Re: [xen-discuss] Network traffic from domU to anywhere fails

Mon, 09 Nov 2009 08:31:45 -0800 

David, first of all, thank you so much for the research you did, as it's been 
enough for me to figure out a workaround to go forward with my current project.

To followup a bit on what I've determined since stopping using the '--vlanid' 
within the virsh attach-interface:

1.) If I do 'virsh attach-interface zimbra0 bridge rge0', where rge0 is an 
unused NIC which is physically wired to a switch port which uses 'primary, 
untagged vlan 20' (i.e. the same way my workstations will all ultimately be 
configured), I have network connectivity. From the domU I don't have to do 
anything other than setup IP address and routing. 

>From dom0, this is what shows when the domU is running:
r...@mltproc1:~ # virsh list
 Id Name                 State
----------------------------------
  0 Domain-0             running
  3 zimbra0              blocked

r...@mltproc1:~# dladm show-link xvm3_0
LINK        CLASS    MTU    STATE    OVER
xvm3_0      vnic     1500   up       rge0
r...@mltproc1:~# dladm show-vnic xvm3_0
LINK         OVER         SPEED  MACADDRESS           MACADDRTYPE         VID
xvm3_0       rge0         1000   0:16:3e:44:b1:7c     fixed               0


2.) If I do 'virsh attach-interface zimbra0 bridge e1000g0' (wired to a switch 
port which requires VLAN tags for all traffic), I do not get network 
connectivity - even if I set the VLAN tag within the domU. 

3.) If I do 'virsh attach-interface zimbra0 bridge e1000g0' (when wired to a 
switch port which defaults to VLAN 20 if no VLAN tag is present), I do get 
network connectivity (without needing to set the VLAN tag in the domU). If I 
set a VLAN tag within the domU, I am not able to get connectivity, which is 
what I want, from a security point of view, but I'm not sure I fully 
understand. 

It seems like I have no mechanism to get from a domU to a VLAN other than the 
'default when no tag is present' setting on my switch for the port. For my 
purposes on this project, this is acceptable and I can move forward, but I 
don't fully understand it, and it wouldn't be an usable constraint on my next 
project I'm hoping to use OpenSolaris/Xen/OpenHA for.
-- 
This message posted from opensolaris.org
_______________________________________________
xen-discuss mailing list
xen-discuss@opensolaris.org

Reply via email to