| --- | Log | opened Mon May 26 00:00:38 2008 |
| 01:57 | -!- | visik7 [~dksakd@host237-41-dynamic.10-79-r.retail.telecomitalia.it] has quit [Remote host closed the connection] |
| 02:36 | -!- | avi_ [~avi@77.127.201.158] has joined #xen |
| 02:43 | -!- | mulix_ [~mulix@nesher3.haifa.il.ibm.com] has joined #xen |
| 03:36 | -!- | jonny [~jonny@catv-59845326.catv.broadband.hu] has joined #xen |
| 03:37 | <jonny> | Hi. Is there someone who has NAT in Xen configuration ? It's not well documented, but I think it's a very usual situation |
| 03:38 | <jonny> | I found some mailing list post snippets only |
| 03:39 | <Pert> | xend-config.sxp doesn't take care of it for you? |
| 03:41 | <jonny> | It has many possibilities, and I afraid to lost my network connection from the server, what is very far from me |
| 03:41 | <Pert> | ah i see. you could set it up yourself |
| 03:41 | <jonny> | Besides I don't know how to modify the settings to make it work |
| 03:42 | <Pert> | do you use the following setting ATM? |
| 03:42 | <Pert> | (network-script network-dummy) |
| 03:42 | <jonny> | Maybe my configuration a little more complex than usual |
| 03:43 | <jonny> | My settings now is the basic original. One bridge only |
| 03:43 | <jonny> | But I would like to make some DomU with internal addresses. |
| 03:43 | <Pert> | (network-script network-bridge) and (vif-script vif-bridge) ? |
| 03:44 | <jonny> | Now I can create them with external IPs, but I don't have more external IPs yet from the serverfarm. |
| 03:44 | <jonny> | My plan (it it's right) to create a virtual LAN for the DomUs and a NAT with the host to they get Internet connection. |
| 03:44 | <Pert> | so you want some to be bridged and some to be natted? |
| 03:45 | <jonny> | And later I would create some NAT rules for the external IP, to reach the DomU's services. |
| 03:45 | <jonny> | For example I create a webserver on a DomU, and a NAT rule, external->internal:80, to publish that service |
| 03:46 | <Pert> | i see. do you have some domUs already using the bridging? |
| 03:46 | <jonny> | So then I don't need more IPs (what is expensive) and I could have more DomU's for different tasks |
| 03:46 | <jonny> | I created one, but I got stuck on the network install, because the DomU hasn't Internet connection |
| 03:47 | <jonny> | I can't travel to the server room to insert the installation media |
| 03:47 | <jonny> | I try to install CentOS5.1, and I have the modified kernel images to start the installation |
| 03:47 | <Pert> | do you only have one IP address at the moment? |
| 03:47 | <jonny> | But then they ask where can it find the installation media, and without network, there's nowhere |
| 03:47 | <jonny> | Yes |
| 03:48 | <Pert> | ok. please send me (pm maybe) the output of `brctl show` |
| 03:49 | <jonny> | administrator@hostserver:~$ brctl show |
| 03:49 | <jonny> | bridge name bridge id STP enabled interfaces |
| 03:49 | <jonny> | eth0 8000.0019665819e1 no peth0 |
| 03:50 | <jonny> | Only the eth0 in the bridge now. But I can't give another external IP for the DomU |
| 03:50 | <Pert> | you've not got any domUs running have you? |
| 03:51 | <jonny> | At this moment don't, but not a problem to start the CentOS domU in the installation phase |
| 03:51 | <Pert> | no. that's fine. You need to get eth0 out of the bridge |
| 03:52 | <Pert> | the best way to do that is to change /etc/xen/xend-config.sxp and comment out the '(network-script network-bridge)' line |
| 03:52 | <Pert> | and uncomment '(network-script network-dummy)' |
| 03:52 | <Pert> | then I think you'll need to reboot |
| 03:53 | <jonny> | But there is an another thing. In the future, there is probably, that will be DomU's what need external IP |
| 03:53 | <Pert> | you are going to need quite a complex setup then |
