port-xen: Re: Xen3 + VLANs + multiple DOM0s cause loss of connectivity?

Subject: Re: Xen3 + VLANs + multiple DOM0s cause loss of connectivity?
To: Manuel Bouyer <bouyer@antioche.eu.org>
From: Johan Ihren <johani@johani.org>
List: port-xen
Date: 01/24/2008 22:11:16
Hi Manuel,

On 24 Jan 2008, at 15:58, Manuel Bouyer wrote:

>> Outside of VLANs (i.e. when configuring IPv4 and IPv6 addresses
>> directly on the xennetN then everything works just fine. VLANs
>> configured on the DOM0 also works fine. It is just the combination of
>> Xen3 + DOMU + VLANs that causes problems.
>
> What I found strange is that it worked with Xen2. Xen version is  
> probably
> not the key here, but the version of dom0.

> Basically, 802.1q paquets in dom0 are not routed to the bridge  
> interface but
> to the vlan interfaces, so these packets can't make it up to the  
> domUs.

Umm. There is confusion here, probably mine. I have lots of 802.1q  
packets that go just fine across the bridge interface between DOMUs in  
the same DOM0, and they most certainly make it up to the DOMUs. What  
the packets don't do is go across the physical switch (between DOM0s)  
that the DOM0 bridge device is connected to. So I have to challenge  
the assertion that the packets are not routed to the DOM0 bridge  
interface.

> If the dom0 kernel doesn't have 'pseudo-device vlan' then it may work.

I'll try that ASAP, but that will not be until next week when I get  
home (presently on the lower half of the planet).

> The way to do this is to have the vlan interfaces in dom0 only,  
> connect
> one bridge to each vlan and have in the domU one vif per vlan you  
> need to
> connect to.

Doesn't work for me as I need to be able to dynamically affect  
topology from inside the DOMUs. I.e. I implement nomadic behaviour by  
having DOMUs change their VLAN tag. And on occasion I have several  
dozen VLANs. There's no way I can do that with bridges and bunches of  
xennets.

I remember discussing this with you at a previous occasion when I was  
trying to have communication between the DOM0(s) and the DOMUs over  
VLANs (with very limeted success). You explained that the DOM0  
couldn't do the right thing wrt to both dealing with bridges and vlan  
interfaces and therefore VLANs on the DOM0 would not see the traffic  
arriving on the same VLAN from a DOMU (i.e. the bridge gets the  
packet, not the DOM0 vlan interface). As a consequence of that I  
stopped using VLANs entirely on the DOM0s and moved all services into  
yet another DOMU and that has worked just fine for a long time.

But now, if I understand correctly, you're saying that in the conflict  
between sending the packet to the VLAN or to the bridge the VLAN gets  
the packet. That sounds completely contrary to what you said before  
and not at all in line with my experience.

Regards,

Johan