WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

[Xen-users] Migrating domUs behind a firewall backend domU

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] Migrating domUs behind a firewall backend domU
From: Jan Behrend <jbehrend@xxxxxxxxxxxxxxxxx>
Date: Mon, 14 Apr 2008 13:54:39 +0200
Delivery-date: Mon, 14 Apr 2008 04:55:16 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Organization: Max-Planck-Institut für Radioastronomie
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: KMail/1.9.5
I have the following setup:

- standard Dom0, _without_ xen bridge
- netbackend domU as a firewall, i.e. nic is exclusively used by this domU via 
pciback mechanism. This domU hosts the xen bridge and does the network setup 
for the other domUs (/etc/xen/scripts/vif-bridge etc.)

- a bunch of domUs _behind_ this firewall domU

This setup is described in
http://lists.xensource.com/archives/html/xen-users/2005-07/msg00558.html

Everything is working just fine. So far so good.
My next goal is to migrate one of the domUs _behind_ the netbackend firewall 
to another machine with the same setup.  I know I cannot migrate the 
netbackend firewall domU.

The migration works fine but unfortunately networking stops completely on the 
migrated domain. Otherwise it works just fine but has no network. This is 
what happens:

On xenhost1 I do:
# xm list
# xen16                                     15      128     1 -b----     14.4

# xm migrate xen16 xenhost2 --live
#

This is what's then shown on xenhost2:
# xm list
# xen16                                     14      128     1 -b----      0.0

The following is the kernel output on the console.  When I hit enter I see the 
login screen again:
# xm console xen16
vif vif-0: 2 reading other end details from device/vif/0
xenbus: resume (talk_to_otherend) vif-0 failed: -2

Both Xenhosts are 64bit Debian Etch (Xen 3.0.3).  The common disk is hosted on 
an iSCSI target. Kernelversion is 2.6.18-5-xen-amd64 on all of the dom0s and 
domUs. 

This is the xen16.cfg on both Xenhosts:
***snip***
kernel  = '/boot/vmlinuz-2.6.18-5-xen-amd64'
ramdisk = '/boot/initrd.img-2.6.18-5-xen-amd64'
memory  = '128'
maxmem  = '256'
root    = '/dev/sda1 ro'
disk    = 
[ 'phy:/dev/disk/by-uuid/10875585-5295-4b1c-9043-3c87d052a3e7,sda1,w', 
'phy:/dev/disk/by-uuid/b993558c-933c-4391-a7b8-c6904f934b0d,sda2,w' ]

name    = 'xen16'
vif  = [ 'mac=00:16:3E:40:53:23 , backend=netbackend' ]
on_poweroff = 'destroy'
on_reboot   = 'restart'
on_crash    = 'restart'
***snip***

I have the feeling that the migrated domU just does not get connected to the 
netbackend domU.  Because there are no network packets caught on either fo 
the firewall backends, I believe that firewall rules are not the problem. (I 
even flushed them to no avail)

Anybody having thoughts on this?  Need more information?

Cheers Jan Behrend

-- 
Jan Behrend
Max-Planck-Institut fuer Radioastronomie
Abteilung fuer Infrarot-Technologie
Auf dem Huegel 69, D-53121 Bonn (Germany)
Tel: (+49) 228 525 319, Fax: (+49) 228 525 411
http://www.mpifr-bonn.mpg.de

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

<Prev in Thread] Current Thread [Next in Thread>