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Hello,
     I've read the FAQ and searched the mailing list but have been unable to resolve my issue with networking in DomUs.

The following things I CAN do:
+SSH from within DomU to Dom0
+SSH from within DomU to all other DomUs on the same machine
+SSH to other machines from within Dom0
+SSH from within DomU to other machines
+SSH from other machines to Dom0 (and use the xm commands to access the virtual images)

The following things I CANNOT do:
-SSH from Dom0 to DomU (The connection times out)
-SSH from other machines to DomU (The connection times out, but this one isn't as important to me)

The FAQ says that I can run ifconfig in Dom0 to verify virtualization of the ethernet port, the following is the result of running ifconfig from within Dom0 (with my IP removed of course), note there are currently 4 VMs running via Xen:
jhartog1:~$ ifconfig
eth0      Link encap:Ethernet  HWaddr 00:1a:a0:af:63:d2 
          inet addr:<omitted>  Bcast:<omitted>  Mask:255.255.252.0
          inet6 addr: <omitted> Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:19448407 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2663849 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:3555452759 (3.3 GB)  TX bytes:12136949144 (11.3 GB)

lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:95 errors:0 dropped:0 overruns:0 frame:0
          TX packets:95 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:10472 (10.2 KB)  TX bytes:10472 (10.2 KB)

peth0     Link encap:Ethernet  HWaddr 00:1a:a0:af:63:d2 
          inet6 addr: <omitted, same as eth0 inet6 addr> Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:22150257 errors:0 dropped:0 overruns:0 frame:0
          TX packets:10050627 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:4465421179 (4.1 GB)  TX bytes:12665169402 (11.7 GB)
          Interrupt:16

vif48.0   Link encap:Ethernet  HWaddr fe:ff:ff:ff:ff:ff 
          inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:81 errors:0 dropped:0 overruns:0 frame:0
          TX packets:558643 errors:0 dropped:50 overruns:0 carrier:0
          collisions:0 txqueuelen:32
          RX bytes:9514 (9.2 KB)  TX bytes:91587673 (87.3 MB)

vif49.0   Link encap:Ethernet  HWaddr fe:ff:ff:ff:ff:ff 
          inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:122 errors:0 dropped:0 overruns:0 frame:0
          TX packets:558553 errors:0 dropped:108 overruns:0 carrier:0
          collisions:0 txqueuelen:32
          RX bytes:12622 (12.3 KB)  TX bytes:91580430 (87.3 MB)

vif50.0   Link encap:Ethernet  HWaddr fe:ff:ff:ff:ff:ff 
          inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:37 errors:0 dropped:0 overruns:0 frame:0
          TX packets:558477 errors:0 dropped:86 overruns:0 carrier:0
          collisions:0 txqueuelen:32
          RX bytes:3896 (3.8 KB)  TX bytes:91565549 (87.3 MB)

vif51.0   Link encap:Ethernet  HWaddr fe:ff:ff:ff:ff:ff 
          inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:36 errors:0 dropped:0 overruns:0 frame:0
          TX packets:558378 errors:0 dropped:149 overruns:0 carrier:0
          collisions:0 txqueuelen:32
          RX bytes:3868 (3.7 KB)  TX bytes:91554047 (87.3 MB)

vnet0     Link encap:Ethernet  HWaddr be:63:d7:5b:c8:37 
          inet addr:192.168.122.1  Bcast:192.168.122.255  Mask:255.255.255.0
          inet6 addr: fe80::bc63:d7ff:fe5b:c837/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:468 (468.0 B)



The FAQ also says I should run brctl show xen-br0 to insure that bridging is working. The result of this call from Dom0 is:
jhartog1:~$ brctl show xen-br0
bridge name     bridge id               STP enabled     interfaces
eth0            8000.001aa0af63d2       no              peth0
                                                        vif48.0
                                                        vif49.0
                                                        vif50.0
                                                        vif51.0
vnet0           8000.000000000000       yes



If I'm correct in my understanding, both the ethernet virtualization and bridging are working correctly.

So, I check my DomU by using xm console to access the VM and running ifconfig from there, as per the FAQ:
$ ifconfig
eth0      Link encap:Ethernet  HWaddr 00:16:3e:45:c2:9c 
          inet addr:10.32.139.6  Bcast:10.32.255.255  Mask:255.255.0.0
          inet6 addr: fe80::216:3eff:fe45:c29c/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:545480 errors:0 dropped:0 overruns:0 frame:0
          TX packets:45 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:89978809 (85.8 MB)  TX bytes:4942 (4.8 KB)

lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)



and route is also supposed to be run, as per the FAQ:
$ route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.32.0.0       *               255.255.0.0     U     0      0        0 eth0
default         10.32.0.1       0.0.0.0         UG    100    0        0 eth0




So everything seems to be working alright. However, trying to SSH into my DomU results in timeouts over port 22 using the IP address 10.32.139.6 (also 10.32.0.0 and 10.32.0.1, for the sake of completeness).

I've tried this on several VMs, some created with static IPs (that don't stick and "dhclient" needed to be run upon start up of the DomU to establish a connection to the web), some created without (the above is from a VM created without a static IP). I've also tried this by SSHing into both root and non-root accounts in the DomU, both result in a timed out connection.

I know that this machine is behind a departmental firewall. In the event that an exception to the firewall needs to be added, what should I tell the system admin that the exception should be?

Thank You,
Jessica Hartog
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
<Prev in Thread] Current Thread [Next in Thread>