This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-users] domU networking problem

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] domU networking problem
From: Christian Herrler <christian.herrler@xxxxxxxxxxxxxx>
Date: Thu, 18 Nov 2010 19:22:38 +0100
Delivery-date: Thu, 18 Nov 2010 10:24:06 -0800
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:mime-version:received:received:date:message-id :subject:from:to:content-type; bh=DJ9CdlMPUl1DaGQ3Yo7n8eZcgb85/LzeJQvRJR5nWio=; b=iUxtTxoUO6OSXLbRzvhYNE+AaKsZHm/zDBRdwuUFbF12safvjckCrWmepPAxCYSoAD 3Nkom6go+g20uk1y8ZaopbpZcj5+SjN0hK5axsOks3TK2KBVP5zlCaxMKKW0sL5cM60r nbMGuX4R9R/h5MRVbiD6JKEevEPfTi77SHonE=
Domainkey-signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=X4G9CxXos00fSO+DUHV81igbIJBXKY/6F08JwYNXLUUxb13sxv1Jl0wuz9ut0zU5lw CKT20uHhOQuhE//A+O88lo1ZnWEVjWhyVj531/8NfZiprfvTGQI4kr5XY0ejP2D3WDOE i++MALasYhTCjZxJJbOz8hFbCD+fMXVw56kJE=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx

I have a xen server (xen-3.0-x86_32p hvm-3.0-x86_32 hvm-3.0-x86_32p /
kernel 2.6.24-28-xen).

I have some domUs, one of them is a fli4l router, the others are
eisfair domUs (fileserver, webserver and mailserver). All of the domUs
are connected via vif network interface with a bridge in dom0.

There is a problem invoking following command in every domU:

openssl s_client -connect pop.googlemail.com:995 -showcerts

After some minutes the command stops with an ssl handshake error. In a
tcpdump I can see, that after SSLv2 Client Hello only TCP
retransmissions are sent by the domU. There is no answer from the
server. The TCP handshake with the server is ok, the TCP finish too.

If I call the same command in dom0, everything works, after SSLv2
Client Hello the server answers with SSLv2 Server Hello and so on.
Finally the requested certificate is shown.

I think there is no problem with the fli4l router because dom0 has
unlimited access. The problem could be the vif network interfaces in
my opinion.

All of the domUs have access to the internet via port 80, e.g. get a
file using wget.

Can you tell me, what the problem is?


Xen-users mailing list

<Prev in Thread] Current Thread [Next in Thread>