WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Xen
Home Products Support Community News

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
<prev [Thread] next>

Re: [Xen-users] Dom0 gateway

from [Rob Dyke] [Permanent Link][Original]
To: "Sergio Maffioletti (CSCS)" <sergio.maffioletti@xxxxxxx>
Subject: Re: [Xen-users] Dom0 gateway
From: Rob Dyke <robdyke@xxxxxxxxx>
Date: 2005年11月25日 12:51:06 +0000
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: 2005年11月25日 12:51:09 +0000
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:references; b=hwgNrmNY+McBCuDG9DDOBZ6Tbn803LXDUk4nrfn6jvF1vBg/lgwRuBXmfl09sTmDuxhsvQ4HwssxbSbQiIbZYVh+RU9M7D8tzBVlIqndz31FR1Nmkwz2uFblEylIb2hWblZcl+doHhr1wxHlGOHM7026Sxece9rHHdVLixLhsvM=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <200511251121.51478.sergio.maffioletti@xxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <200511251121.51478.sergio.maffioletti@xxxxxxx>
Reply-to: emailme@xxxxxxxxxxx
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Sergio, All,

This is very similar to the question I posted a couple of days ago regarding the networking setup on a colo server with public IPs.

My settings are similar - but I have not got an IP assigned to eth0 on domU....

On domU (FC4):
[root@dellserver ~]# brctl show xen-br0
bridge name bridge id STP enabled interfaces
xen-br0 8000.00142272e278 no eth0
vif1.0

[root@dellserver ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:14:22:72:E2:78
inet6 addr: fe80::214:22ff:fe72:e278/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:15940810 errors:0 dropped:0 overruns:0 frame:0
TX packets:42 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4185960609 (3.8 GiB) TX bytes:3566 (3.4 KiB)
Base address:0xecc0 Memory:dfde0000-dfe00000

eth1 Link encap:Ethernet HWaddr 00:14:22:72:E2:79
inet addr:85.234.137.34 Bcast:85.234.137.255 Mask:255.255.255.0
inet6 addr: fe80::214:22ff:fe72:e279/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1117214 errors:0 dropped:0 overruns:0 frame:0
TX packets:62116 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:81320608 (77.5 MiB) TX bytes:86637157 (82.6 MiB)
Base address:0xdcc0 Memory:df9e0000-dfa00000

eth1:0 Link encap:Ethernet HWaddr 00:14:22:72:E2:79
inet addr:85.234.137.35 Bcast:85.234.137.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Base address:0xdcc0 Memory:df9e0000-dfa00000

eth1:1 Link encap:Ethernet HWaddr 00:14:22:72:E2:79
inet addr:85.234.137.36 Bcast:85.234.137.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Base address:0xdcc0 Memory:df9e0000-dfa00000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:3591 errors:0 dropped:0 overruns:0 frame:0
TX packets:3591 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:290872 (284.0 KiB) TX bytes:290872 (284.0 KiB)

vif1.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:35 errors:0 dropped:0 overruns:0 frame:0
TX packets:467698 errors:0 dropped:4424 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2702 (2.6 KiB) TX bytes:26353434 (25.1 MiB)

xen-br0 Link encap:Ethernet HWaddr 00:14:22:72:E2:78
inet6 addr: fe80::200:ff:fe00:0/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1081281 errors:0 dropped:0 overruns:0 frame:0
TX packets:5 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:62848349 (59.9 MiB) TX bytes:378 (378.0 b)

[root@dellserver ~]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
85.234.137.0 * 255.255.255.0 U 0 0 0 eth1
169.254.0.0 * 255.255.0.0 U 0 0 0 eth1
default 85-234-137-1.po 0.0.0.0 UG 0 0 0 eth1
[root@dellserver ~]#


on my dom0 (FC4 also)
[root@dellserver ~]# xm console vm-colo1
************ REMOTE CONSOLE: CTRL-] TO QUIT ********

[root@vm-colo1 ~]# ifconfig
eth0 Link encap:Ethernet HWaddr BA:D0:C0:FF:EE:01
inet addr:85.234.137.244 Bcast:85.234.137.255 Mask:255.255.255.0
inet6 addr: fe80::b8d0:c0ff:feff:ee01/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:560282 errors:0 dropped:0 overruns:0 frame:0
TX packets:35 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:31647509 (30.1 MiB) TX bytes:2702 (2.6 KiB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:560 (560.0 b) TX bytes:560 (560.0 b)

[root@vm-colo1 ~]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
85.234.137.0 * 255.255.255.0 U 0 0 0 eth0
169.254.0.0 * 255.255.0.0 U 0 0 0 eth0
default dellserver.comw 0.0.0.0 UG 0 0 0 eth0
[root@vm-colo1 ~]#

What happens with this network configuration? Well I can ping eth1 on domU but I am not able to ping e.g. the network gateway.

