Subject: Re: Networking problems
To: Matteo Beccati <php@beccati.com>
From: Jonathan A. Kollasch <jakllsch@kollasch.net>
List: port-xen
Date: 04/05/2006 01:56:55
--oj4kGyHlBMXGt3Le
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Apr 04, 2006 at 08:24:38PM +0200, Matteo Beccati wrote:
> Hi,
>=20
> I've recently switched kernel on my NetBSD 3.0 development server to be=
=20
> able to evaluate XEN. I've been able to get it running having dom0 on a=
=20
> raidframe mirrored root fs, thanks to the great how-tos. I've managed to=
=20
> install another NetBSD 3.0 as domU booting with the INSTALL_XENU kernel=
=20
> and installed installing from cdrom.
>=20
> The domU seems perfectly working, but I'm unable to have a working=20
> network configuration. If I try to ping any machine in the bridged=20
> network I receive DUP! answers, but the same doesn't happen when trying=
=20

I don't get duplicate replies in my setup.

> to reach an external IP (outside of my wireless router, which also acts=
=20
> as a dhcp server). I'm also able to resolve IPs, but the whole thing=20
> stops when trying to make TCP connections anywhere.
>=20
> From what I was able to see connections remain in SYN_SENT state. Here=20
> are some ifconfig/brconfig output:
>=20
> dom0
> ----
> # ifconfig -a
> ste0:=20
> flags=3D8b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST> mtu=
 1500
>         address: 00:05:5d:e9:f4:50
>         media: Ethernet autoselect (100baseTX full-duplex)
>         status: active
>         inet 192.168.1.100 netmask 0xffffff00 broadcast 192.168.1.255
>         inet6 fe80::205:5dff:fee9:f450%ste0 prefixlen 64 scopeid 0x1
> lo0: flags=3D8009<UP,LOOPBACK,MULTICAST> mtu 33192
>         inet 127.0.0.1 netmask 0xff000000
>         inet6 ::1 prefixlen 128
>         inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
> bridge0: flags=3D41<UP,RUNNING> mtu 1500
> xvif1.0:=20
> flags=3D8963<UP,BROADCAST,NOTRAILERS,RUNNING,PROMISC,SIMPLEX,MULTICAST>=
=20
> mtu 1500
>         address: ab:00:00:51:02:f1
>         inet6 fe80::205:5dff:fee9:f450%xvif1.0 prefixlen 64 scopeid 0x4
>=20
> # brconfig -a
> bridge0: flags=3D41<UP,RUNNING>
>         Configuration:
>                 priority 32768 hellotime 2 fwddelay 15 maxage 20
>                 ipfilter disabled flags 0x0
>         Interfaces:
>                 xvif1.0 flags=3D3<LEARNING,DISCOVER>
>                         port 4 priority 128
>                 ste0 flags=3D3<LEARNING,DISCOVER>
>                         port 1 priority 128
>         Address cache (max cache: 100, timeout: 1200):
>                 00:0f:3d:09:72:91 ste0 780 flags=3D0<>
>                 00:13:d4:88:8e:50 ste0 181 flags=3D0<>
>                 ab:00:00:50:02:f1 xvif1.0 166 flags=3D0<>
>=20
>=20
> domU
> ----
> # ifconfig -a
> lo0: flags=3D8009<UP,LOOPBACK,MULTICAST> mtu 33192
>         inet 127.0.0.1 netmask 0xff000000
>         inet6 ::1 prefixlen 128
>         inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
> xennet0: flags=3D8863<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST>=
=20
> mtu 1500
>         address: ab:00:00:50:02:f1
>         inet 192.168.1.121 netmask 0xffffff00 broadcast 192.168.1.255
>         inet6 fe80::d41d:8cd9:8f00:b204%xennet0 prefixlen 64 scopeid 0x2
>=20
>=20
> Netstat and tcpdump of a smtp connection from domU to dom0:
>=20
> Active Internet connections
> Proto Recv-Q Send-Q  Local Address          Foreign Address        State
> tcp        0      0  192.168.1.121.65519    192.168.1.100.smtp     SYN_SE=
NT
>=20
> # tcpdump port smtp &
> [1] 623
> # tcpdump: verbose output suppressed, use -v or -vv for full protocol dec=
ode
> listening on xennet0, link-type EN10MB (Ethernet), capture size 96 bytes
> # telnet 192.168.1.100 25
> Trying 192.168.1.100...
> 20:20:03.930140 IP 192.168.1.121.65517 > 192.168.1.100.smtp: S=20
> 1411259275:1411259275(0) win 32768 <mss 1460,nop,wscale=20
> 0,sackOK,nop,nop,nop,nop,timestamp 0 0>
> 20:20:03.932114 IP 192.168.1.100.smtp > 192.168.1.121.65517: S=20
> 760749685:760749685(0) ack 1411259276 win 32768 <mss 1460,nop,wscale=20
> 0,nop,nop,timestamp 0 0,sackOK,nop,nop>
> 20:20:03.932136 IP 192.168.1.100.smtp > 192.168.1.121.65517: S=20
> 760749685:760749685(0) ack 1411259276 win 32768 <mss 1460,nop,wscale=20
> 0,nop,nop,timestamp 0 0,sackOK,nop,nop>
> 20:20:06.920894 IP 192.168.1.100.smtp > 192.168.1.121.65517: S=20
> 760749685:760749685(0) ack 1411259276 win 32768 <mss 1460,nop,wscale=20
> 0,nop,nop,timestamp 6 0,sackOK,nop,nop>
> 20:20:06.921531 IP 192.168.1.100.smtp > 192.168.1.121.65517: S=20
> 760749685:760749685(0) ack 1411259276 win 32768 <mss 1460,nop,wscale=20
> 0,nop,nop,timestamp 6 0,sackOK,nop,nop>
>=20
>=20
> Could you please advise?

Some more investigation would be appreciated.  Verify that the packets
are flowing to the right place at all tcpdump-able interfaces, (the -e
flag will be useful).  Also check for appropriate entries in the ARP
tables of the various machines.

I'd venture a guess that the Xen (virtual) machines are at most
only half of this problem.

	Jonathan Kollasch

--oj4kGyHlBMXGt3Le
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (NetBSD)

iD8DBQFEM2o2Ojx1ye3hmokRAmOAAJ40yVc+Ds+b8CwDLbKlXyZhnxyh4ACfcQDI
3or74/j/znlR+45qkYEEBeA=
=3Mg4
-----END PGP SIGNATURE-----

--oj4kGyHlBMXGt3Le--