2

Both dom0 and domU are Debian 8.

Dom0 network configuration is:

auto xenbr0
iface xenbr0 inet manual
    bridge_ports eth1
    bridge_stp off
    bridge_waitport 0
    bridge_fd 0

auto xenbr0.4
iface xenbr0.4 inet static
    address 192.168.4.13
    broadcast 192.168.4.255
    netmask 255.255.255.0
    gateway 192.168.4.1
    vlan-raw-device xenbr0

On the host I have also changed certain kernel parameters to allow forwarding and pass packets through the firewall.

# sysctl -p /etc/sysctl.conf
net.ipv4.ip_forward = 1
net.ipv4.conf.xenbr0.proxy_arp = 1
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0

The configuration file in /etc/xen/ contains the line:

vif = ['bridge=xenbr0,mac=00:16:3e:40:27:fa,ip=192.168.4.21']

Now here is the domU network configuration.

auto eth0
iface eth0 inet static
    address 192.168.4.21
    broadcast 192.168.4.255
    netmask 255.255.255.0
    gateway 192.168.4.1

After restarting networking we can see the default routes and ARP tables.

On dom0:

# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.4.1     0.0.0.0         UG    0      0        0 xenbr0.4
192.168.4.0     0.0.0.0         255.255.255.0   U     0      0        0 xenbr0.4

# arp -n
Address                  HWtype  HWaddress           Flags Mask            Iface
192.168.4.21                     (incomplete)                              xenbr0.4
192.168.4.21             ether   00:16:3e:40:27:fa   C                     xenbr0
192.168.4.1              ether   00:00:5e:00:01:05   C                     xenbr0.4
192.168.4.2              ether   00:17:7c:41:7c:ce   C                     xenbr0.4

DomU:

# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.4.1     0.0.0.0         UG    0      0        0 eth0
192.168.4.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0

# arp -n
Address                  HWtype  HWaddress           Flags Mask            Iface
192.168.4.1              ether   20:47:47:8c:d0:4c   C                     eth0

So what happens if I ping 192.168.4.1 from domU and run tcpdump on dom0?

On dom0:

# tcpdump -vv host 192.168.4.21
tcpdump: listening on xenbr0, link-type EN10MB (Ethernet), capture size 262144 bytes
11:14:57.603076 IP (tos 0x0, ttl 64, id 55216, offset 0, flags [DF], proto ICMP (1), length 84)
    domU > 192.168.4.1: ICMP echo request, id 725, seq 1, length 64
11:14:57.603086 IP (tos 0x0, ttl 63, id 55216, offset 0, flags [DF], proto ICMP (1), length 84)
    domU > 192.168.4.1: ICMP echo request, id 725, seq 1, length 64
11:14:57.621871 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has domU tell 192.168.4.1, length 46
...
8 packets captured
11 packets received by filter
0 packets dropped by kernel

DomU:

# ping 192.168.4.1
PING 192.168.4.1 (192.168.4.1) 56(84) bytes of data.
^C
--- 192.168.4.1 ping statistics ---
148 packets transmitted, 0 received, 100% packet loss, time 147000ms

I am getting similar results when pinging 192.168.4.13, and of course dom0 is able to reach external IP addresses but domU is not. Anyone have an idea of what to do next? Thanks.

  • Well, I had a similar issue with XenServer 6.2 (which is AFAIR CentOS-based). I can't remember what is the very source of the problem, but having little time to fix it we finally gave up on bridged networking with VLANs. Consider using *Open vSwitch* instead. – sam_pan_mariusz Dec 31 '15 at 14:52

0 Answers0