WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

[Xen-users] Bridge does not deliver all packets

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] Bridge does not deliver all packets
From: Alexander Feder <e0126212@xxxxxxxxxxxxxxxxxx>
Date: Tue, 23 Jan 2007 13:30:08 +0100
Delivery-date: Tue, 23 Jan 2007 04:30:13 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Hi!

I was forced to upgrade from a perfectly working system (debian sid, kernel 2.6.16-1 with xen 3.0.2) to 2.6.18 with xen 3.0.3 due to some obscure reasons. Well, after everything was set up I realized that my domUs can no longer communicate as before. After downgrading to 2.6.16 with 3.0.2 again, the problem remains, so I am left wondering.

The domUs remained absolutely unchanged, just the cfgs were changed in such a way to match with dom0's kernel

My Setup:

dom0    = 84.xx.xxx.17
guest1  = 84.xx.xxx.231
guest2  = 84.xx.xxx.232

my hoster's gateway = 84.xx.xxx.1
my homemachine = 85.124.x.xxx

dom0 cannot ping guest1 or guest2
the ICMP packets from dom0 reach guest1 and are answered, but the replies do not reach dom0 (see below)

guest1 can ping guest2
guest1 and guest2 cannot ping the gateway
the packets ICMP-Packets do reach the gateway though, and the answers are visible when doing a tcpdump on xenbr0, but they do not reach the guests.
dom0 can ping the gateway
guest1 and guest2 receive traffic but cannot answer (e.g. when I try to ssh from my home machine)

Now the obscurities:
guest2 has apache running, a telnet from dom0 to guest on port 80 delivers a page! a telnet from my home machine to guest2 on port 80 does not deliver a page, but I can see it happening on guest2 with tcpdump
dom0 runs bind, guest1 and guest2 can resolve names with this!


Thank you very very much in advance for any hints, I've spent the entire day yesterday to find a solution without any success...

Alexander



dom0:~# cat /etc/xen/xend-config.sxp | grep -v "#" | grep [a-z]
(xend-relocation-server yes)
(xend-relocation-hosts-allow '^localhost$')
(network-script network-bridge)
(vif-script vif-bridge)
(dom0-min-mem 196)
(dom0-cpus 0)


dom0:/etc/xen# brctl show
bridge name     bridge id               STP enabled     interfaces
xenbr0          8000.feffffffffff       no              vif0.0
                                                        peth0
                                                        vif7.0
                                                        vif10.0

dom0:/etc/xen# iptables -L -vv -n
[..snip..]
Chain FORWARD (policy DROP 353 packets, 22270 bytes)
pkts bytes target prot opt in out source destination 217K 24M ACCEPT 0 -- xenbr0 xenbr0 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT 0 -- * * 84.xx.xxx.231 0.0.0.0/0 PHYSDEV match --physdev-in vif7.0 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in vif7.0 udp spt:68 dpt:67 0 0 ACCEPT 0 -- * * 84.xx.xxx.232 0.0.0.0/0 PHYSDEV match --physdev-in vif10.0 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in vif10.0 udp spt:68 dpt:67
[..snip..]

guest1:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface 84.xx.xxx.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 0.0.0.0 84.xx.xxx.1 0.0.0.0 UG 0 0 0 eth0

guest1:~# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination


guest1:~# ping -c 10 84.xx.xxx.1 &
PING 84.xx.xxx.1 (84.xx.xxx.1) 56(84) bytes of data.

--- 84.xx.xxx.1 ping statistics ---
10 packets transmitted, 0 received, 100% packet loss, time 9013ms

(meanwhile)

