Subject: Re: Xen and VLANs
To: Johan Ihren <johani@autonomica.se>
From: Manuel Bouyer <bouyer@antioche.eu.org>
List: port-xen
Date: 01/05/2006 23:09:35
On Thu, Jan 05, 2006 at 09:46:05PM +0100, Johan Ihren wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi,
>
> I'm running a large number (~20) of DomU machines with a rather
> complex network topology
> that is based on a number of VLANs being configured in each DomU (and
> the Dom0). Most
> things are working just great: all 16 VLANs work, there are NFS
> mounted partions, NFS swap,
> ten different DHCP infrastructures on different VLANs, etc, etc.
> (This is a lab environment
> that usually takes a full classroom of computers that I'm collapsing
> into a single machine).
>
> There is just a single problem that I'm having trouble with and that
> is that my Dom0
> is unable to communicate with my DomUs when using VLANs.
>
> I have a single bridge, bridge0, configured and it is up and all
> xennetN devices plus
> the physical interface of the Dom0 (an ste0) are connected to the
> bridge. The DomUs and
> the Dom0 can communicate just fine over the bridge when not using
> VLANs but with VLANs
> configured the DomUs can still talk while the Dom0 is isolated.
>
> Here's an example with one VLAN interface, the Dom0 and two DomUs.
> All three talk just
> fine over the [ste0, xennet0, xennet0] interfaces, but over [vlan1,
> vlan1, vlan1] the
> Dom0 is isolated. I've removed the v6 stuff for brevity (it is of
> course there).
>
> Dom0:
> ste0:
> flags=8b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST>
> mtu 1500
> address: 00:05:5d:1a:88:d8
> media: Ethernet autoselect (100baseTX full-duplex)
> status: active
> inet 192.168.32.32 netmask 0xffffff00 broadcast 192.168.32.255
> vlan1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> vlan: 1 parent: ste0
> address: 00:05:5d:1a:88:d8
> inet 192.168.1.11 netmask 0xffffff00 broadcast 192.168.1.255
>
> DomU #1:
> xennet0:
> flags=8863<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> address: aa:00:00:0c:00:09
> inet 192.168.32.33 netmask 0xffffff00 broadcast 192.168.32.255
> inet alias 10.99.99.1 netmask 0xffffff00 broadcast 10.99.99.255
> vlan1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1496
> vlan: 1 parent: xennet0
> address: aa:00:00:0c:00:09
> inet 192.168.1.10 netmask 0xffffff00 broadcast 192.168.1.255
>
> DomU #2:
> xennet0:
> flags=8863<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> address: aa:00:00:00:00:01
> inet 192.168.32.1 netmask 0xffffff00 broadcast 192.168.32.255
> vlan1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1496
> vlan: 1 parent: xennet0
> address: aa:00:00:00:00:01
> inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
>
> All NetBSD 3.0REL, xentools 2.0.7 and modern stuff everywhere.
>
> Any ideas anyone?
I tried this too, and this doesn't work. The problem is with the way
bridge and vlan works, once you have a brige packets will never be
passed to the vlan interfaces (or the opposite, I don't remember).
My workaround was to bridge the N vlan interface in dom0 (creating N
xennet interface for each domU) instead of bridging the physical interface
and creating the vlans in each domU
--
Manuel Bouyer <bouyer@antioche.eu.org>
NetBSD: 26 ans d'experience feront toujours la difference
--