Mailing List Archive: Networking change in Xen unstable

Networking change in Xen unstable

Jul 8, 2005, 8:45 AM

Post #1 of 8 (1006 views)

Hello,

I'm now using Xen unstable, which works very nice.
For me it's generally more stable than 2.0 (no FPU problem now).

I have noticed that veth0 and vif0.0 appear in net devices,
and veth0 is attached to xen-br0. Routing to the bridge network is
now through veth0, instead of xen-br0 like it used to be.

The problem is, my iptables configuration (on dom0) complains
with this setup. This message appears in kernel log (dmesg):

Performing cross-bridge DNAT requires IP forwarding to be enabled

I'm DNATting DNS requests from Internet to domU, and it doesn't work.

Killing veth0 and assigning IP address to xen-br0 fix this problem:

# ifconfig veth0 0.0.0.0
# ifconfig xen-br0 10.1.1.1 netmask 255.255.255.0

Frontend net device is disabled in dom0 kernel .config.

Could someone explain what is veth0 and its purpose?

Thanks,
--
Takeshi

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Re: Networking change in Xen unstable [ In reply to ]

webmaster at proteus2

Jul 8, 2005, 10:27 AM

Post #2 of 8 (995 views)

Permalink

Hello,
i would think that all you would need to so if thats the error you get
is to enable ip forwarding in the dom0 kernel. Generally that is done
with

echo "1" > /proc/sys/net/ipv4/ip_forward

if memory serves, I believe you have to reboot for this to take effect.

Hope this helps you out some.
John Fairbairn

> Hello,
>
> I'm now using Xen unstable, which works very nice.
> For me it's generally more stable than 2.0 (no FPU problem now).
>
> I have noticed that veth0 and vif0.0 appear in net devices,
> and veth0 is attached to xen-br0. Routing to the bridge network is
> now through veth0, instead of xen-br0 like it used to be.
>
> The problem is, my iptables configuration (on dom0) complains
> with this setup. This message appears in kernel log (dmesg):
>
> Performing cross-bridge DNAT requires IP forwarding to be enabled
>
> I'm DNATting DNS requests from Internet to domU, and it doesn't work.
>
> Killing veth0 and assigning IP address to xen-br0 fix this problem:
>
> # ifconfig veth0 0.0.0.0
> # ifconfig xen-br0 10.1.1.1 netmask 255.255.255.0
>
> Frontend net device is disabled in dom0 kernel .config.
>
> Could someone explain what is veth0 and its purpose?
>
> Thanks,
> --
> Takeshi
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@lists.xensource.com
> http://lists.xensource.com/xen-users
>

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Re: Networking change in Xen unstable [ In reply to ]

cwh0803 at cs

Jul 8, 2005, 10:42 AM

Post #3 of 8 (993 views)

Permalink

On Fri, 8 Jul 2005, John Fairbairn wrote:

> Hello,
> i would think that all you would need to so if thats the error you get
> is to enable ip forwarding in the dom0 kernel. Generally that is done
> with
>
> echo "1" > /proc/sys/net/ipv4/ip_forward
>
> if memory serves, I believe you have to reboot for this to take effect.

/proc is a viritual filesystem -- reboot and its' contents are lost..

If you want to make it "permanent", look into sysctl..

Hope this helps..

Carl

> > Hello,
> >
> > I'm now using Xen unstable, which works very nice.
> > For me it's generally more stable than 2.0 (no FPU problem now).
> >
> > I have noticed that veth0 and vif0.0 appear in net devices,
> > and veth0 is attached to xen-br0. Routing to the bridge network is
> > now through veth0, instead of xen-br0 like it used to be.
> >
> > The problem is, my iptables configuration (on dom0) complains
> > with this setup. This message appears in kernel log (dmesg):
> >
> > Performing cross-bridge DNAT requires IP forwarding to be enabled
> >
> > I'm DNATting DNS requests from Internet to domU, and it doesn't work.
> >
> > Killing veth0 and assigning IP address to xen-br0 fix this problem:
> >
> > # ifconfig veth0 0.0.0.0
> > # ifconfig xen-br0 10.1.1.1 netmask 255.255.255.0
> >
> > Frontend net device is disabled in dom0 kernel .config.
> >
> > Could someone explain what is veth0 and its purpose?
> >
> > Thanks,
> > --
> > Takeshi
> >
> > _______________________________________________
> > Xen-users mailing list
> > Xen-users@lists.xensource.com
> > http://lists.xensource.com/xen-users
> >
>
>
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@lists.xensource.com
> http://lists.xensource.com/xen-users
>

- --

"There are 10 types of people in the world: Those who understand binary
and those that don't."