dom0:/etc/xen# tcpdump -vv -n -i xenbr0 | grep -i 84.xx.xxx.231
12:54:54.336514 arp who-has 84.xx.xxx.1 tell 84.xx.xxx.231
12:54:54.337108 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto: ICMP (1), length: 84) 84.xx.xxx.231 > 84.xx.xxx.1: ICMP echo request, id 28421, seq 1, length 64 12:54:54.338329 IP (tos 0x0, ttl 255, id 0, offset 0, flags [DF], proto: ICMP (1), length: 84) 84.xx.xxx.1 > 84.xx.xxx.231: ICMP echo reply, id 28421, seq 1, length 64 12:54:54.338384 IP (tos 0xc0, ttl 64, id 61484, offset 0, flags [none], proto: ICMP (1), length: 112) 84.xx.xxx.17 > 84.xx.xxx.1: ICMP redirect 84.xx.xxx.231 to host 84.xx.xxx.231, length 92 IP (tos 0x0, ttl 254, id 0, offset 0, flags [DF], proto: ICMP (1), length: 84) 84.xx.xxx.1 > 84.xx.xxx.231: ICMP echo reply, id 28421, seq 1, length 64 12:54:55.343801 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto: ICMP (1), length: 84) 84.xx.xxx.231 > 84.xx.xxx.1: ICMP echo request, id 28421, seq 2, length 64 12:54:55.344968 IP (tos 0x0, ttl 255, id 0, offset 0, flags [DF], proto: ICMP (1), length: 84) 84.xx.xxx.1 > 84.xx.xxx.231: ICMP echo reply, id 28421, seq 2, length 64 12:54:55.344994 IP (tos 0xc0, ttl 64, id 61485, offset 0, flags [none], proto: ICMP (1), length: 112) 84.xx.xxx.17 > 84.xx.xxx.1: ICMP redirect 84.xx.xxx.231 to host 84.xx.xxx.231, length 92


guest1:~# tcpdump -vv -n -c 1000 | grep -i 84.xx.xxx.1
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 11:54:55.477085 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto: ICMP (1), length: 84) 84.xx.xxx.231 > 84.xx.xxx.1: ICMP echo request, id 28421, seq 2, length 64 11:54:56.476941 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto: ICMP (1), length: 84) 84.xx.xxx.231 > 84.xx.xxx.1: ICMP echo request, id 28421, seq 3, length 64 11:54:57.476786 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto: ICMP (1), length: 84) 84.xx.xxx.231 > 84.xx.xxx.1: ICMP echo request, id 28421, seq 4, length 64


dom0:~# ping -c 3 84.xx.xxx.231
PING 84.xx.xxx.231 (84.xx.xxx.231) 56(84) bytes of data.

--- 84.xx.xxx.231 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2007ms


guest1:~# tcpdump -vv -n -c 1000 | grep -i 84.xx.xxx.17
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 11:58:56.822276 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto: ICMP (1), length: 84) 84.xx.xxx.17 > 84.xx.xxx.231: ICMP echo request, id 47386, seq 9, length 64 11:58:56.822292 IP (tos 0x0, ttl 64, id 41958, offset 0, flags [none], proto: ICMP (1), length: 84) 84.xx.xxx.231 > 84.xx.xxx.17: ICMP echo reply, id 47386, seq 9, length 64 11:58:57.822119 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto: ICMP (1), length: 84) 84.xx.xxx.17 > 84.xx.xxx.231: ICMP echo request, id 47386, seq 10, length 64 11:58:57.822135 IP (tos 0x0, ttl 64, id 41959, offset 0, flags [none], proto: ICMP (1), length: 84) 84.xx.xxx.231 > 84.xx.xxx.17: ICMP echo reply, id 47386, seq 10, length 64


guest2:~# ping -c 3 84.xx.xxx.231
PING 84.xx.xxx.231 (84.xx.xxx.231) 56(84) bytes of data.
64 bytes from 84.xx.xxx.231: icmp_seq=1 ttl=64 time=1.29 ms
64 bytes from 84.xx.xxx.231: icmp_seq=2 ttl=64 time=0.140 ms
64 bytes from 84.xx.xxx.231: icmp_seq=3 ttl=64 time=0.130 ms

--- 84.xx.xxx.231 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.130/0.521/1.294/0.546 ms


homemachine:~# ssh 84.xx.xxx.232 -p 12345

guest2:~# tcpdump -vv -n -c 1000 | grep -i 12345
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 13:13:44.677233 IP (tos 0x0, ttl 56, id 14722, offset 0, flags [DF], proto: TCP (6), length: 64) 85.124.x.xxx.49841 > 84.xx.xxxx. 232.12345: S, cksum 0x3502 (correct), 4035834129:4035834129(0) win 65535 <mss 1440,nop,wscale 0,nop,nop,timestamp 1539971965 0,sackOK,eol>





_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

<Prev in Thread] Current Thread [Next in Thread>