WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

RE: [Xen-users] Network-bridge with VLAN

To: "Gael Reignier" <gael@xxxxxxxxxx>, <xen-users@xxxxxxxxxxxxxxxxxxx>
Subject: RE: [Xen-users] Network-bridge with VLAN
From: "James Harper" <james.harper@xxxxxxxxxxxxxxxx>
Date: Sat, 8 Nov 2008 13:34:23 +1100
Cc:
Delivery-date: Fri, 07 Nov 2008 18:35:04 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <49143CE9.1040000@xxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <49134ECE.8040504@xxxxxxxxxx><90eb1dc70811061229g66d0d302q4f3293db277cc9b3@xxxxxxxxxxxxxx> <49143CE9.1040000@xxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AclA2ZK+AsN+wFnlQVuQFB/LZTTRGwAbtWKA
Thread-topic: [Xen-users] Network-bridge with VLAN
> 
> Javier Guerra wrote:
> > On Thu, Nov 6, 2008 at 3:08 PM, Gael Reignier <gael@xxxxxxxxxx>
wrote:
> >> I managed to have a VLAN running on dom0 and they work well, I can
ping
> >> other hosts in the same VLAN.
> >>
> >> But when I am trying to ping other hosts from my domU, it just does
not
> >> work (From 10.10.2.12 icmp_seq=2 Destination Host Unreachable)
> >
> > it seems you're adding the the VLAN device to the bridge; therefore
> > the DomU shouldn't use another layer of VLAN.  all the tagging
should
> > be done on Dom0
> >
> Well actually, I tried both:
> 
> - - I tried to do the tagging on Dom0 then not do any tagging on the
DomU
> 
> - - Then after reading more from a book called 'Xen Virtualization', I
> did the tagging on Dom0 and on DomU
> 
> So maybe I should try not to do any tagging on the Dom0 and do all the
> tagging in the DomU.
> What do you reckon?
> 

I haven't been following this thread so maybe you already know this, but
depending on what you want to do you may need to involve ebtables. Also,
your hardware adapter may do vlan offloading for you, which could make
things not work.

When a packet comes in on an Ethernet interface with a VLAN tag on it,
Linux has to decide what to do with it - route it onto the bridge or
make it appear on a vlan interface (eg eth0.2). ebtables can force the
situation in the way you want... I'm not sure what the default is.

Last time I tried, you couldn't 'split' a packet so that one copy went
to Dom0's local interface (eg eth0.2) and another copy remained tagged
and went onto the bridge. I did find a workaround for this via creative
use of Dom0's vif0.X/vethX interfaces, but it always crashed after a few
hours. This was a while back though.

Using ebtables you can say 'packets with vlan tag 2 go to eth0.2,
packets with vlan tag 3 go to eth0.3, all other tagged packets remain
tagged and go onto the bridge'.

If the hardware adapter supports 802.1q offload though, when you define
local interfaces eth0.2 and eth0.3, the kernel tells the adapter 'we are
interested in untagged packets, and packets with tags of 2, or 3, but
throw the rest away'. If your intention is to route other tagged packets
onto your bridge then you won't get what you expect. I'm not sure if
there is a way to turn this off either.

James

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users