On Fri, Mar 30, 2007 at 10:30:12AM -0500, Jonathan A. Kollasch wrote:
> Hi
> 
> I was helping a friend of mine debug weird issue with
> Xen networking the other day.  The setup involves a
> dom0 with a single NIC (fxp(4)), vlan(4) interfaces
> attached to the fxp in the dom0, and bridged to additional
> xennet(4) interfaces in the domU.  Because the xvif/xennet pair
> seems to have a hard 1500 byte limit, the tagged packets can't
> bridged without a drop in MTU, which is undesirable.
> 
> Anyway, while from the dom0 the vlan(4) interfaces work
> as expected, the connection of the domU's xennet to the
> tagged frames on the copper is acting extremely weird.
> 
> The domU can ping6 ff02::1%xennetX both itself and the xvif
> in the dom0. The MAC table in the dom0's bridge for this interface
> shows the addresses I expect it should, sometimes entries even
> appear in the NDP/ARP tables in remote machines.  But not so
> much as a icmp ping response seems to get received by the domU.
> 
> So, outgoing from the domU seems to be working, but incoming
> seems not to.
> 
> All interfaces are marked up, and whatnot.
> 
> I tested this on two 4.99.4 Xen3 dom0s,
> and a 3.x Xen2 dom0 as well.  All the same.
> 
> Any ideas of where to look for clues as to what's causing this?

Yes: 802.1Q packets are forwarded to the vlan(4) layer and so the bridge
never see them. This just won't work, the solution is to use one
vif per vlan.

-- 
Manuel Bouyer <bouyer@antioche.eu.org>
     NetBSD: 26 ans d'experience feront toujours la difference
--