| 03:54 | <jonny> | Yes :( |
| 03:54 | <Pert> | maybe it's best to leave eth0 in this bridge |
| 03:54 | <Pert> | the way you'll need to go it to make another bridge for your NATed domUs |
| 03:55 | <Pert> | then give the second bridge interface an IP on your dom0 and set up NAT between that IP and your public address on eth0 |
| 03:58 | <jonny> | Yes, I thought that theoretically too |
| 03:59 | <jonny> | I read the Xen manual, and the virtualization guide at Red Hat, but there's not enough detailed information to make it |
| 04:00 | <jonny> | And I afraid a little to lost the network connection from the server |
| 04:00 | <jonny> | root@hostserver:/etc/xen# brctl show |
| 04:00 | <jonny> | bridge name bridge id STP enabled interfaces |
| 04:00 | <jonny> | eth0 8000.0019665819e1 no peth0 |
| 04:00 | <jonny> | vif2.0 |
| 04:01 | <jonny> | (when the domU running) |
| 04:08 | <jonny> | Do you have any idea where can I find documantation or examples for this situation ? |
| 04:09 | <Pert> | I'm just having a look |
| 04:10 | <jonny> | Thank you in advance |
| 04:19 | <Pert> | have a try at creating a second bridge. then in your domU config try: vif = [ 'bridge=xenbr0' ] |
| 04:19 | <Pert> | boot the domU and see if there is an interface in the bridge (brctl show) |
| 04:20 | <Pert> | if so, give the bridge a private IP in the dom0 and give eth0 in the domU an address in the same subnet |
| 04:20 | <Pert> | if that works and they can ping each other, then move on to setting up NAT |
| 04:20 | <jonny> | I'm trying to create a bridge then |
| 04:25 | <jonny> | root@hostserver:/etc/xen# brctl show |
| 04:25 | <jonny> | bridge name bridge id STP enabled interfaces |
| 04:25 | <jonny> | br1 8000.feffffffffff no vif3.0 |
| 04:25 | <jonny> | eth0 8000.0019665819e1 no peth0 |
| 04:25 | <jonny> | I created a br1, and give it to the DomU |
| 04:27 | <Pert> | looks good |
| 04:27 | <Pert> | have you tried giving it an IP and pinging back and forth? |
| 04:27 | <jonny> | I just try to set and IP to the bridge, but I can't find how |
| 04:28 | <Pert> | just as you would with any interface |
| 04:28 | <Pert> | ifconfig br1 ....... |
| 04:28 | <jonny> | it doesn't show in the ifconfig list |
| 04:28 | <Pert> | that's odd |
| 04:28 | <jonny> | Only eth0, lo, peth0, vif3.0 |
| 04:28 | <Pert> | vif3.0 shows in ifconfig? |
| 04:28 | <Pert> | that's odd too |
| 04:29 | <Pert> | oh. maybe not |
| 04:29 | <jonny> | Now I give ifconfig br1 192.168.0.1 and it shows |
| 04:29 | <Pert> | cool |
| 04:29 | <Pert> | it was probably just down as ifconfig saw it |
| 04:29 | <jonny> | but it will lost after reboot isn't it ? |
| 04:30 | <Pert> | yeah |
| 04:30 | <Pert> | what distro do you use on the dom0? |
| 04:30 | <jonny> | Ubuntu Server. I wasn't sure of this choice |
| 04:30 | <Pert> | that's fine |
| 04:30 | <Pert> | you need to add the details to /etc/network/interfaces |
| 04:31 | <jonny> | Is was hesitate between CentOS |
| 04:31 | <Pert> | i'll PM you my config |
| 06:02 | -!- | geoff_k [~geoff_k__@209.116.gr5.adsl.brightview.com] has joined #xen |
| 06:41 | -!- | dwh [~dhendrix@c-67-169-77-83.hsd1.ca.comcast.net] has joined #xen |
| 07:22 | -!- | ivan [~ikelly@5aceac8a.bb.sky.com] has joined #xen |
| 07:26 | -!- | Super_Cat_Frog [~bob@87-194-183-38.bethere.co.uk] has joined #xen |
| 07:27 | <Super_Cat_Frog> | hi - i'm trying to run a centos DOM0, with debian etch DOMu's. On one DOM0 it works fine, but on the other, I keep losing networking to the domus. They are setup exactly the same with routed networking (used to be bridged, same problem). Ive tried passing force_hpet=1 to the kernel, but that didn't help |
