Subject: Re: vlan + bridge + xen
To: Manuel Bouyer <bouyer@antioche.eu.org>
From: Lars-Johan Liman <liman@autonomica.se>
List: port-xen
Date: 05/26/2007 22:25:17
Yow!

I'm trying to make vlans work too, and Google took me to the appended
message, but I'm struggling with your statement. It's a bit on the
brief side if you're not deep down into the layers upon layers of
deception ...  err ... networking. :-)

Is it possible to make a domU communicate both with external hosts and
with its dom0 using Q-tagged packets over the same interface?

Par example:

host A domU:
  vlan1 vlan 1 vlanif xennet0 10.0.0.1/24
  xennet0 up

host A dom0:
  vlan1 vlan 1 vlanif fxp0 10.0.0.2/24
  fxp0 up

host B dom0:
  vlan1 vlan 1 vlanif fxp0 10.0.0.3/24
  fxp0 up

Is it possible to make a configuration with bridges and other voodoo,
so that I can sit on the host A domU and successfully do:

  ping -n 10.0.0.2
  ping -n 10.0.0.3

I'm trying to create a system where the host A domU can jump between
motherships (A-dom0 and B-dom0) without having to use different
interfaces.

I can make either/or happen, but not both, by adding either
A-dom0-fxp0 _or_ A-dom0-vlan1 to A-bridge0, but adding both creates
"severe unreachability" ...

				Cheers,
				  /Liman
#----------------------------------------------------------------------
# There are 10 kinds of people in the world. Those who understand
# binary numbers, and those who don't.
#----------------------------------------------------------------------
# Lars-Johan Liman, M.Sc.	! E-mail: liman@autonomica.se
# Senior Systems Specialist     ! HTTP  : //www.autonomica.se/
# Autonomica AB, Stockholm 	! Voice : +46 8 - 615 85 72
#----------------------------------------------------------------------

bouyer@antioche.eu.org:
> On Fri, Mar 30, 2007 at 10:30:12AM -0500, Jonathan A. Kollasch wrote:
>> Hi
>> 
>> I was helping a friend of mine debug weird issue with
>> Xen networking the other day.  The setup involves a
>> dom0 with a single NIC (fxp(4)), vlan(4) interfaces
>> attached to the fxp in the dom0, and bridged to additional
>> xennet(4) interfaces in the domU.  Because the xvif/xennet pair
>> seems to have a hard 1500 byte limit, the tagged packets can't
>> bridged without a drop in MTU, which is undesirable.
>> 
>> Anyway, while from the dom0 the vlan(4) interfaces work
>> as expected, the connection of the domU's xennet to the
>> tagged frames on the copper is acting extremely weird.
>> 
>> The domU can ping6 ff02::1%xennetX both itself and the xvif
>> in the dom0. The MAC table in the dom0's bridge for this interface
>> shows the addresses I expect it should, sometimes entries even
>> appear in the NDP/ARP tables in remote machines.  But not so
>> much as a icmp ping response seems to get received by the domU.
>> 
>> So, outgoing from the domU seems to be working, but incoming
>> seems not to.
>> 
>> All interfaces are marked up, and whatnot.
>> 
>> I tested this on two 4.99.4 Xen3 dom0s,
>> and a 3.x Xen2 dom0 as well.  All the same.
>> 
>> Any ideas of where to look for clues as to what's causing this?

> Yes: 802.1Q packets are forwarded to the vlan(4) layer and so the bridge
> never see them. This just won't work, the solution is to use one
> vif per vlan.

> -- 
> Manuel Bouyer <bouyer@antioche.eu.org>
>      NetBSD: 26 ans d'experience feront toujours la difference
> --