debian lenny xen problema de rede de ponte

Question

debian lenny xen problema de rede de ponte

#1 resposta do (2 votos)
#2 resposta do (1 votos)
#3 resposta do (0 votos)

2

DomU não está falando com o mundo, mas fala com o Dom0.

Aqui estão os testes que fiz:

Dom0 (rede externa está funcionando):

ping 188.40.96.238 #Which is Domu's ip

PING 188.40.96.238 (188.40.96.238) 56(84) bytes of data.
64 bytes from 188.40.96.238: icmp_seq=1 ttl=64 time=0.092 ms

DomU:

ping 188.40.96.215 #Which is Dom0's ip

PING 188.40.96.215 (188.40.96.215) 56(84) bytes of data.
64 bytes from 188.40.96.215: icmp_seq=1 ttl=64 time=0.045 ms

ping 188.40.96.193 #Which is the gateway - fail
PING 188.40.96.193 (188.40.96.193) 56(84) bytes of data.
^C
--- 188.40.96.193 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1013ms

O sistema é debian lenny com uma configuração normal.

Aqui estão minhas configurações:

uname -a

Linux green0 2.6.26-2-xen-686 #1 SMP Wed Aug 19 08:47:57 UTC 2009 i686 GNU/Linux

cat /etc/xen/green1.cfg | grep -v '#'

kernel      = '/boot/vmlinuz-2.6.26-2-xen-686'
ramdisk     = '/boot/initrd.img-2.6.26-2-xen-686'
memory      = '2000'

root        = '/dev/xvda2 ro'
disk        = [
                  'file:/home/xen/domains/green1/swap.img,xvda1,w',
                  'file:/home/xen/domains/green1/disk.img,xvda2,w',
              ]


name        = 'green1'

vif         = [ 'ip=188.40.96.238,mac=00:16:3E:1F:C4:CC' ]

on_poweroff = 'destroy'
on_reboot   = 'restart'
on_crash    = 'restart'

ifconfig

eth0      Link encap:Ethernet  HWaddr 00:24:21:ef:2f:86  
          inet addr:188.40.96.215  Bcast:188.40.96.255  Mask:255.255.255.192
          inet6 addr: fe80::224:21ff:feef:2f86/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:3296 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2204 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:262717 (256.5 KiB)  TX bytes:330465 (322.7 KiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

peth0     Link encap:Ethernet  HWaddr 00:24:21:ef:2f:86  
          inet6 addr: fe80::224:21ff:feef:2f86/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:3407 errors:0 dropped:657431448 overruns:0 frame:0
          TX packets:2291 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:319941 (312.4 KiB)  TX bytes:338423 (330.4 KiB)
          Interrupt:16 Base address:0x8000 

vif2.0    Link encap:Ethernet  HWaddr fe:ff:ff:ff:ff:ff  
          inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:27 errors:0 dropped:0 overruns:0 frame:0
          TX packets:151 errors:0 dropped:33 overruns:0 carrier:0
          collisions:0 txqueuelen:32 
          RX bytes:1164 (1.1 KiB)  TX bytes:20974 (20.4 KiB)

ip a s

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: peth0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
    link/ether 00:24:21:ef:2f:86 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::224:21ff:feef:2f86/64 scope link 
       valid_lft forever preferred_lft forever
4: vif0.0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN 
    link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
5: veth0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN 
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
6: vif0.1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN 
    link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
7: veth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN 
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
8: vif0.2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN 
    link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
9: veth2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN 
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
10: vif0.3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN 
    link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
11: veth3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN 
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
12: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN 
    link/ether 00:24:21:ef:2f:86 brd ff:ff:ff:ff:ff:ff
    inet 188.40.96.215/26 brd 188.40.96.255 scope global eth0
    inet6 fe80::224:21ff:feef:2f86/64 scope link 
       valid_lft forever preferred_lft forever
14: vif2.0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 32
    link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
    inet6 fe80::fcff:ffff:feff:ffff/64 scope link 
       valid_lft forever preferred_lft forever

show de brctl

bridge name bridge id       STP enabled interfaces
eth0        8000.002421ef2f86   no      peth0
                            vif2.0

ip r l

Dom0:

188.40.96.192/26 dev eth0  proto kernel  scope link  src 188.40.96.215
default via 188.40.96.193 dev eth0

DomU:

188.40.96.192/26 dev eth0  proto kernel  scope link  src 188.40.96.238
default via 188.40.96.193 dev eth0

networking xen bridge

por Alexandru Plugaru 29.09.2009 / 23:07

3 respostas

Tags networking xen bridge

FreeBSD ipfw firewall_type Ferramenta de Gerenciamento do Active Directory [fechada]

score 2 · Answer 1

o script de bridge padrão faz um monte de coisas estranhas para fazer os dispositivos eth0 / peth0 .. Eu tenho muito mais sorte em configurá-lo em / etc / network / interfaces como

# The primary network interface
auto xen-br0
iface xen-br0 inet static
        address 10.2.2.44
        gateway 10.2.2.1
        netmask 255.255.255.0
        bridge_ports eth0
        bridge_stp off
        bridge_fd 0

e depois no xend-config.sxp:

(vif-script vif-bridge bridge=xen-br0)

Dessa forma, o debian configura a bridge e o xen a deixa sozinha.

Você tem acesso aos roteadores e switches? Você pode correr ou mandar alguém executar:

show ip arp 188.40.96.238
show mac-address-table address 0016.3E1F.C4CC

(ou quaisquer comandos apropriados para os dispositivos que você possui) Isso confirmaria se o seu domU é visível para o resto da rede.

score 1 · Answer 2

Certifique-se de que o switch da máquina dom0 esteja conectado para permitir vários endereços MAC por porta. Eu tinha configurado um switch Cisco com cada porta definida como "Desktop". Isso habilitou o PortFast, mas também desabilitou vários endereços MAC na porta. Todos os pacotes da VM domU foram silenciosamente descartados. Mudar a configuração da porta para "None" dentro do switch resolveu esse problema.

score 0 · Answer 3

Quando o DomU pode falar com o dom0 mas não com o mundo exterior, enquanto o dom0 pode sobre a mesma ponte, então é mais provável que você tenha um firewall no dom0 que esteja capturando os pacotes domU.

Dado que trato a bridge como um switch "on the network", e não algo dentro da esfera de controle do dom0, acabei de desligar a prática do dom0 de executar pacotes da bridge através do firewall do dom0:

sysctl {
    "net.bridge.bridge-nf-call-arptables": value => "0";
    "net.bridge.bridge-nf-call-iptables": value => "0";
    "net.bridge.bridge-nf-call-ip6tables": value => "0";
    "net.bridge.bridge-nf-filter-vlan-tagged": value => "0";
}