$>whoami: Carl Holtje
$>mail holtje: cwh0803@cs.rit.edu
$>cu: http://www.cs.rit.edu/~cwh0803
$>whois holtje:
Segmentation Fault
$>

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Re: Networking change in Xen unstable [ In reply to ]

ts1 at tsn

Jul 9, 2005, 1:18 AM

Post #4 of 8 (996 views)

Permalink

Hello John,
ip_forward has been always on.
This machine is working also as a router for other PCs at my home.
Thanks for reply anyway.

On Fri, Jul 08, 2005 at 12:27:50PM -0500, John Fairbairn wrote:
> Hello,
> i would think that all you would need to so if thats the error you get
> is to enable ip forwarding in the dom0 kernel. Generally that is done
> with
>
> echo "1" > /proc/sys/net/ipv4/ip_forward
>
> if memory serves, I believe you have to reboot for this to take effect.
>
> Hope this helps you out some.
> John Fairbairn
>
> > Hello,
> >
> > I'm now using Xen unstable, which works very nice.
> > For me it's generally more stable than 2.0 (no FPU problem now).
> >
> > I have noticed that veth0 and vif0.0 appear in net devices,
> > and veth0 is attached to xen-br0. Routing to the bridge network is
> > now through veth0, instead of xen-br0 like it used to be.
> >
> > The problem is, my iptables configuration (on dom0) complains
> > with this setup. This message appears in kernel log (dmesg):
> >
> > Performing cross-bridge DNAT requires IP forwarding to be enabled
> >
> > I'm DNATting DNS requests from Internet to domU, and it doesn't work.
> >
> > Killing veth0 and assigning IP address to xen-br0 fix this problem:
> >
> > # ifconfig veth0 0.0.0.0
> > # ifconfig xen-br0 10.1.1.1 netmask 255.255.255.0
> >
> > Frontend net device is disabled in dom0 kernel .config.
> >
> > Could someone explain what is veth0 and its purpose?
> >
> > Thanks,
> > --
> > Takeshi
> >
> > _______________________________________________
> > Xen-users mailing list
> > Xen-users@lists.xensource.com
> > http://lists.xensource.com/xen-users
> >
>
>
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@lists.xensource.com
> http://lists.xensource.com/xen-users

--
$B$=$M(B

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Re: Networking change in Xen unstable [ In reply to ]

mark.williamson at cl

Jul 9, 2005, 9:46 AM

Post #5 of 8 (995 views)

Permalink

> > echo "1" > /proc/sys/net/ipv4/ip_forward
> >
> > if memory serves, I believe you have to reboot for this to take effect.
>
> /proc is a viritual filesystem -- reboot and its' contents are lost..

There's a file called (something like) /etc/sysctl.conf for setting /proc/sys
values persistently (they're set again at each boot).

Cheers,
Mark

> If you want to make it "permanent", look into sysctl..
>
> Hope this helps..
>
> Carl
>
> > > Hello,
> > >
> > > I'm now using Xen unstable, which works very nice.
> > > For me it's generally more stable than 2.0 (no FPU problem now).
> > >
> > > I have noticed that veth0 and vif0.0 appear in net devices,
> > > and veth0 is attached to xen-br0. Routing to the bridge network is
> > > now through veth0, instead of xen-br0 like it used to be.
> > >
> > > The problem is, my iptables configuration (on dom0) complains
> > > with this setup. This message appears in kernel log (dmesg):
> > >
> > > Performing cross-bridge DNAT requires IP forwarding to be enabled
> > >
> > > I'm DNATting DNS requests from Internet to domU, and it doesn't work.
> > >
> > > Killing veth0 and assigning IP address to xen-br0 fix this problem:
> > >
> > > # ifconfig veth0 0.0.0.0
> > > # ifconfig xen-br0 10.1.1.1 netmask 255.255.255.0
> > >
> > > Frontend net device is disabled in dom0 kernel .config.
> > >
> > > Could someone explain what is veth0 and its purpose?
> > >
> > > Thanks,
> > > --
> > > Takeshi
> > >
> > > _______________________________________________
> > > Xen-users mailing list
> > > Xen-users@lists.xensource.com
> > > http://lists.xensource.com/xen-users
> >
> > _______________________________________________
> > Xen-users mailing list
> > Xen-users@lists.xensource.com
> > http://lists.xensource.com/xen-users
>
> - --
>
> "There are 10 types of people in the world: Those who understand binary
> and those that don't."
>
> $>whoami: Carl Holtje
> $>mail holtje: cwh0803@cs.rit.edu
> $>cu: http://www.cs.rit.edu/~cwh0803
> $>whois holtje:
> Segmentation Fault
> $>
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@lists.xensource.com
> http://lists.xensource.com/xen-users

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Re: Networking change in Xen unstable [ In reply to ]

ts1 at tsn

Jul 9, 2005, 9:12 PM

Post #6 of 8 (997 views)

Permalink

Hello Mark,
So, could you answer to my original question?
Networking change in unstable breaks my network configuration.
/proc/sys/net/ipv4/ip_forward is not the culprit, since it's been
enabled for years.
What is veth0 thing?
Now I have to kill it after every reboot.

