2nic network bridge fails

2nic network bridge fails

[Michael Stoehrel]

If I have 2 active and connected nics, the bridge fails.
"ifconfig -a" on dom0 shows 1 bridge.

If I start a vm the connected eth0 is dead.
After a reboot and disconnecting eth1.
The vm gets connection.
xen 2.04 sources installed.

Any Ideas?


Michael




-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click

Re: 2nic network bridge fails

[Felipe Alfaro Solana]

On Fri, 25 Feb 2005 00:16:18 +0000 (UTC), Michael Stoehrel
<mstoehrel@sidarion.ch> wrote:
> If I have 2 active and connected nics, the bridge fails.
> "ifconfig -a" on dom0 shows 1 bridge.
> 
> If I start a vm the connected eth0 is dead.
> After a reboot and disconnecting eth1.
> The vm gets connection.
> xen 2.04 sources installed.
> 
> Any Ideas?

In file /etc/xen/scripts/network, replace the line

netdev=${netdev:-eth0}

with

netdev=${netdev:-eth1}

This will mount the bridge over eth1 and will leave eth0 alone.


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click

Re: 2nic network bridge fails

[Michael Stoehrel]

Thanks for the idea

But, helps nothing:
after starting xend all network traffic is dead
and after starting vm:
from dom0 and vm to extern
and internal between the 2 domains





-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click

Re: Re: 2nic network bridge fails

[Nivedita Singhvi]

Michael Stoehrel wrote:
> Thanks for the idea
> 
> But, helps nothing:
> after starting xend all network traffic is dead
> and after starting vm:
> from dom0 and vm to extern
> and internal between the 2 domains

Hello Michael,

I'm trying to reproduce this - could you show us your
scripts, please, and ifconfig output before and after?

thanks,
Nivedita



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click

Re: 2nic network bridge fails

[Matthieu PATOU]

[-- Attachment #1: Type: text/plain, Size: 1365 bytes --]

On Sat, 26 Feb 2005 10:12:45 +0100
Felipe Alfaro Solana <felipe.alfaro@gmail.com> wrote:

> On Fri, 25 Feb 2005 00:16:18 +0000 (UTC), Michael Stoehrel
> <mstoehrel@sidarion.ch> wrote:
> > If I have 2 active and connected nics, the bridge fails.
> > "ifconfig -a" on dom0 shows 1 bridge.
> > 
> > If I start a vm the connected eth0 is dead.
> > After a reboot and disconnecting eth1.
> > The vm gets connection.
> > xen 2.04 sources installed.
> > 
> > Any Ideas?
> 
> In file /etc/xen/scripts/network, replace the line
> 
> netdev=${netdev:-eth0}
> 
> with
> 
> netdev=${netdev:-eth1}
> 
> This will mount the bridge over eth1 and will leave eth0 alone.
If i have well understood he wants to have two bridge.
For this you need to clone line in order to declare xen-br0 and xen-br1 in
/etc/xen/scripts/network.
I had to achieved the same before ... here is my network file 
> 
> 
> -------------------------------------------------------
> SF email is sponsored by - The IT Product Guide
> Read honest & candid reviews on hundreds of IT Products from real users.
> Discover which products truly live up to the hype. Start reading now.
> http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/xen-devel
> 
> 


[-- Attachment #2: network --]
[-- Type: application/octet-stream, Size: 5568 bytes --]

#!/bin/sh
#============================================================================
# Default Xen network start/stop script.
# Xend calls a network script when it starts.
# The script name to use is defined in /etc/xen/xend-config.sxp
# in the network-script field.
#
# This script creates a bridge (default xen-br0), adds a device
# (default eth0) to it, copies the IP addresses from the device
# to the bridge and adjusts the routes accordingly.
#
# If all goes well, this should ensure that networking stays up.
# However, some configurations are upset by this, especially
# NFS roots. If the bridged setup does not meet your needs,
# configure a different script, for example using routing instead.
#
# Usage:
#
# network (start|stop|status) {VAR=VAL}*
#
# Vars:
#
# bridge     The bridge to use (default xen-br0).
# netdev     The interface to add to the bridge (default eth0).
# antispoof  Whether to use iptables to prevent spoofing (default yes).
#
# start:
# Creates the bridge and enslaves netdev to it.
# Copies the IP addresses from netdev to the bridge.
# Deletes the routes to netdev and adds them on bridge.
#
# stop:
# Removes netdev from the bridge.
# Deletes the routes to bridge and adds them to netdev.
#
# status:
# Print ifconfig for netdev and bridge.
# Print routes.
#
#============================================================================

# Exit if anything goes wrong.
set -e 

# First arg is the operation.
OP=$1
shift

# Pull variables in args in to environment.
for arg ; do export "${arg}" ; done

bridge=${bridge:-xen-br0}
netdev=${netdev:-eth0}
antispoof=${antispoof:-yes}
bridge1=${bridge1:-xen-br1}
netdev1=${netdev1:-eth1}
antispoof1=${antispoof1:-yes}

echo "network $OP bridge=$bridge netdev=$netdev antispoof=$antispoof"