| 07:31 | <geoff_k> | Super_Cat_Frog, i have seen a problem some time ago i tihnk i was using 3.0.2 on dapper and i had a samba server for mp3 which kept stalling the networking for long periods, specialy if i run commands like 'xm' in dom0. I never did figure out why it was and i dont run that setup now |
| 07:32 | <Super_Cat_Frog> | bugger |
| 07:32 | <Super_Cat_Frog> | geoff_k: what do you currently use? newer version? older version? etc |
| 07:33 | <geoff_k> | one thing springs to mind i dont think i checked is if i had enough memory, i should of checked logs for OOM-killers |
| 07:33 | <geoff_k> | i use debian and the packages it comes with |
| 07:33 | <Super_Cat_Frog> | the domu has 8gb of memory, so i doubt its that |
| 07:33 | <geoff_k> | which is fine runing paravirt stuff for me |
| 07:33 | <Super_Cat_Frog> | I'm using the HVM stuff |
| 07:34 | <geoff_k> | you probably want to be building the latest to benefit from using HVM |
| 07:34 | <geoff_k> | al least probably 3.1 |
| 07:34 | <geoff_k> | at* |
| 07:34 | <Super_Cat_Frog> | hmm, i dont fancy recompiling a kernel on a server thats 200 miles away...... |
| 07:34 | <Super_Cat_Frog> | how do i check my xen version? xend doesn't have a --version option, or a --help / -h |
| 07:34 | <geoff_k> | yeah probably not |
| 07:35 | <geoff_k> | xm info, in dom0 |
| 07:35 | <Super_Cat_Frog> | xen-3.0-x86_64 xen-3.0-x86_32p hvm-3.0-x86_32 hvm-3.0-x86_32p hvm-3.0-x86_64 |
| 07:35 | <Super_Cat_Frog> | hmmm |
| 07:35 | <geoff_k> | its the version numbers you want really but thats clearly not at least 3.1 |
| 07:35 | <geoff_k> | its in 3 parts |
| 07:36 | <Super_Cat_Frog> | yes, is there anywhere i can read about the differences between 3.0 and 3.1 without reading lots of diffs? |
| 07:37 | <geoff_k> | i suppose the changelog is best place to look but i have heard many times that a lot has been improoved since 3.0 versions |
| 07:37 | <geoff_k> | as far as HVM goes |
| 07:37 | <Super_Cat_Frog> | ok, i'll see if i can find a decent looking centos repo that has 3.1 |
| 07:38 | <Super_Cat_Frog> | although in the domU's, I have noticed lots of instances of this in dmesg (paraphrased): " your timer is skewiff, falling back to hpet" |
| 07:38 | <Super_Cat_Frog> | i thought it could be that for a while, but now i'm not so sure |
| 07:39 | <geoff_k> | cant say i've ever seen it but hten unless i know there is a problem i dont generaly look |
| 07:41 | <Super_Cat_Frog> | ok, i'll do some googling, thnaks |
| 07:41 | <Super_Cat_Frog> | *thanks |
| 07:41 | <geoff_k> | networking and disk IO i think are the main improvments for HVM |
| 07:42 | <Super_Cat_Frog> | that'd likely be useful |
| 08:40 | <Super_Cat_Frog> | ive just upgraded to xen 3.2, and now xm and xentop cant talk to xend. in the xend log it says 'permission denied' on the line 'servers = SrvServer.create()' - any ideas? |
| 09:03 | -!- | geoff_k [~geoff_k__@209.116.gr5.adsl.brightview.com] has quit [Quit: Quit] |
| 10:06 | -!- | mulix_ [~mulix@nesher3.haifa.il.ibm.com] has quit [Quit: My damn controlling terminal disappeared!] |
| 10:33 | -!- | jm [~fake@c-76-113-194-7.hsd1.mn.comcast.net] has joined #xen |
| 10:36 | -!- | markmc_ [~markmc@83-71-40-127.b-ras1.srl.dublin.eircom.net] has joined #xen |
| 11:04 | -!- | infernix [nix@spirit.infernix.net] has quit [Remote host closed the connection] |
| 11:31 | -!- | jonny [~jonny@catv-59845326.catv.broadband.hu] has quit [Quit: Konversation terminated!] |
| 11:49 | -!- | aw [~awilliam@c-67-174-104-198.hsd1.co.comcast.net] has quit [Quit: Leaving] |
| 11:59 | <Super_Cat_Frog> | can somebody have a look at this traceroute: http://rafb.net/p/qhq01L95.html |
| 12:00 | <Super_Cat_Frog> | notice the !C - according to the man page " !A !C - access to the network / host respectively is prohibited" |
