* Paravirtualization
@ 2007-10-02 16:32 xeb-JGs/UdohzUI
0 siblings, 0 replies; 4+ messages in thread
From: xeb-JGs/UdohzUI @ 2007-10-02 16:32 UTC (permalink / raw)
To: kvm-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f
On official web site said:
In progress:
* Paravirtualized networking
* Paravirtualized block device
Where can find sources of that work, if it is possible ?
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
^ permalink raw reply [flat|nested] 4+ messages in thread* ipv4 regression in 2.6.31 ?
@ 2009-09-14 13:09 Stephan von Krawczynski
2009-09-14 13:57 ` Eric Dumazet
0 siblings, 1 reply; 4+ messages in thread
From: Stephan von Krawczynski @ 2009-09-14 13:09 UTC (permalink / raw)
To: linux-kernel; +Cc: davem
Hello all,
today we experienced some sort of regression in 2.6.31 ipv4 implementation, or
at least some incompatibility with former 2.6.30.X kernels.
We have the following situation:
---------- vlan1@eth0 192.168.2.1/24
/
host A 192.168.1.1/24 eth0 -------<router> host B
\
---------- eth1 192.168.3.1/24
Now, if you route 192.168.1.0/24 via interface vlan1@eth0 on host B and let
host A ping 192.168.2.1 everything works. But if you route 192.168.1.0/24 via
interface eth1 on host B and let host A ping 192.168.2.1 you get no reply.
With tcpdump we see the icmp packets arrive at vlan1@eth0, but no icmp echo
reply being generated neither on vlan1 nor eth1.
Kernels 2.6.30.X and below do not show this behaviour.
Is this intended? Do we need to reconfigure something to restore the old
behaviour?
--
Regards,
Stephan
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: ipv4 regression in 2.6.31 ?
2009-09-14 13:09 ipv4 regression in 2.6.31 ? Stephan von Krawczynski
@ 2009-09-14 13:57 ` Eric Dumazet
2009-09-14 15:55 ` Stephan von Krawczynski
0 siblings, 1 reply; 4+ messages in thread
From: Eric Dumazet @ 2009-09-14 13:57 UTC (permalink / raw)
To: Stephan von Krawczynski; +Cc: linux-kernel, davem, Linux Netdev List
Stephan von Krawczynski a écrit :
> Hello all,
>
> today we experienced some sort of regression in 2.6.31 ipv4 implementation, or
> at least some incompatibility with former 2.6.30.X kernels.
>
> We have the following situation:
>
> ---------- vlan1@eth0 192.168.2.1/24
> /
> host A 192.168.1.1/24 eth0 -------<router> host B
> \
> ---------- eth1 192.168.3.1/24
>
>
> Now, if you route 192.168.1.0/24 via interface vlan1@eth0 on host B and let
> host A ping 192.168.2.1 everything works. But if you route 192.168.1.0/24 via
> interface eth1 on host B and let host A ping 192.168.2.1 you get no reply.
> With tcpdump we see the icmp packets arrive at vlan1@eth0, but no icmp echo
> reply being generated neither on vlan1 nor eth1.
> Kernels 2.6.30.X and below do not show this behaviour.
> Is this intended? Do we need to reconfigure something to restore the old
> behaviour?
>
Asymetric routing ?
Check your rp_filter settings
grep . `find /proc/sys/net -name rp_filter`
rp_filter - INTEGER
0 - No source validation.
1 - Strict mode as defined in RFC3704 Strict Reverse Path
Each incoming packet is tested against the FIB and if the interface
is not the best reverse path the packet check will fail.
By default failed packets are discarded.
2 - Loose mode as defined in RFC3704 Loose Reverse Path
Each incoming packet's source address is also tested against the FIB
and if the source address is not reachable via any interface
the packet check will fail.
Current recommended practice in RFC3704 is to enable strict mode
to prevent IP spoofing from DDos attacks. If using asymmetric routing
or other complicated routing, then loose mode is recommended.
conf/all/rp_filter must also be set to non-zero to do source validation
on the interface
Default value is 0. Note that some distributions enable it
in startup scripts.
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: ipv4 regression in 2.6.31 ?
2009-09-14 13:57 ` Eric Dumazet
@ 2009-09-14 15:55 ` Stephan von Krawczynski
2009-09-14 16:10 ` Paravirtualization Richard B. Johnson
0 siblings, 1 reply; 4+ messages in thread
From: Stephan von Krawczynski @ 2009-09-14 15:55 UTC (permalink / raw)
To: Eric Dumazet; +Cc: linux-kernel, davem, Linux Netdev List
On Mon, 14 Sep 2009 15:57:03 +0200
Eric Dumazet <eric.dumazet@gmail.com> wrote:
> Stephan von Krawczynski a écrit :
> > Hello all,
> >
> > today we experienced some sort of regression in 2.6.31 ipv4 implementation, or
> > at least some incompatibility with former 2.6.30.X kernels.
> >
> > We have the following situation:
> >
> > ---------- vlan1@eth0 192.168.2.1/24
> > /
> > host A 192.168.1.1/24 eth0 -------<router> host B
> > \
> > ---------- eth1 192.168.3.1/24
> >
> >
> > Now, if you route 192.168.1.0/24 via interface vlan1@eth0 on host B and let
> > host A ping 192.168.2.1 everything works. But if you route 192.168.1.0/24 via
> > interface eth1 on host B and let host A ping 192.168.2.1 you get no reply.
> > With tcpdump we see the icmp packets arrive at vlan1@eth0, but no icmp echo
> > reply being generated neither on vlan1 nor eth1.