# Usage: transfer_addrs src dst
# Copy all IP addresses (including aliases) from device $src to device $dst.
transfer_addrs () {
    local src=$1
    local dst=$2
    # Don't bother if $dst already has IP addresses.
    if ip addr show dev ${dst} | egrep -q '^ *inet' ; then
        return
    fi
    # Address lines start with 'inet' and have the device in them.
    # Replace 'inet' with 'ip addr add' and change the device name $src
    # to 'dev $src'. Remove netmask as we'll add routes later.
    ip addr show dev ${src} | egrep '^ *inet' | sed -e "
s/inet/ip addr add/
s@\([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+\)/[0-9]\+@\1@
s/${src}/dev ${dst}/
" | sh -e
}

# Usage: transfer_routes src dst
# Get all IP routes to device $src, delete them, and
# add the same routes to device $dst.
# The original routes have to be deleted, otherwise adding them
# for $dst fails (duplicate routes).
transfer_routes () {
    local src=$1
    local dst=$2
    # List all routes and grep the ones with $src in.
    # Stick 'ip route del' on the front to delete.
    # Change $src to $dst and use 'ip route add' to add.
    ip route list | grep ${src} | sed -e "
h
s/^/ip route del /
P
g
s/${src}/${dst}/
s/^/ip route add /
P
d
" | sh -e
}

# Usage: create_bridge dev bridge
# Create bridge $bridge and add device $dev to it.
create_bridge () {
    local dev=$1
    local bridge=$2

    # Don't create the bridge if it already exists.
    if ! brctl show | grep -q ${bridge} ; then
        brctl addbr ${bridge}
        brctl stp ${bridge} off
        brctl setfd ${bridge} 0
    fi
    ifconfig ${bridge} up
}

# Usage: antispoofing dev bridge
# Set the default forwarding policy for $dev to drop.
# Allow forwarding to the bridge.
antispoofing () {
    local dev=$1
    local bridge=$2

    iptables -P FORWARD DROP
    iptables -A FORWARD -m physdev --physdev-in ${dev} -j ACCEPT
    iptables -A FORWARD -m physdev --physdev-out ${dev} -j ACCEPT
}

# Usage: show_status dev bridge
# Print ifconfig and routes.
show_status () {
    local dev=$1
    local bridge=$2
    
    echo '============================================================'
    ifconfig ${dev}
    ifconfig ${bridge}
    echo ' '
    ip route list
    echo ' '
    route -n
    echo '============================================================'
}

case ${OP} in
    start)
        # Create the bridge and give it the interface IP addresses.
        # Move the interface routes onto the bridge.
        create_bridge ${netdev} ${bridge}
        transfer_addrs ${netdev} ${bridge}
        transfer_routes ${netdev} ${bridge}
        create_bridge ${netdev1} ${bridge1}
        transfer_addrs ${netdev1} ${bridge1}
        transfer_routes ${netdev1} ${bridge1}
	# Don't add $dev to $bridge if it's already on a bridge.
	if ! brctl show | grep -q ${netdev} ; then
	    brctl addif ${bridge} ${netdev}
	fi
	if ! brctl show | grep -q ${netdev1} ; then
	    brctl addif ${bridge1} ${netdev1}
	fi
        
        if [ ${antispoof} == 'yes' ] ; then
            antispoofing ${netdev} ${bridge}
        fi
        if [ ${antispoof1} == 'yes' ] ; then
            antispoofing ${netdev1} ${bridge1}
        fi
       	ifconfig eth1 up 
        ;;
    
    stop)
    	ifconfig eth1 down
        # Remove the interface from the bridge.
        # Move the routes back to the interface.
        brctl delif ${bridge} ${netdev}
        transfer_routes ${bridge} ${netdev}
        brctl delif ${bridge1} ${netdev1}
        transfer_routes ${bridge1} ${netdev1}

        # It's not our place to be enabling forwarding...
        ;;

    status)
        show_status ${netdev} ${bridge}
        show_status ${netdev1} ${bridge1}
       ;;

    *)
       echo 'Unknown command: ' ${OP}
       echo 'Valid commands are: start, stop, status'
       exit 1
esac

Re: Re: 2nic network bridge fails

[B.G. Bruce]

Do you have anti-spoofing enabled? (/etc/xen/xend-config.sxp).

B.

On Sun, 2005-02-27 at 12:54, Michael Stoehrel wrote:
> Thanks for the idea
> 
> But, helps nothing:
> after starting xend all network traffic is dead
> and after starting vm:
> from dom0 and vm to extern
> and internal between the 2 domains
> 
> 
> 
> 
> 
> -------------------------------------------------------
> SF email is sponsored by - The IT Product Guide
> Read honest & candid reviews on hundreds of IT Products from real users.
> Discover which products truly live up to the hype. Start reading now.
> http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/xen-devel
> 


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click