--- Begin Message ---
- To: linux-net@vger.kernel.org
- Subject: Re: arp problem (Linux/xen not seeing arp requests)
- From: Borut Mrak <b@aufbix.org>
- Date: Fri, 31 Aug 2007 05:32:32 +0200
- Message-id: <46D78BD0.4070108@aufbix.org>
- In-reply-to: <46D578AC.9070100@aufbix.org>
- References: <46D578AC.9070100@aufbix.org>
Some more information on this - the switch is working OK.
I now modified the config to look like this:
eth0 - xenbr0 - domUs
eth1 - vlan100 - xenbrup - domUs
- vlan200 - xenbrdmz - domUs
eth0 is connected to a port on the switch that is in vlan1 (untagged).
eth1 is connected to another port that carries vlans 100 and 200 (both
tagged).
When i connected my laptop to the switch port that usually hosts server's
eth0, I could see arp requests being sent from other systems.
Disconnecting the laptop and connecting server's eth0 again, no incoming
arp requests.
So it's definitely something going wrong on the server with Linux. I have
never seen such behaviour, usually even if the system doesn't see the
packets (for example beacuse of iptables), tcpdump is still able to see them.
I tried to put eth0 into promiscious mode, but that also made no difference.
Best regards,
Borut Mrak.
I wrote:
> Hello,
>
> I have a Xen machine that somehow does not see arp requests.
>
> The description of the problem is going to be quite long, so please bear
> with me.
>
> Switch: HP ProCurve 2524 with latest firmware (F.05.61)
> VLANs: 1 (default - internal LAN), 100 (uplink), 200 (DMZ)
> Xen machine is connected to port 25, and is being fed all three VLANs
> 802.1Q tagged.
>
> eth0 - vlan1 - xenbr0 - some xenU guest interfaces
> - vlan100 - xenbrup - xenUs
> - vlan200 - xenbrdmz - xenUs
>
> Trafic between vlans is routed by another linux machine, but that is not
> important here.
>
> When I boot the machine, I can't reach the Xen dom0 (which has an IP
> address assigned on xenbr0). Running tcpdump I don't see any incoming
> ARP requests on any of the vlan* interfaces, nor on eth0 (which is OK,
> as there is only 802.1Q tagged traffic there).
>
> What could cause this, besides the switch malfunctioning? This used to
> work when everything was setup like this:
>
> eth0 - xenbr0 - domUs
> - vlan100 - xenbrup - domUs
> - vlan200 - xenbrdmz - domUs
>
> (the difference is that VLAN 1 was not tagged to the Xen machine)
>
> but this was not OK, since the xenbr0-attached domUs were seeing some
> 802.1Q tagged traffic somehow (it should all go to vlan100 and 200
> interfaces, not over the xenbr0 bridge I think). That's why I changed
> the configuration.
>
> When I initiate any traffic from the domUs or dom0 outside (basically
> sending gratuitious ARPs), everything starts to work and is OK until the
> MAC address expires on outside hosts.
>
> Current workaround is simply running nmap -sP 10.x.x.x./20 every few
> minutes on each of the virtual machines, but taxes the CPU on the
> machine too much and is only a band-aid, not a real solution.
>
> Right now, I think the switch is simply not sending ARP requests, and I
> don't know why.
> Is it possible that Linux might somehow be blocking them in a way that
> they're not even seen by tcpdump? Is there a way to tcpdump only ARP
> requests in 802.1Q tagged frames? As I've said, I can't see them on
> vlan* interfaces, but there is simply too much traffic on eth0 to check
> without a filter.
>
> Oh, I almost forgot about the Xen machine software versions:
> dom0 is Debian 4.0 adm64
> Xen 3.0.3 (Debian package)
> dom0 and domU's are running kernel 2.6.18-4-xen-amd64 (also Debian packaged)
>
> I would be grateful for any input.
>
> best regards,
> Borut Mrak.
> -
> To unsubscribe from this list: send the line "unsubscribe linux-net" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
--- End Message ---