WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] Xen on production enviroment

To: xen-users@xxxxxxxxxxxxxxxxxxx, willmerstrog@xxxxxxxxxxxx
Subject: Re: [Xen-users] Xen on production enviroment
From: Tim Durack <tdurack@xxxxxxxxx>
Date: Wed, 7 Sep 2005 10:07:23 -0400
Delivery-date: Wed, 07 Sep 2005 14:05:21 +0000
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type; b=g2BoTX1eFqeikOXeY5txV4vvszhXDhk675yNjKEo/ztDUz2/53bC08delOTThH3/OP6vjLw/Ruv9wuhSyV+1dqa2mz5RK1bluweRpJeMvu9RA/BAobfkUXoL2MaO6v708G1vJKP5sCbJ5Xx15tzaCp4pzDxvQS+pYfmrmggTCpg=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Reply-to: tdurack@xxxxxxxxx
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
> I tried every possible network setup, routed, bridged-new, bridged-old,
> all to no avail. I ended up with the old style bridged setup because it
> was the last one I tried.

> Everything else works, I evenhave a DHCP server in one of the guest
> domains, which serves machines on a different subnet from the rest of
> the machines, and everything works fine (as it was before), but I
> cannot, for instance, ssh from Domain_0 to a guest domain.

> I can ssh to anyother machine and ssh back to the guest domain from
> there, and it works fine, only the direct connection fails, it hangs
> never completes. I even used ethereal to try to figure what was going
> on, but couldn't find anything, the connection just hangs there waiting
> for a packet that never arrives.

Sounds like the problem I have been experiencing.

If you examine your packet capture carefully on the failed connections, you will probably see some transport layer checksum errors (tcp/udp.)

If you want a routed setup, a workaround is to build gre tunnels over the top of the Dom0 vifX.0 <-> guest eth0 links.

The new style bridged setup works, with the apparent limitation that Dom0 can now only be attached to one bridge group.

If I remember correctly, vif0.0 should be bridged with vifX.0. veth0 should be assigned an appropriate address for your network.
Dom0 veth0 is the equivalent of eth0 in a guest, vif0.0 being the matching end of the virtual link.

Outside network access should work if you bridge eth0 in the same bridge group. Have fun if you want to run a firewall...

Tim:>
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users