On Sat, Jul 09, 2005 at 05:46:51PM +0100, Mark Williamson wrote:
> > > echo "1" > /proc/sys/net/ipv4/ip_forward
> > >
> > > if memory serves, I believe you have to reboot for this to take effect.
> >
> > /proc is a viritual filesystem -- reboot and its' contents are lost..
>
> There's a file called (something like) /etc/sysctl.conf for setting /proc/sys
> values persistently (they're set again at each boot).
>
> Cheers,
> Mark
>
> > If you want to make it "permanent", look into sysctl..
> >
> > Hope this helps..
> >
> > Carl
> >
> > > > Hello,
> > > >
> > > > I'm now using Xen unstable, which works very nice.
> > > > For me it's generally more stable than 2.0 (no FPU problem now).
> > > >
> > > > I have noticed that veth0 and vif0.0 appear in net devices,
> > > > and veth0 is attached to xen-br0. Routing to the bridge network is
> > > > now through veth0, instead of xen-br0 like it used to be.
> > > >
> > > > The problem is, my iptables configuration (on dom0) complains
> > > > with this setup. This message appears in kernel log (dmesg):
> > > >
> > > > Performing cross-bridge DNAT requires IP forwarding to be enabled
> > > >
> > > > I'm DNATting DNS requests from Internet to domU, and it doesn't work.
> > > >
> > > > Killing veth0 and assigning IP address to xen-br0 fix this problem:
> > > >
> > > > # ifconfig veth0 0.0.0.0
> > > > # ifconfig xen-br0 10.1.1.1 netmask 255.255.255.0
> > > >
> > > > Frontend net device is disabled in dom0 kernel .config.
> > > >
> > > > Could someone explain what is veth0 and its purpose?
> > > >
> > > > Thanks,
> > > > --
> > > > Takeshi
> > > >
> > > > _______________________________________________
> > > > Xen-users mailing list
> > > > Xen-users@lists.xensource.com
> > > > http://lists.xensource.com/xen-users
> > >
> > > _______________________________________________
> > > Xen-users mailing list
> > > Xen-users@lists.xensource.com
> > > http://lists.xensource.com/xen-users
> >
> > - --
> >
> > "There are 10 types of people in the world: Those who understand binary
> > and those that don't."
> >
> > $>whoami: Carl Holtje
> > $>mail holtje: cwh0803@cs.rit.edu
> > $>cu: http://www.cs.rit.edu/~cwh0803
> > $>whois holtje:
> > Segmentation Fault
> > $>
> >
> > _______________________________________________
> > Xen-users mailing list
> > Xen-users@lists.xensource.com
> > http://lists.xensource.com/xen-users
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@lists.xensource.com
> http://lists.xensource.com/xen-users

--
Takeshi

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

RE: Networking change in Xen unstable [ In reply to ]

m+Ian.Pratt at cl

Jul 10, 2005, 10:28 AM

Post #7 of 8 (996 views)

Permalink

> What is veth0 thing?

Although you can give dom0 a local ip address on the bridge (xen-br0),
its not actually entirely safe to do so if you're running services that
are accessible from other domains -- its possible to get into buffer
startvation situations, particularly with UDP services.

The unstable tree creates a veth0 interface to use in dom0 that avoids
these issues. You'll have to update your iptables etc rules accordingly.

If you're not running services accessible from other domains you could
continue to assign an IP addr to the bridge.

Ian

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Re: Networking change in Xen unstable [ In reply to ]

ts1 at tsn

Jul 10, 2005, 6:09 PM

Post #8 of 8 (996 views)

Permalink

Hello Ian,
Thanks for explanation.
I don't and won't (I think) have services on dom0 for domUs.

I will modify /etc/xen/script/network to not use veth0 so I
won't have to manually kill veth0 after every reboot.
Wish there were easier way to do it..

On Sun, Jul 10, 2005 at 06:28:15PM +0100, Ian Pratt wrote:
>
> > What is veth0 thing?
>
> Although you can give dom0 a local ip address on the bridge (xen-br0),
> its not actually entirely safe to do so if you're running services that
> are accessible from other domains -- its possible to get into buffer
> startvation situations, particularly with UDP services.
>
> The unstable tree creates a veth0 interface to use in dom0 that avoids
> these issues. You'll have to update your iptables etc rules accordingly.
>
> If you're not running services accessible from other domains you could
> continue to assign an IP addr to the bridge.
>
> Ian
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@lists.xensource.com
> http://lists.xensource.com/xen-users

--
Takeshi

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users