WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] Re: [Xen-devel] xen 4.1.2* dhcp issue/bug when installin

To: Pasi Kärkkäinen <pasik@xxxxxx>
Subject: Re: [Xen-users] Re: [Xen-devel] xen 4.1.2* dhcp issue/bug when installing/booting HVM domU domains (CentOS 6, unbuntu 11.04 server). Debian/OpenSolaris work fine.
From: Mark Schneider <ms@xxxxxxxxxxxxxxxxxxxxxx>
Date: Tue, 16 Aug 2011 21:05:13 +0200
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Tue, 16 Aug 2011 12:08:10 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <20110816074314.GB32373@xxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <4E498BBA.6070300@xxxxxxxxxxxxxxxxxxxxxx> <20110815214824.GY32373@xxxxxxxxxxx> <4E499680.1060409@xxxxxxxxxxxxxxxxxxxxxx> <20110815222346.GZ32373@xxxxxxxxxxx> <4E49A44E.4010108@xxxxxxxxxxxxxxxxxxxxxx> <4E49A8C2.9030104@xxxxxxxxxxxxxxxxxxxxxx> <20110816074314.GB32373@xxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.16) Gecko/20110307 Icedove/3.0.11
Am 16.08.2011 09:43, schrieb Pasi Kärkkäinen:
On Tue, Aug 16, 2011 at 01:16:18AM +0200, Mark Schneider wrote:
Am 16.08.2011 00:57, schrieb Mark Schneider:
Am 16.08.2011 00:23, schrieb Pasi Kärkkäinen:
On Mon, Aug 15, 2011 at 11:58:24PM +0200, Mark Schneider wrote:
      Pings from *centos-hvm* to default gateway *no ip-traffic
on peth0*


So here's your problem. Your bridge in dom0 is NOT forwarding the
packets out to peth0..



      root@xen411dom0:/ftp/HVM# tcpdump  -i eth0 'icmp[icmptype]
= icmp-echo and
      icmp[icmptype] != icmp-echoreply'
      tcpdump: verbose output suppressed, use -v or -vv for full
protocol decode
      listening on eth0, link-type EN10MB (Ethernet), capture
size 65535 bytes
      19:54:00.770442 IP 192.168.1.180>    192.168.1.1: ICMP echo
request, id 518,
      seq 23, length 64
      19:54:01.770958 IP 192.168.1.180>    192.168.1.1: ICMP echo
request, id 518,
      seq 24, length 64

So where are these packets going to ? They're not getting out of
dom0..

Do you have a firewall rule in dom0 that drops them?

Try these:
- In the HVM guest: run "arp -an" and check what MAC address you
see for the gateway-IP.
- In dom0: run "brctl showmacs eth0" and verify which port has
the MAC of the gateway.

[root@centoshvm ~]# arp -an
? (192.168.1.102) auf 00:1c:25:7e:fb:b7 [ether] auf eth0
? (192.168.1.124) auf b4:99:ba:c1:27:36 [ether] auf eth0

So the HVM guest has NOT received a MAC address for the gateway..
so ARP requests are not working from the HVM guest.

Do this:
- Shutdown the VM.
- Start the VM.
- Run tcpdump in dom0 (tcpdump -i tap<x>   -nn)
- Try pinging the gateway from the HVM guest.
- Paste the whole tcpdump output here.


root@xen411dom0:~# brctl showmacs eth0
port no mac addr                is local?       ageing timer
    6     00:16:3e:27:17:67       no                 3.22
    3     00:16:3e:27:20:67       no                40.85
    1     00:1c:25:7e:fb:b7       no                 0.00
    1     00:1d:7e:ad:35:a8       no                12.66
    1     b4:99:ba:c1:27:36       yes                0.00
    2     fe:ff:ff:ff:ff:ff       yes                0.00
root@xen411dom0:~# arp -an
? (192.168.1.102) auf 00:1c:25:7e:fb:b7 [ether] auf eth0
? (192.168.1.180) auf 00:16:3e:27:17:67 [ether] auf eth0
? (192.168.1.1) auf 00:1d:7e:ad:35:a8 [ether] auf eth0

Are you running some firewall (iptables or ebtables) in dom0 ?
No. It is plane wheezy with 3.0.1 kernel

and "iptables -L -n -v" does not list any rules?

root@xen411dom0:~# iptables -L -n -v
Chain INPUT (policy ACCEPT 232 packets, 25984 bytes)
pkts bytes target prot opt in out source destination

Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in peth0

Chain OUTPUT (policy ACCEPT 184 packets, 24528 bytes)
pkts bytes target prot opt in out source destination
root@xen411dom0:~#

Trace inside HVM (s. default gateway: 192.168.1.1 is-at 00:1d:7e:ad:35:a8)
# ---------------------------
[root@centoshvm ~]# tcpdump -i eth0 -nn | tee /tmp/tcpdum-eth0.txt
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
01:05:31.996278 IP 192.168.1.180.22>  192.168.1.124.40173: Flags [P.],
seq 1128465923:1128466115, ack 1021543041, win 135, options [nop,nop,TS
val 1036128 ecr 3459996], length 192
01:05:31.998526 IP 192.168.1.124.40173>  192.168.1.180.22: Flags [.],
ack 192, win 176, options [nop,nop,TS val 3460006 ecr 1036128], length 0
01:05:55.401107 ARP, Request who-has 192.168.1.1 tell 192.168.1.180,
length 28
01:05:55.402608 ARP, Reply 192.168.1.1 is-at 00:1d:7e:ad:35:a8, length 46
01:05:55.402681 IP 192.168.1.180>  192.168.1.1: ICMP echo request, id
5894, seq 1, length 64
01:05:56.399192 IP 192.168.1.180>  192.168.1.1: ICMP echo request, id
So the HVM domU gets the correct MAC of the gateway,
and starts sending packets to it.

The next step would be to dump on eth0 on dom0.. do you see the same packets 
there?

At the same time also dump on peth0, do the packets go out there to the 
physical network?

# Requests and reply on peth0 are there:
18:06:00.324825 ARP, Request who-has 192.168.1.1 tell 192.168.1.180, length 28
18:06:00.325012 ARP, Reply 192.168.1.1 is-at 00:1d:7e:ad:35:a8, length 46

# Requests and reply on eth0 are *also* there:
18:06:00.324825 ARP, Request who-has 192.168.1.1 tell 192.168.1.180, length 28
18:06:00.325012 ARP, Reply 192.168.1.1 is-at 00:1d:7e:ad:35:a8, length 46

# There are ICMP requests on eth0 but look like that there are *not forwarded* to peth0. 18:06:00.334350 IP 192.168.1.180 > 192.168.1.1: ICMP echo request, id 55045, seq 1, length 64 18:06:01.324098 IP 192.168.1.180 > 192.168.1.1: ICMP echo request, id 55045, seq 2, length 64

Any idea why? I have attached both tpcdumps.

I use the same dom0 domain for other HVMs like squeeze, wheezy or OpenSolaris and the work as expected.

Thank you / regards, Mark

--
ms@xxxxxxxxxxxxxxxxxxxxxx


Attachment: tcpdump-dom0-eth0.txt.gz
Description: application/gzip

Attachment: tcpdump-dom0-peth0.txt.gz
Description: application/gzip

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
<Prev in Thread] Current Thread [Next in Thread>