This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-users] domU networking problem

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] domU networking problem
From: Chris <christian.herrler@xxxxxxxxxxxxxx>
Date: Wed, 17 Nov 2010 20:59:42 +0100
Delivery-date: Wed, 17 Nov 2010 12:01:28 -0800
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:subject:content-type :content-transfer-encoding; bh=DJ9CdlMPUl1DaGQ3Yo7n8eZcgb85/LzeJQvRJR5nWio=; b=UXwFklrk98ZaZAajcKEoLgUivI6JklUZ7xG2v5+EoSiZjiZzMeeHMSQsxVgdAOl6WX o3L1ewbpk1o00dsgk4Z6N4DQEIp9PM4kVeNHDLq+nRon5QwFcLGjN/F5QLE4Hl6FuaM7 BlnfP+gDHQydRspPJdf7ADe8zqicOx10t9fVw=
Domainkey-signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject :content-type:content-transfer-encoding; b=i/BlsVXFhwqM/fd7ovpeorLMAE/h+k4DGxnOLFeF+4AnMfTVEwne5g+NjyvRSKPi4X /wUsZtZgoZlPhSxSpr/PFGvQzuPDTtg04d96CwpjRa4YgxS1zLecqtm4Ic/eBFs9zU8W +/2pebz7i2VeNsSkHYBZ6eEpP/3YxDqnXWsGQ=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv: Gecko/20101027 Lightning/1.0b2 Thunderbird/3.1.6

I have a xen server (xen-3.0-x86_32p hvm-3.0-x86_32 hvm-3.0-x86_32p /
kernel 2.6.24-28-xen).

I have some domUs, one of them is a fli4l router, the others are
eisfair domUs (fileserver, webserver and mailserver). All of the domUs
are connected via vif network interface with a bridge in dom0.

There is a problem invoking following command in every domU:

openssl s_client -connect pop.googlemail.com:995 -showcerts

After some minutes the command stops with an ssl handshake error. In a
tcpdump I can see, that after SSLv2 Client Hello only TCP
retransmissions are sent by the domU. There is no answer from the
server. The TCP handshake with the server is ok, the TCP finish too.

If I call the same command in dom0, everything works, after SSLv2
Client Hello the server answers with SSLv2 Server Hello and so on.
Finally the requested certificate is shown.

I think there is no problem with the fli4l router because dom0 has
unlimited access. The problem could be the vif network interfaces in
my opinion.

All of the domUs have access to the internet via port 80, e.g. get a
file using wget.

Can you tell me, what the problem is?


Xen-users mailing list

<Prev in Thread] Current Thread [Next in Thread>