Problemas de conectividad de red xen en modo bridge.

Imagen de juank20

Forums: 

Estimados amigos expertos...

Por solicitarles ayuda en algunos problemas de conexión desde mis VMs(full virtualización) hacia el exterior del dom0. He perdido mucho tiempo tratando de solucionar esto pero aún sin éxito.
Lo que quiero es configurar cada servidor virtual en la red 172.16.28.0/24 como si de un host normal se tratara y que permita realizar peticiones al servidor dhcp de la red normal por eso la necesidad de usar bridge. He probado con máquinas virtuales paravirtualizadas pero el resultado es el mismo. Tan solo tengo respuesta ping entre cada VM y el host físico que las contiene cuando las configuro con ip estaticas.
La información de configuración es la siguiente:

Selinux deshabilitado
Firewall deshabilitado
------------------------------------------------------------------------------
rpm -qa | grep xen
xen-libs-3.0.3-105.el5_5.5
kernel-xen-2.6.18-194.11.4.el5
xen-libs-3.0.3-105.el5_5.5
xen-3.0.3-105.el5_5.5

[root@vhost01 ~]# uname -a
Linux vhost01 2.6.18-194.11.4.el5xen #1 SMP Tue Sep 21 05:40:24 EDT 2010 x86_64 x86_64 x86_64 GNU/Linux
------------------------------------------------------------------------------
[root@vhost01 ~]# cat /etc/xen/xend-config.sxp
...
...
(xend-http-server no)
(xend-unix-server yes)
(xend-tcp-xmlrpc-server no)
(xend-unix-xmlrpc-server yes)
(xend-relocation-server yes)
# The relocation server should be kept desactivated unless using a trusted
# network, the domain virtual memory will be exchanged in raw form without
# encryption of the communication. See also xend-relocation-hosts-allow option

(xend-unix-path /var/lib/xend/xend-socket)

# Port xend should use for the HTTP interface, if xend-http-server is set.
#(xend-port 8000)

# Port xend should use for the relocation interface, if xend-relocation-server
# is set.
#(xend-relocation-port 8002)

# Address xend should listen on for HTTP connections, if xend-http-server is
# set.
# Specifying 'localhost' prevents remote connections.
# Specifying the empty string '' (the default) allows all connections.
#(xend-address '')
(xend-address localhost)

# Address xend should listen on for relocation-socket connections, if
# xend-relocation-server is set.
# Meaning and default as for xend-address above.
#(xend-relocation-address '')

# The hosts allowed to talk to the relocation port. If this is empty (the
# default), then all connections are allowed (assuming that the connection
# arrives on a port and interface on which we are listening; see
# xend-relocation-port and xend-relocation-address above). Otherwise, this
# should be a space-separated sequence of regular expressions. Any host with
# a fully-qualified domain name or an IP address that matches one of these
# regular expressions will be accepted.
#
# For example:
# (xend-relocation-hosts-allow '^localhost$ ^.*\.example\.org$')
#
(xend-relocation-hosts-allow '')
#(xend-relocation-hosts-allow '^localhost$ ^localhost\\.localdomain$')

# The limit (in kilobytes) on the size of the console buffer
(console-limit 1024)

##
# To bridge network traffic, like this:
#
# dom0: fake eth0 -> vif0.0 -+
# |
# bridge -> real eth0 -> the network
# |
# domU: fake eth0 -> vifN.0 -+
#
# use
#
# (network-script network-bridge)
#
# Your default ethernet device is used as the outgoing interface, by default.
# To use a different one (e.g. eth1) use
#
# (network-script 'network-bridge netdev=eth1')
#
# The bridge is named xenbr0, by default. To rename the bridge, use
#
# (network-script 'network-bridge bridge=')
#
# It is possible to use the network-bridge script in more complicated
# scenarios, such as having two outgoing interfaces, with two bridges, and
# two fake interfaces per guest domain. To do things like this, write
# yourself a wrapper script, and call network-bridge from it, as appropriate.
#
(network-script network-bridge)

# The script used to control virtual interfaces. This can be overridden on a
# per-vif basis when creating a domain or a configuring a new vif. The
# vif-bridge script is designed for use with the network-bridge script, or
# similar configurations.
#
# If you have overridden the bridge name using
# (network-script 'network-bridge bridge=') then you may wish to do the
# same here. The bridge name can also be set when creating a domain or
# configuring a new vif, but a value specified here would act as a default.
#
# If you are using only one bridge, the vif-bridge script will discover that,
# so there is no need to specify it explicitly.
#
(vif-script vif-bridge)

