Re: xen networking

To: Iain Hibbert <plunky%ogmig.net@localhost>
Subject: Re: xen networking
From: Dima Veselov <kab00m%lich.phys.spbu.ru@localhost>
Date: Sat, 6 Jun 2020 14:31:41 +0300

On Sat, Jun 06, 2020 at 11:12:25AM +0100, Iain Hibbert wrote:


Real network - wm0 (dom0) br0 - xennet0 (domU) xennet1 - br1 (dom0) br1 - domU xennet0

> Unfortunately, I think, if I get domU-router to issue a DHCP request, what
> happens is that it goes out onto bridge0 with the domU-router MAC address
> as source.

Do you want domU-router to get an IP with mac-address of dom0 as it sounds?
This will never happen, bridge is like a switch - every server have its own
unique mac.

There should be something about your network configuration. I suppose you
make this setup complexed because you have some limitations in real network
connected to wm0, but we need to know what they are.


Well, I only have a single IP available. I was trying to run these
services on the domU rather than the dom0 for security. Perhaps that is
not ultimately necessary.


Are dom0 and domU-router both NetBSD btw? If you don't have console for dom0
it's lot easier to leave wm0 network intact and use dom0 as router/NAT.

As it sounds to me - DHCP server which you try to use accept only dom0's wm0
mac address. If it is so - you can either use dom0 as a router/NAT instead
or swap mac addresses between dom0 and domU-router.


Hm ok, perhaps that would be an option. I can assign whatever MAC address
on the domU that I like. I don't think I can actually remove the wm0 MAC
but could add something else as the active address.


That will work.

> I can see it with tcpdump on wm0 but I don't know if it
> actually goes out on the wire, and nothing ever comes back.

Once you see it on dom0 wm0 you can be sure its on the wire. tcpdump capture
output packets after all processing. There are some problematic cases when
its not true but I would check it only as a last shot.


Ah. That means that the upstream is not speaking to me then. I presume
they have some kind of filtering (probably a MAC=>IP table)


That's common for service providers to store initial MAC address and filter
both DHCP requests and traffic from other MACs.

--
Sincerely yours,
Dima Veselov
Physics R&D Establishment of Saint-Petersburg University

Follow-Ups:
- Re: xen networking
  - From: Iain Hibbert

References:
- xen networking
  - From: Iain Hibbert
- Re: xen networking
  - From: Dima Veselov
- Re: xen networking
  - From: Iain Hibbert

Prev by Date: Re: xen networking
Next by Date: Re: xen networking
Previous by Thread: Re: xen networking
Next by Thread: Re: xen networking
Indexes:

Home | Main Index | Thread Index | Old Index