arp problem (Linux/xen not seeing arp requests)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello,

I have a Xen machine that somehow does not see arp requests.

The description of the problem is going to be quite long, so please bear
with me.

Switch: HP ProCurve 2524 with latest firmware (F.05.61)
VLANs: 1 (default - internal LAN), 100 (uplink), 200 (DMZ)
Xen machine is connected to port 25, and is being fed all three VLANs
802.1Q tagged.

eth0 - vlan1 - xenbr0 - some xenU guest interfaces
     - vlan100 - xenbrup - xenUs
     - vlan200 - xenbrdmz - xenUs

Trafic between vlans is routed by another linux machine, but that is not
important here.

When I boot the machine, I can't reach the Xen dom0 (which has an IP
address assigned on xenbr0). Running tcpdump I don't see any incoming
ARP requests on any of the vlan* interfaces, nor on eth0 (which is OK,
as there is only 802.1Q tagged traffic there).

What could cause this, besides the switch malfunctioning? This used to
work when everything was setup like this:

eth0 - xenbr0 - domUs
              - vlan100 - xenbrup - domUs
              - vlan200 - xenbrdmz - domUs

(the difference is that VLAN 1 was not tagged to the Xen machine)

but this was not OK, since the xenbr0-attached domUs were seeing some
802.1Q tagged traffic somehow (it should all go to vlan100 and 200
interfaces, not over the xenbr0 bridge I think). That's why I changed
the configuration.

When I initiate any traffic from the domUs or dom0 outside (basically
sending gratuitious ARPs), everything starts to work and is OK until the
MAC address expires on outside hosts.

Current workaround is simply running nmap -sP 10.x.x.x./20 every few
minutes on each of the virtual machines, but taxes the CPU on the
machine too much and is only a band-aid, not a real solution.

Right now, I think the switch is simply not sending ARP requests, and I
don't know why.
Is it possible that Linux might somehow be blocking them in a way that
they're not even seen by tcpdump? Is there a way to tcpdump only ARP
requests in 802.1Q tagged frames? As I've said, I can't see them on
vlan* interfaces, but there is simply too much traffic on eth0 to check
without a filter.

Oh, I almost forgot about the Xen machine software versions:
dom0 is Debian 4.0 adm64
Xen 3.0.3 (Debian package)
dom0 and domU's are running kernel 2.6.18-4-xen-amd64 (also Debian packaged)

I would be grateful for any input.

best regards,
Borut Mrak.
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Netdev]     [Ethernet Bridging]     [Linux 802.1Q VLAN]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Git]     [Bugtraq]     [Yosemite News and Information]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux PCI]     [Linux Admin]     [Samba]

  Powered by Linux