## Use the following if network traffic is routed, as an alternative to the
# settings for bridged networking given above.
#(network-script network-route)
#(vif-script vif-route)

## Use the following if network traffic is routed with NAT, as an alternative
# to the settings for bridged networking given above.
#(network-script network-nat)
#(vif-script vif-nat)

# Dom0 will balloon out when needed to free memory for domU.
# dom0-min-mem is the lowest memory level (in MB) dom0 will get down to.
# If dom0-min-mem=0, dom0 will never balloon out.
(dom0-min-mem 256)

# In SMP system, dom0 will use dom0-cpus # of CPUS
# If dom0-cpus = 0, dom0 will take all cpus available
(dom0-cpus 0)

# Whether to enable core-dumps when domains crash.
#(enable-dump no)

# The tool used for initiating virtual TPM migration
#(external-migration-tool '')

# The interface for VNC servers to listen on. Defaults
# to 127.0.0.1 To restore old 'listen everywhere' behaviour
# set this to 0.0.0.0
(vnc-listen '0.0.0.0')
...
...
-------------------------------------------------------------
[root@vhost01 ~]# brctl show
bridge name bridge id STP enabled interfaces
virbr0 8000.000000000000 yes
xenbr0 8000.22c2c322ab22 no bt4
tap0
ubu9
tap1
peth0
vif0.0
------------------------------------------------------------
[root@vhost01 ~]# ifconfig -a
bt4 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
UP BROADCAST NOARP MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:32
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

eth0 Link encap:Ethernet HWaddr 6C:F0:49:27:90:56
inet addr:172.16.28.170 Bcast:172.16.28.255 Mask:255.255.255.0
inet6 addr: fe80::6ef0:49ff:fe27:9056/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4079 errors:0 dropped:0 overruns:0 frame:0
TX packets:2898 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2593910 (2.4 MiB) TX bytes:419564 (409.7 KiB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:20292 errors:0 dropped:0 overruns:0 frame:0
TX packets:20292 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:38422936 (36.6 MiB) TX bytes:38422936 (36.6 MiB)

peth0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
UP BROADCAST RUNNING NOARP MTU:1500 Metric:1
RX packets:5781 errors:0 dropped:0 overruns:0 frame:0
TX packets:3386 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:2704318 (2.5 MiB) TX bytes:475295 (464.1 KiB)
Memory:fc500000-fc520000

sit0 Link encap:IPv6-in-IPv4
NOARP MTU:1480 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

tap0 Link encap:Ethernet HWaddr 22:C2:C3:22:AB:22
inet6 addr: fe80::20c2:c3ff:fe22:ab22/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:17 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:0 (0.0 b) TX bytes:4697 (4.5 KiB)

tap1 Link encap:Ethernet HWaddr 3A:4C:70:F8:74:D0
inet6 addr: fe80::384c:70ff:fef8:74d0/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:271 errors:0 dropped:0 overruns:0 frame:0
TX packets:1521 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:18101 (17.6 KiB) TX bytes:345676 (337.5 KiB)

ubu9 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
UP BROADCAST NOARP MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:32
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

veth1 Link encap:Ethernet HWaddr 00:00:00:00:00:00
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

veth2 Link encap:Ethernet HWaddr 00:00:00:00:00:00
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

veth3 Link encap:Ethernet HWaddr 00:00:00:00:00:00
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

vif0.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
UP BROADCAST RUNNING NOARP MTU:1500 Metric:1
RX packets:3039 errors:0 dropped:0 overruns:0 frame:0
TX packets:4191 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:441352 (431.0 KiB) TX bytes:2617657 (2.4 MiB)

vif0.1 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

vif0.2 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

vif0.3 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

virbr0 Link encap:Ethernet HWaddr 00:00:00:00:00:00
inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0
inet6 addr: fe80::200:ff:fe00:0/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:33 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:7123 (6.9 KiB)

