On 08/09/2010 10:42, Fajar A. Nugraha wrote:
On Wed, Sep 8, 2010 at 4:18 AM, Sauro Saltini<saltini@xxxxxx> wrote:
My current configuration is :
- Xen 4.0.0
- DOM0 kernel 184.108.40.206
- DOMU kernels either 220.127.116.11 or 2.6.36-rc3 (vanilla)
As soon as I've converted the fw DomU's to a PV domain (using either
18.104.22.168 or 2.6.36-rc3 kernels with PV drivers) something changed in a
Do you mean convert it to PV domain, or keep it as HVM but use PV drivers?
I've converted it to a PV domain (builder=linux)
tcpdump on domU's vif shows no traffic, except some arp requests coming
from the firewall domU asking for the external pinged address.
on Dom0 "tcpdump -nvvi br0" (br0 = external bridge) never shows up any
What does tcpdump on domU's vif (by default it's named vifx.y, where x
and are numbers) within dom0 shows?
Does both dom0 and your PV domU has ip forwarding
Do you still use ioemu line? What does your domU config look like?
Both dom0 and domU has ip_forward activated
I have type=paravirtual for both firewall domU's nics in domU's config
my config is quite simple:
vif=[ 'type=paravirtual, bridge=br0, mac=00:16:3e:00:00:02',
'type=paravirtual, bridge=br1, mac=00:16:3e:00:00:20' ]
disk=[ 'drbd:fw,hda,w' ]
The chosen kernel is the same xenified kernel built from sources and
used for dom0
Many thanks in advance.
It seems that the packet flow interrupts in some way inside xen's PV
netfront/netback drivers (i.e. between vethx.y and vifx.y) but ONLY for
packets coming from another domU and forwarded.
As I said i can regularly ping both domU's network and external lan from
the fw domU, only the packets coming from the other domU's disappear !
Just for clarity, having :
testing (pinger) domU : 10.0.0.102 /24 (gw 10.0.0.101)
fw domU "internal" nic -eth0- (domU's gateway): 10.0.0.101 /24
fw domU "external" nic -eth1- (bridged to LAN): 192.168.99.88 /24
pinged lan host : 192.168.99.202 /24
On fw domU:
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
Pinging 192.168.99.202 from FW works, and tcpdump -nvvi on dom0 (both
listening on vifx.y or bridge) gives:
14:09:40.553104 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto
ICMP (1), length 84)
192.168.99.88 > 192.168.99.202: ICMP echo request, id 24837, seq 1,
14:09:40.553223 IP (tos 0x0, ttl 64, id 21099, offset 0, flags [none],
proto ICMP (1), length 84)
192.168.99.202 > 192.168.99.88: ICMP echo reply, id 24837, seq 1,
Pinging 192.168.99.202 from testing domU (10.0.0.102) doesn't work, and
tcpdump -nvvi on dom0 (both listening on vifx.y or bridge) gives (every
5 to 10 seconds):
14:17:29.922210 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has
192.168.99.202 tell 192.168.99.88, length 28
14:17:29.922304 ARP, Ethernet (len 6), IPv4 (len 4), Reply
192.168.99.202 is-at 00:09:6b:89:d0:8a, length 46
but no icmp traffic at all !
You can try using xenified kernel on domU and see if it helps: patch
from http://code.google.com/p/gentoo-xen-kernel/downloads/list +
kernel 22.214.171.124 (or whatever 2.6.34.x that the patch can cleanly apply
Xen-users mailing list