<div dir="ltr"><div style>Hi,</div><div style><br></div><div style>Firstly I apologise for the cross-post, however I don't expect to get as quick a response from the package maintainers as I do from the Debian community, and this issue affects a service that I've got scheduled to go live at midnight this evening. :(</div>
<div style><br></div><div style>A recent update from xen-hypervisor-4.1-amd64 version 4.1.3-7, to version 4.1.3-8 on Debian Wheezy has caused all vm's on this host to not receive their arp replies anymore and as such they cannot reach their gateways and are now isolated from the network.</div>
<div style><br></div><div style>There was a more recent update as well (4.1.4-2) which I have now since applied however this particular issue persists.</div><div style><br></div><div style>The arp replies are received by the host and passed all the way up to the bridge (br200) being used by Xen, however they are not seen on the vif (vif2.0) created for the particular vm.</div>
<div style><br></div><div style>If I statically add the arp entry to the vm all starts working, ie: vm is no longer isolated and is now connected to the world, but we all know that this is not an ideal workaround.</div><div style>
<br></div><div style>This was working perfectly before this update. :(</div><div style><br></div><div style>1) Please let me know if I should roll-back this particular xen update, kernel and all, and what those steps may be, or if this is a known issue with a particular workaround that I can apply.</div>
<div style><br></div><div style>2) Would moving to openvswitch be another possible workaround? </div><div style><br></div><div style>My config:- </div><div><br></div><div style>Bonded ethernet connected to trunks on Cisco 3750 stack with connection as follows:-</div>
<div style><br></div><div>eth0 --> bond0</div><div>eth1 --> bond0 --> br200 --> vif2.0</div><div><br></div><div style>/etc/network/interfaces:-</div><div style><br></div><div>iface bond0 inet manual</div><div>
slaves eth0 eth1</div><div> bond_mode 5 </div><div> bond-miimon 100</div><div> bond-downdelay 200</div><div> bond-updelay 200</div><div><br></div><div>auto br200</div><div>iface br200 inet static</div>
<div> address 172.31.1.66</div><div> gateway 172.31.1.65</div><div> netmask 255.255.255.240</div><div> bridge_ports bond0</div><div> bridge_maxwait 0</div><div> bridge_fd 9</div><div>
bridge_hello 2</div><div> bridge_maxage 12</div><div> bridge_stp off</div><div><br></div><div>root@scjhb01:/home/gavin# brctl show</div><div>bridge name<span class="" style="white-space:pre"> </span>bridge id<span class="" style="white-space:pre"> </span>STP enabled<span class="" style="white-space:pre"> </span>interfaces</div>
<div>br200<span class="" style="white-space:pre"> </span>8000.d4bed9f309a1<span class="" style="white-space:pre"> </span>no<span class="" style="white-space:pre"> </span>bond0</div><div><span class="" style="white-space:pre"> </span>vif2.0</div>
<div><br></div><div>root@scjhb01:/home/gavin# tcpdump -i bond0 'arp'</div><div>tcpdump: WARNING: bond0: no IPv4 address assigned</div><div>tcpdump: verbose output suppressed, use -v or -vv for full protocol decode</div>
<div>listening on bond0, link-type EN10MB (Ethernet), capture size 65535 bytes</div><div>11:26:00.287489 ARP, Request who-has 172.31.1.49 tell 172.31.1.50, length 28</div><div>11:26:00.287524 ARP, Request who-has 172.31.1.49 tell 172.31.1.50, length 46</div>
<div>11:26:00.287669 ARP, Reply 172.31.1.49 is-at 00:09:0f:09:21:0e (oui Unknown), length 46</div><div>11:26:01.303484 ARP, Request who-has 172.31.1.49 tell 172.31.1.50, length 28</div><div>11:26:01.303518 ARP, Request who-has 172.31.1.49 tell 172.31.1.50, length 46</div>
<div>11:26:01.303674 ARP, Reply 172.31.1.49 is-at 00:09:0f:09:21:0e (oui Unknown), length 46</div><div>11:26:02.303484 ARP, Request who-has 172.31.1.49 tell 172.31.1.50, length 28</div><div>11:26:02.303518 ARP, Request who-has 172.31.1.49 tell 172.31.1.50, length 46</div>
<div>11:26:02.303579 ARP, Reply 172.31.1.49 is-at 00:09:0f:09:21:0e (oui Unknown), length 46</div><div><br></div><div><br></div><div>root@scjhb01:/home/gavin# tcpdump -i br200 'arp'</div><div>tcpdump: verbose output suppressed, use -v or -vv for full protocol decode</div>
<div>listening on br200, link-type EN10MB (Ethernet), capture size 65535 bytes</div><div>11:26:15.367489 ARP, Request who-has 172.31.1.49 tell 172.31.1.50, length 28</div><div>11:26:15.367514 ARP, Request who-has 172.31.1.49 tell 172.31.1.50, length 46</div>
<div>11:26:15.367580 ARP, Reply 172.31.1.49 is-at 00:09:0f:09:21:0e (oui Unknown), length 46</div><div>11:26:16.383476 ARP, Request who-has 172.31.1.49 tell 172.31.1.50, length 28</div><div>11:26:16.383511 ARP, Request who-has 172.31.1.49 tell 172.31.1.50, length 46</div>
<div>11:26:16.383592 ARP, Reply 172.31.1.49 is-at 00:09:0f:09:21:0e (oui Unknown), length 46</div><div>11:26:17.383486 ARP, Request who-has 172.31.1.49 tell 172.31.1.50, length 28</div><div>11:26:17.383520 ARP, Request who-has 172.31.1.49 tell 172.31.1.50, length 46</div>
<div>11:26:17.383616 ARP, Reply 172.31.1.49 is-at 00:09:0f:09:21:0e (oui Unknown), length 46</div><div><br></div><div><br></div><div>root@scjhb01:/home/gavin# tcpdump -i vif2.0 'arp'</div><div>tcpdump: WARNING: vif2.0: no IPv4 address assigned</div>
<div>tcpdump: verbose output suppressed, use -v or -vv for full protocol decode</div><div>listening on vif2.0, link-type EN10MB (Ethernet), capture size 65535 bytes</div><div>11:26:31.463481 ARP, Request who-has 172.31.1.49 tell 172.31.1.50, length 28</div>
<div>11:26:31.463521 ARP, Request who-has 172.31.1.49 tell 172.31.1.50, length 46</div><div>11:26:32.463480 ARP, Request who-has 172.31.1.49 tell 172.31.1.50, length 28</div><div>11:26:32.463521 ARP, Request who-has 172.31.1.49 tell 172.31.1.50, length 46</div>
<div>11:26:33.463477 ARP, Request who-has 172.31.1.49 tell 172.31.1.50, length 28</div><div>11:26:33.463515 ARP, Request who-has 172.31.1.49 tell 172.31.1.50, length 46</div><div>11:26:34.479482 ARP, Request who-has 172.31.1.49 tell 172.31.1.50, length 28</div>
<div>11:26:34.479523 ARP, Request who-has 172.31.1.49 tell 172.31.1.50, length 46</div><div>11:26:35.479478 ARP, Request who-has 172.31.1.49 tell 172.31.1.50, length 28</div><div>11:26:35.479515 ARP, Request who-has 172.31.1.49 tell 172.31.1.50, length 46</div>
<div><br></div><div style>Thanks and Regards.</div><div style>Gavin</div></div>