> > Kernels 2.6.30.X and below do not show this behaviour.
> > Is this intended? Do we need to reconfigure something to restore the old
> > behaviour?
> >
>
> Asymetric routing ?
>
> Check your rp_filter settings
>
> grep . `find /proc/sys/net -name rp_filter`
>
> rp_filter - INTEGER
> 0 - No source validation.
> 1 - Strict mode as defined in RFC3704 Strict Reverse Path
> Each incoming packet is tested against the FIB and if the interface
> is not the best reverse path the packet check will fail.
> By default failed packets are discarded.
> 2 - Loose mode as defined in RFC3704 Loose Reverse Path
> Each incoming packet's source address is also tested against the FIB
> and if the source address is not reachable via any interface
> the packet check will fail.
>
> Current recommended practice in RFC3704 is to enable strict mode
> to prevent IP spoofing from DDos attacks. If using asymmetric routing
> or other complicated routing, then loose mode is recommended.
>
> conf/all/rp_filter must also be set to non-zero to do source validation
> on the interface
>
> Default value is 0. Note that some distributions enable it
> in startup scripts.
Ok, here you can see 2.6.31 values from the discussed box:
(remember, no ping reply in this setup)
/proc/sys/net/ipv4/conf/all/rp_filter:1
/proc/sys/net/ipv4/conf/default/rp_filter:0
/proc/sys/net/ipv4/conf/lo/rp_filter:0
/proc/sys/net/ipv4/conf/eth2/rp_filter:0
/proc/sys/net/ipv4/conf/eth0/rp_filter:0
/proc/sys/net/ipv4/conf/eth1/rp_filter:0
/proc/sys/net/ipv4/conf/vlan1/rp_filter:0
And these are from the same box with 2.6.30.5:
(ping reply works)
/proc/sys/net/ipv4/conf/all/rp_filter:1
/proc/sys/net/ipv4/conf/default/rp_filter:0
/proc/sys/net/ipv4/conf/lo/rp_filter:0
/proc/sys/net/ipv4/conf/eth2/rp_filter:0
/proc/sys/net/ipv4/conf/eth0/rp_filter:0
/proc/sys/net/ipv4/conf/eth1/rp_filter:0
/proc/sys/net/ipv4/conf/vlan1/rp_filter:0
As you can see they're all the same. Does this mean that rp_filter never
really worked as intended before 2.6.31 ? Or does it mean that rp_filter=0
(eth1 and vlan1) gets overriden by all/rp_filter=1 in 2.6.31 and not before?
--
Regards,
Stephan
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Paravirtualization
2009-09-14 15:55 ` Stephan von Krawczynski
@ 2009-09-14 16:10 ` Richard B. Johnson
0 siblings, 0 replies; 4+ messages in thread
From: Richard B. Johnson @ 2009-09-14 16:10 UTC (permalink / raw)
To: linux-kernel
[-- Attachment #1: Type: text/plain, Size: 379 bytes --]
On Linux-2.6.30.5, if I turn on paravirtualization in ".config" and build
the kernel, the new kernel boots okay. However, many programs seg-fault. For
instance, it is impossible to rebuild the kernel without rebooting to
another Linux version. Is this a known problem?
I have attached some configuration information.
Cheers,
Richard B. Johnson
http://Route495Software.com/
[-- Attachment #2: config.gz --]
[-- Type: application/x-gzip, Size: 25434 bytes --]
[-- Attachment #3: cpuinfo.txt --]
[-- Type: text/plain, Size: 506 bytes --]
processor : 0
vendor_id : GenuineIntel
cpu family : 15
model : 2
model name : Intel(R) Pentium(R) 4 CPU 2.66GHz
stepping : 7
cpu MHz : 2672.986
cache size : 512 KB
fdiv_bug : no
hlt_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 2
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe up pebs bts cid xtpr
bogomips : 5345.97
clflush size : 64
power management:
[-- Attachment #4: gcc-vers.txt --]
[-- Type: text/plain, Size: 250 bytes --]
gcc (GCC) 4.3.2 20081105 (Red Hat 4.3.2-7)
Copyright (C) 2008 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
^ permalink raw reply [flat|nested] 4+ messages in thread
* paravirtualization
@ 2007-02-12 13:02 Omar Khan
[not found] ` <loom.20070212T135708-765-eS7Uydv5nfjZ+VzJOa5vwg@public.gmane.org>
0 siblings, 1 reply; 4+ messages in thread
From: Omar Khan @ 2007-02-12 13:02 UTC (permalink / raw)
To: kvm-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f
The paravirtualization announcement by Ingo Molnar said that:
- it provides an ad-hoc paravirtualization hypercall API between a Linux
guest and a Linux host. (this will be replaced with a proper
hypercall later on.)
Is it possible to modify a non-linux guest to take advantage of this hypercall
API? or are there conditions that prevent us from doing this?
Omar
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier.
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2009-09-14 16:29 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-10-02 16:32 Paravirtualization xeb-JGs/UdohzUI
-- strict thread matches above, loose matches on Subject: below --
2009-09-14 13:09 ipv4 regression in 2.6.31 ? Stephan von Krawczynski
2009-09-14 13:57 ` Eric Dumazet
2009-09-14 15:55 ` Stephan von Krawczynski
2009-09-14 16:10 ` Paravirtualization Richard B. Johnson
2007-02-12 13:02 paravirtualization Omar Khan
[not found] ` <loom.20070212T135708-765-eS7Uydv5nfjZ+VzJOa5vwg@public.gmane.org>
2007-02-13 4:36 ` paravirtualization richardvoigt-Re5JQEeQqe8AvxtiuMwx3w
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.