| 12:02 | <Pert> | some firewalls will block repeated pings or traceroutes |
| 12:06 | <Super_Cat_Frog> | i'm using iptables, and i'm not doing it repeatedly |
| 12:07 | <Super_Cat_Frog> | no fancy rules, just 'block all ports except these' |
| 12:07 | <Pert> | are you rejecting? |
| 12:08 | <Super_Cat_Frog> | no, nothing is rejected on that network card, and i can access the box fine from another box on the network |
| 12:08 | <Super_Cat_Frog> | traceroute from other box: http://rafb.net/p/L52d4518.html |
| 12:08 | <Pert> | no idea what the !Cs are then |
| 12:08 | <Super_Cat_Frog> | i am guessing its something strange that xen is doing to it |
| 12:08 | <Super_Cat_Frog> | but i have no idea |
| 12:09 | <Super_Cat_Frog> | ah well, i'm off home, thanks anyway |
| 12:09 | <Pert> | sorry i couldn't help |
| 12:14 | -!- | aw [~awilliam@c-67-174-104-198.hsd1.co.comcast.net] has joined #xen |
| 12:21 | -!- | infernix [nix@spirit.infernix.net] has joined #xen |
| 12:33 | -!- | infernix [nix@spirit.infernix.net] has quit [Remote host closed the connection] |
| 12:40 | -!- | infernix [nix@spirit.infernix.net] has joined #xen |
| 12:48 | -!- | infernix [nix@spirit.infernix.net] has quit [Read error: No route to host] |
| 12:48 | -!- | infernix [nix@spirit.infernix.net] has joined #xen |
| 12:50 | -!- | ivan_ [~ikelly@5ad40ace.bb.sky.com] has joined #xen |
| 12:53 | -!- | ivan [~ikelly@5aceac8a.bb.sky.com] has quit [Ping timeout: 480 seconds] |
| 13:30 | -!- | geoff_k [~geoff_k__@209.116.gr5.adsl.brightview.com] has joined #xen |
| 13:35 | -!- | geoff_k [~geoff_k__@209.116.gr5.adsl.brightview.com] has quit [Quit: Quit] |
| 13:36 | -!- | brianw [~ahzz@pool-71-164-202-142.dllstx.fios.verizon.net] has quit [Remote host closed the connection] |
| 13:45 | -!- | icarus901 [~steve@208.75.212.171] has quit [Remote host closed the connection] |
| 13:47 | -!- | icarus901 [~steve@208.75.212.171] has joined #xen |
| 14:32 | -!- | visik7 [~dksakd@host237-41-dynamic.10-79-r.retail.telecomitalia.it] has joined #xen |
| 16:44 | -!- | paula35 [~paula35@d033.dhcp212-198-248.noos.fr] has joined #xen |
| 16:45 | -!- | paula35 [~paula35@d033.dhcp212-198-248.noos.fr] has quit [] |
| 17:31 | -!- | disson [disson@virtual.mentalhouse.net] has joined #xen |
| 17:36 | -!- | markmc_ [~markmc@83-71-40-127.b-ras1.srl.dublin.eircom.net] has quit [Quit: Leaving] |
| 17:40 | -!- | weasel [weasel@weasel.chair.oftc.net] has quit [Ping timeout: 600 seconds] |
| 17:47 | -!- | visik7 [~dksakd@host237-41-dynamic.10-79-r.retail.telecomitalia.it] has quit [Remote host closed the connection] |
| 18:46 | -!- | weasel [weasel@weasel.chair.oftc.net] has joined #xen |
| 19:33 | -!- | ivan_ [~ikelly@5ad40ace.bb.sky.com] has quit [Ping timeout: 480 seconds] |
| 20:28 | -!- | infernix [nix@spirit.infernix.net] has quit [Ping timeout: 480 seconds] |
| 20:29 | -!- | jm [~fake@c-76-113-194-7.hsd1.mn.comcast.net] has quit [Ping timeout: 480 seconds] |
| 20:38 | -!- | jm [~fake@c-76-113-194-7.hsd1.mn.comcast.net] has joined #xen |
| 20:54 | -!- | jm [~fake@c-76-113-194-7.hsd1.mn.comcast.net] has quit [Ping timeout: 480 seconds] |
| 21:20 | -!- | geoff_k [~geoff_k__@209.116.gr5.adsl.brightview.com] has joined #xen |
| 21:31 | -!- | Lessy [bekar@mirc.bekar.id.au] has joined #xen |
| 21:33 | -!- | Netsplit resistance.oftc.net <-> saturn.oftc.net quits: Bekar |
| 21:33 | -!- | Lessy is now known as Bekar |
| 23:31 | -!- | aw [~awilliam@c-67-174-104-198.hsd1.co.comcast.net] has quit [Quit: Leaving] |
| 23:37 | -!- | aw [~awilliam@c-67-174-104-198.hsd1.co.comcast.net] has joined #xen |
| 23:59 | -!- | VS_ChanLog [~stats@ns.theshore.net] has left #xen [Rotating Logs] |
| 23:59 | -!- | VS_ChanLog [~stats@ns.theshore.net] has joined #xen |
| --- | Log | closed Tue May 27 00:00:19 2008 |