As you can see from my iptables output I have tried to use the rules as outlined in the xensource wiki.

root@dellserver ~]# iptables -L
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere PHYSDEV match --physdev-in eth0 ! --physdev-out eth0
ACCEPT all -- anywhere anywhere PHYSDEV match ! --physdev-in eth0 --physdev-out eth0
RH-Firewall-1-INPUT all -- anywhere anywhere

Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT ipv6-crypt-- anywhere anywhere
ACCEPT ipv6-auth-- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:5353
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:imap
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:domain
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
[root@dellserver ~]#


Any thoughts on how I should be structuring my networking to resolve this problem please?

Thanks.
Rob



On 11/25/05, Sergio Maffioletti (CSCS) <sergio.maffioletti@xxxxxxx> wrote:
Dear All

I'm getting little bit confuse with networking settings for Dom0 when domUs
are configured with public IP addresses.

I'm not really sure whether dom0 really needs to setup any particular iptable
or not.

basically each domU I have uses the subnet gateway and the default DNS as they
were "ordinary" nodes.

on dom0 (debian 2.4.30) : ifconfig
-----------------
eth0 Link encap:Ethernet HWaddr 00:0F:1F:D8:3B:59
inet addr:148.187.33.171 Bcast:148.187.33.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:11167773 errors:0 dropped:0 overruns:0 frame:0
TX packets:12111328 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:932153715 (888.9 MiB) TX bytes:3032069910 (2.8 GiB)
Interrupt:16

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask: 255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:28372 errors:0 dropped:0 overruns:0 frame:0
TX packets:28372 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2153493 (2.0 MiB) TX bytes:2153493 (2.0 MiB)

vif1.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:28703 errors:0 dropped:0 overruns:0 frame:0
TX packets:2897647 errors:0 dropped:124 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2278631 (2.1 MiB) TX bytes:182743341 (174.2 MiB)

vif4.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:45984 errors:0 dropped:0 overruns:0 frame:0
TX packets:2879171 errors:0 dropped:207 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:6263702 (5.9 MiB) TX bytes:179213789 (170.9 MiB)

xen-br0 Link encap:Ethernet HWaddr 00:0F:1F:D8:3B:59
inet addr:148.187.33.171 Bcast:148.187.33.255 Mask:255.255.255.255
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:11149307 errors:0 dropped:0 overruns:0 frame:0
TX packets:12099488 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:709590887 (676.7 MiB) TX bytes:2982270139 (2.7 GiB)
-----------------

on domU vif4.0 (slc-3.0.5 kernel 2.4.30) ifconfig
eth0 Link encap:Ethernet HWaddr AA:14:00:00:00:03
inet addr:148.187.33.220 Bcast:148.187.33.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2891601 errors:0 dropped:0 overruns:0 frame:0
TX packets:46389 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:179968772 (171.6 Mb) TX bytes:6352167 (6.0 Mb)

on domU vif1.0 (slc-3.0.5 kernel 2.4.30) ifconfig
eth0 Link encap:Ethernet HWaddr AA:14:00:00:00:01
inet addr:148.187.33.168 Bcast:148.187.33.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2910674 errors:0 dropped:0 overruns:0 frame:0
TX packets:28838 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:183542936 (175.0 Mb) TX bytes:2288739 (2.1 Mb)


and everything seems to work beside that vif4.0 cannot ping vif1.0 (vice versa
works indeed)

I'm also experiencing temporary (order of 10 seconds) domUs unreachable.
does this has anything to do with the scheduler ?
or am I just lucky that with a screwed up configuration things are randomly
working ?

thanks for any suggestion
Regards
Sergio :)

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users 

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date: Re: [Xen-users] How to get the X started on the DomU , Sanjay Upadhyay
Next by Date: Re: [Xen-users] Error on xm create , Steven Hand
Previous by Thread: [Xen-users] Dom0 gateway , Sergio Maffioletti (CSCS)
Next by Thread: [Xen-users] Error on xm create , Andrew Turnbull
Indexes: [Date] [Thread] [Top] [All Lists]

Copyright ©, Citrix Systems Inc. All rights reserved. Legal and Privacy
Citrix This site is hosted by Citrix

AltStyle によって変換されたページ (->オリジナル) /