[rhelv5-list] Ping fails after Xen live migration

Fri, 11 Jul 2008 10:18:59 -0700 

Hi,

        I am just starting tests of Xen live migrations and I am seeing
something weird. I initiated a ping from the DomU was about to migrate,
saw that it was working and then initiated a migration (from node0 to
node1). Once the DomU was running on the other node, the ping was
hanging. I migrated back (node1 to node0) and it started working again.
Futher tests back and forth proved this to be consistent.

I then shutdown the DomU and rebooted node0 and node1. This time I
initially started the DomU on node1 and pinging was working. Following
the same test as above, I found similar results - the ping would work
when running from node1, not from node0. Both of the Dom0 nodes and the
DomU are RHEL5.2...

During this process, I assumed some iptables magic happening behind the
scenes. It appears as if the VIF in the iptables rules is changing each
time the node migrates (see the "PHYSDEV" line):

root# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     udp  --  anywhere             anywhere            udp
dpt:domain 
ACCEPT     tcp  --  anywhere             anywhere            tcp
dpt:domain 
ACCEPT     udp  --  anywhere             anywhere            udp
dpt:bootps 
ACCEPT     tcp  --  anywhere             anywhere            tcp
dpt:bootps 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             192.168.122.0/24    state
RELATED,ESTABLISHED 
ACCEPT     all  --  192.168.122.0/24     anywhere            
ACCEPT     all  --  anywhere             anywhere            
REJECT     all  --  anywhere             anywhere            reject-with
icmp-port-unreachable 
REJECT     all  --  anywhere             anywhere            reject-with
icmp-port-unreachable 
ACCEPT     all  --  anywhere             anywhere            PHYSDEV
match --physdev-in vif1.0 

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

root# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     udp  --  anywhere             anywhere            udp
dpt:domain 
ACCEPT     tcp  --  anywhere             anywhere            tcp
dpt:domain 
ACCEPT     udp  --  anywhere             anywhere            udp
dpt:bootps 
ACCEPT     tcp  --  anywhere             anywhere            tcp
dpt:bootps 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             192.168.122.0/24    state
RELATED,ESTABLISHED 
ACCEPT     all  --  192.168.122.0/24     anywhere            
ACCEPT     all  --  anywhere             anywhere            
REJECT     all  --  anywhere             anywhere            reject-with
icmp-port-unreachable 
REJECT     all  --  anywhere             anywhere            reject-with
icmp-port-unreachable 
ACCEPT     all  --  anywhere             anywhere            PHYSDEV
match --physdev-in vif2.0 

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Has anyone seen this before? The DomU seems to be fine other than that -
I can login in to it remotely and it seems functionally on the
network...

Thanks,

Kevin

_______________________________________________
rhelv5-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/rhelv5-list

Reply via email to