WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] can't add vlans successfully

On Tue, Aug 11, 2009 at 4:31 PM, Zhang Li<cindy.zhangli@xxxxxxxxx> wrote:
> Hi, Fajar
>
>> After that, I'd test whether vlan works before throwing in bridge and
>> Xen to mix. For example, I'd create eth0.100 on top of eth0, and test
>> it. If it works, I create br100 on top of eth0.100 and move the IP
>> address to br100. After it works, I tell domU to use br100 as bridge.
>
> I tried the way you told me, every thing is OK. eth0.100 works, br100
> works and I tell domU to use br100.
> And then assign one IP ADDRESS to it. it can't ping the address of
> outside internet.

OK one at a time :D
By "br100 works", does that mean if you put IP address on that
interface, you can access outside world (or at least other hosts also
located on vlan100)?

By "And then assign one IP ADDRESS to it. it can't ping the address of
outside internet.", does that mean you put IP address on domU but it
can't access anywhere? If yes, do a ping from domU and a tcpdump on
br100 and eth0.100, see which packets are missing (does arp receives
no reply? or is it only the icmp echo/reply gone missing)

Another thing to check. Are you using old broadcom NIC with tg3
driver? If yes, it's probably firmware problem. On one of my machines
I can't get bridging to work until I updated its firmware.

>
> Another question, does the domain U must need the 8021Q? When one
> DomainU send one frame to another, will the bridge add the tag to the
> frame with 8021Q?
>
> I have some experiment here:
>
> If domain U use the 8021Q module, it will add the tag to the frame by
> itself and the vlan is setup, bridge doesn't need to add tag. But if
> domain U doesn't use 8021Q module, I think the bridge will add the tag
> to the frame, the problem of I have told still exists.  I am confused.

I'm not sure I understand your question. However you can do these:
Scenario 1: you can have eth0, create a bridge on top of it, share it
it domU, and do vlans in domU. It will work if you do NOT create the
same vlan on dom0 (e.g. do not create eth0.100 on dom0, create it only
on domUs). You may also need to set
/proc/sys/net/bridge/bridge-nf-filter-vlan-tagged to 0 (not quite sure
about this, as it has been a long time since I pass a trunk :P). From
domU perspective this is similar with connecting to a switch using a
trunk port.

Scenario2: you can do vlans on dom0, create a bridge for each vlans,
and tell domU to use the bridge. From domU perspective this is similar
with connecting to a switch using an access port.

-- 
Fajar

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users