DomU 不会与世界对话,但它会与 Dom0 对话。
以下是我所做的测试:
Dom0(外部网络正在运行):
ping 188.40.96.238 #Which is Domu's ip
PING 188.40.96.238 (188.40.96.238) 56(84) bytes of data.
64 bytes from 188.40.96.238: icmp_seq=1 ttl=64 time=0.092 ms
多米诺骨牌:
ping 188.40.96.215 #Which is Dom0's ip
PING 188.40.96.215 (188.40.96.215) 56(84) bytes of data.
64 bytes from 188.40.96.215: icmp_seq=1 ttl=64 time=0.045 ms
ping 188.40.96.193 #Which is the gateway - fail
PING 188.40.96.193 (188.40.96.193) 56(84) bytes of data.
^C
--- 188.40.96.193 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1013ms
系统是 debian lenny,配置正常。
这是我的配置:
uname -a
Linux green0 2.6.26-2-xen-686 #1 SMP Wed Aug 19 08:47:57 UTC 2009 i686 GNU/Linux
cat /etc/xen/green1.cfg |grep -v '#'
kernel = '/boot/vmlinuz-2.6.26-2-xen-686'
ramdisk = '/boot/initrd.img-2.6.26-2-xen-686'
memory = '2000'
root = '/dev/xvda2 ro'
disk = [
'file:/home/xen/domains/green1/swap.img,xvda1,w',
'file:/home/xen/domains/green1/disk.img,xvda2,w',
]
name = 'green1'
vif = [ 'ip=188.40.96.238,mac=00:16:3E:1F:C4:CC' ]
on_poweroff = 'destroy'
on_reboot = 'restart'
on_crash = 'restart'
是否配置
eth0 Link encap:Ethernet HWaddr 00:24:21:ef:2f:86
inet addr:188.40.96.215 Bcast:188.40.96.255 Mask:255.255.255.192
inet6 addr: fe80::224:21ff:feef:2f86/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3296 errors:0 dropped:0 overruns:0 frame:0
TX packets:2204 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:262717 (256.5 KiB) TX bytes:330465 (322.7 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
peth0 Link encap:Ethernet HWaddr 00:24:21:ef:2f:86
inet6 addr: fe80::224:21ff:feef:2f86/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:3407 errors:0 dropped:657431448 overruns:0 frame:0
TX packets:2291 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:319941 (312.4 KiB) TX bytes:338423 (330.4 KiB)
Interrupt:16 Base address:0x8000
vif2.0 Link encap:Ethernet HWaddr fe:ff:ff:ff:ff:ff
inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:27 errors:0 dropped:0 overruns:0 frame:0
TX packets:151 errors:0 dropped:33 overruns:0 carrier:0
collisions:0 txqueuelen:32
RX bytes:1164 (1.1 KiB) TX bytes:20974 (20.4 KiB)
ip 为
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: peth0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
link/ether 00:24:21:ef:2f:86 brd ff:ff:ff:ff:ff:ff
inet6 fe80::224:21ff:feef:2f86/64 scope link
valid_lft forever preferred_lft forever
4: vif0.0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN
link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
5: veth0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
6: vif0.1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN
link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
7: veth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
8: vif0.2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN
link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
9: veth2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
10: vif0.3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN
link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
11: veth3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
12: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 00:24:21:ef:2f:86 brd ff:ff:ff:ff:ff:ff
inet 188.40.96.215/26 brd 188.40.96.255 scope global eth0
inet6 fe80::224:21ff:feef:2f86/64 scope link
valid_lft forever preferred_lft forever
14: vif2.0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 32
link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
inet6 fe80::fcff:ffff:feff:ffff/64 scope link
valid_lft forever preferred_lft forever
brctl 显示
bridge name bridge id STP enabled interfaces
eth0 8000.002421ef2f86 no peth0
vif2.0
ip rl
域0:
188.40.96.192/26 dev eth0 proto kernel scope link src 188.40.96.215
default via 188.40.96.193 dev eth0
多米诺骨牌:
188.40.96.192/26 dev eth0 proto kernel scope link src 188.40.96.238
default via 188.40.96.193 dev eth0
答案1
默认桥接脚本做了很多奇怪的事情来制作 eth0/peth0 设备。我更幸运地在 /etc/network/interfaces 中设置它,如下所示
# The primary network interface
auto xen-br0
iface xen-br0 inet static
address 10.2.2.44
gateway 10.2.2.1
netmask 255.255.255.0
bridge_ports eth0
bridge_stp off
bridge_fd 0
然后在 xend-config.sxp 中:
(vif-script vif-bridge bridge=xen-br0)
这样,debian 就设置了桥接器,而 xen 不会管它。
您有权访问路由器和交换机吗?您可以运行或让其他人运行:
show ip arp 188.40.96.238
show mac-address-table address 0016.3E1F.C4CC
(或任何适合您所拥有的设备的命令)这将确认您的 domU 是否对网络的其余部分可见。
答案2
确保 dom0 机器连接的交换机允许每个端口有多个 MAC 地址。我配置了一个思科交换机,每个端口都设置为“桌面”。这启用了 PortFast,但也禁用了端口上的多个 MAC 地址。来自 domU VM 的所有数据包都被默默丢弃。将交换机内的端口设置切换回“无”解决了这个问题。
答案3
当 DomU 可以与 dom0 通信但不能与外界通信,而 dom0 可以通过同一座桥通信时,很可能是在 dom0 上有一个防火墙正在捕获 domU 数据包。
鉴于我将网桥视为“网络上”的交换机,而不是 dom0 控制范围内的东西,我只是关闭了 dom0 通过 dom0 的防火墙从网桥运行数据包的做法:
sysctl {
"net.bridge.bridge-nf-call-arptables": value => "0";
"net.bridge.bridge-nf-call-iptables": value => "0";
"net.bridge.bridge-nf-call-ip6tables": value => "0";
"net.bridge.bridge-nf-filter-vlan-tagged": value => "0";
}