This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-users] Yet another question about multiple NICs

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] Yet another question about multiple NICs
From: Philippe Combes <Philippe.Combes@xxxxxxxxxxx>
Date: Sun, 19 Dec 2010 16:20:14 +0100
Delivery-date: Sun, 19 Dec 2010 07:21:51 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <4D0B63BF.5040402@xxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <4D0B4213.50303@xxxxxxxxxxx> <4D0B4544.4050202@xxxxxxxxxxxxxxxxxx> <4D0B5863.7000902@xxxxxxxxxxx> <4D0B63BF.5040402@xxxxxxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Thunderbird (X11/20100721)

Felix Kuperjans a écrit :
Hi Philippe,

I forgot about Xen's renaming... The firewall rules do nothing special,
they won't hurt anything.
Ip addresses are also correct (on both sides), but the routes are
probably not ok:
- The dom1 does not have a default route - so it will not be able to
reach anything outside the two subnets (but should reach anything inside
of them).

It needs not so far.

- It's interesting that dom1's firewall output shows that no packages
were processed, so maybe you didn't ping anything since the last reboot
from dom1 or the firewall was loaded by reading it's statistics...

You requested for the outputs "when <my> system has just started". Hence no packet, I guess. But shouldn't there be at least those exchanged
for the ssh connection to the dom1 ?
Anyway, after one minute or so, I get on the dom1:
# iptables -nvL
Chain INPUT (policy ACCEPT 23 packets, 884 bytes)
 pkts bytes target     prot opt in     out     source

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source

Chain OUTPUT (policy ACCEPT 4 packets, 816 bytes)
 pkts bytes target     prot opt in     out     source

Still no reasons why you can't ping local machines from the dom1 (and
sometimes even not from dom0). Have you tried pinging each other, so
dom0 -> dom1 and vice versa?

Yes I tried, and it has always worked while dom0's eth1 was up.

The only remaining thing that denies communication would be ARP, so the
output of:
# ip neigh show
on both machines *directly after* a ping would be nice (within a few
seconds - use && and a time-terminated ping).

Nothing on a machine when not connected. But when connected (here the dom0):
$ ip neigh show dev eth1 lladdr 00:16:36:e0:81:2c REACHABLE dev eth0 lladdr 00:16:38:4c:04:00 DELAY dev eth0 lladdr 00:16:36:e0:81:2e STALE dev eth0 lladdr 00:1b:24:3d:ca:95 REACHABLE dev eth0 lladdr 00:16:38:28:b5:39 REACHABLE

Does that give you any clue for further investigations ?
Thanks again,

Xen-users mailing list