xenbr0 Link encap:Ethernet HWaddr 22:C2:C3:22:AB:22
UP BROADCAST RUNNING NOARP MTU:1500 Metric:1
RX packets:1503 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:164236 (160.3 KiB) TX bytes:0 (0.0 b)
------------------------------------------------------------
#Archivo en /etc/xen/ubuntu9
name = "ubuntu9"
uuid = "3037ce63-0c2f-6278-8b39-d390a95c80cb"
maxmem = 1024
memory = 1024
vcpus = 2
builder = "hvm"
kernel = "/usr/lib/xen/boot/hvmloader"
boot = "c"
pae = 1
acpi = 1
apic = 1
localtime = 0
on_poweroff = "destroy"
on_reboot = "restart"
on_crash = "restart"
device_model = "/usr/lib64/xen/bin/qemu-dm"
sdl = 0
vnc = 1
vncunused = 1
keymap = "es"
disk = [ "file:/isos/ubuntu9.img,hda,w", ",hdc:cdrom,r" ]
vif = [ "mac=00:16:36:71:69:93,ip=172.16.28.171,bridge=xenbr0,script=vif-bridge,vifname=ubu9" ]
---------------------------------------------------------------------------
#Archivo /etc/network/interfaces de la VM ubuntu9

auto eth0
iface eth0 inet static
address 172.16.28.171
netmask 255.255.255.0
network 172.16.28.0
broadcast 172.16.28.255
gateway 172.16.28.10
----------------------------------------------------------------------------
[root@vhost01 ~]# ip add
1: lo: mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: peth0: mtu 1500 qdisc pfifo_fast qlen 100
link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
inet6 fe80::fcff:ffff:feff:ffff/64 scope link
valid_lft forever preferred_lft forever
3: sit0: mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0
4: virbr0: mtu 1500 qdisc noqueue
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
inet6 fe80::200:ff:fe00:0/64 scope link
valid_lft forever preferred_lft forever
5: vif0.0: mtu 1500 qdisc noqueue
link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
inet6 fe80::fcff:ffff:feff:ffff/64 scope link
valid_lft forever preferred_lft forever
6: eth0: mtu 1500 qdisc noqueue
link/ether 6c:f0:49:27:90:56 brd ff:ff:ff:ff:ff:ff
inet 172.16.28.170/24 brd 172.16.28.255 scope global eth0
inet6 fe80::6ef0:49ff:fe27:9056/64 scope link
valid_lft forever preferred_lft forever
7: vif0.1: mtu 1500 qdisc noop
link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
8: veth1: mtu 1500 qdisc noop
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
9: vif0.2: mtu 1500 qdisc noop
link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
10: veth2: mtu 1500 qdisc noop
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
11: vif0.3: mtu 1500 qdisc noop
link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
12: veth3: mtu 1500 qdisc noop
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
13: xenbr0: mtu 1500 qdisc noqueue
link/ether 22:c2:c3:22:ab:22 brd ff:ff:ff:ff:ff:ff
16: ubu9: mtu 1500 qdisc pfifo_fast qlen 32
link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
17: tap1: mtu 1500 qdisc pfifo_fast qlen 500
link/ether 3a:4c:70:f8:74:d0 brd ff:ff:ff:ff:ff:ff
inet6 fe80::384c:70ff:fef8:74d0/64 scope link
valid_lft forever preferred_lft forever
20: bt4: mtu 1500 qdisc pfifo_fast qlen 32
link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
21: tap0: mtu 1500 qdisc pfifo_fast qlen 500
link/ether 22:c2:c3:22:ab:22 brd ff:ff:ff:ff:ff:ff
inet6 fe80::20c2:c3ff:fe22:ab22/64 scope link
valid_lft forever preferred_lft forever
-----------------------------------------------------------------------

Espero me ayuden con cualquier sugerencia de solución...

Gracias...
:)

Solucionado problema de red Xen modo Bridge

Imagen de juank20

Estimados amigos...

Gracias a todas las personas que se interesaron en leer este post. A continuación les explico la solución a mi problema: La causa al parecer fue de otro tipo(creo que de comunicación con el administrador de la red). Según entendí el switch, en donde se conectaba mi host tenia definidas políticas de restricciones(port-security maximum y port-security mac-address), por lo que estaba bloqueado cualquier intento de salir o realizar peticiones con las interfaces virtuales e IPs asociadas a la MAC o IP iniciales o en este caso desde el bridge xenbr0.
Tan solo con revisar la configuración de políticas y aumentar el limite de MACS asociadas y el problema tuvo solución.

Espero que esta información puedan tomarse en cuenta sobre todo si la persona que implemente alguna solución de virtualizacion(Xen o KVM) basada en bridges, no este a cargo de la administración de la red.

Saludos Cordiales...

Saludos Cordiales...

Juan Carlos Ordoñez G.

juank20.ec@gmail.com
juank20.ec@hotmail.com
jcordonez1@utpl.edu.ec
ECC - UTPL