Why cannot I ping an xen domU with Bridge mode connection

bridgenetworkingxen

I am on a Debian upgraded from 7.11 to 8.5, so the xen package is upgraded from 4.1 to 4.4.

I do not know much about networks, but when I see a diagram like this (taken from the Xen Networking wiki page), I expect to be able to ping 198.51.100.27 with ping -I xenbr0 198.51.100.27, and vice versa from the virtual machine ping 198.51.100.1.

However, this is not the case. I set up a clean xenbr0 with

# brctl addbr xenbr0
# ifconfig xenbr0 192.168.12.1 netmask 255.255.255.0 up

and in the HVM configuration file

vif=["mac=11:22:33:44:55:66, ip='192.168.12.2', bridge=xenbr0"]

After I start the VM with xl create, this is the output from brctl show:

bridge name     bridge id               STP enabled     interfaces
xenbr0          8000.feffffffffff       no              vif3.0
                                                        vif3.0-emu

I connect to the VM with SPICE and configure it as shown below:

And since I am only trying to ping the default gateway I assume no name resolving will take place.

With this setup, ping 192.168.12.2 -I xenbr0 on the dom0 results in

PING 192.168.12.2 (192.168.12.2) from 192.168.12.1 xenbr0: 56(84) bytes of data.
From 192.168.12.1 icmp_seq=1 Destination Host Unreachable

and from the Windows VM, ping 192.168.12.1 from cmd has the output

Pinging 192.168.12.1 with 32 bytes of data:
Reply from 192.168.12.2: Destination host unreachable.

which suggests the machines have no idea about how to reach each other. Aren't they supposed to be linked by xl create? Why does this happen?

Best Answer

If everything is setup correctly, you should be able to ping, no problem.

At first, try the recommended configurations:

If you are just wanting to study how the routes work, you might make a paravirtualized (PV) setup, instead of HVM, as you mentioned; but if you stick with HVM make sure you have the drivers for Windows installed. This is all outlined at the very top of the Xen guide. It also explains how to assign a MAC address, the MAC address in the post as of writing, is invalid--which is ok sometimes for virtual situations, but not for every configuration.

When you setup your xenbr0 on the host, the bridge essentially replaces the eth0 interface on Debian-based systems. It is true that (from the xen guide) eth0 is optional "By omitting the physical Ethernet device an isolated network containing only guest domains can be created," but the examples in the guide, as well as your post here, are not worded that way. For future readers as well, in a Fedora-family virtual client, as well with Windows, please see all the documentation for slightly different configuration requirements. This, specifically sounds like your problem, unless you are blocked by a firewall, tcp wrappers, or anything else not mentioned in the original post.

Confirmation

In Windows you can verify the network setup with, for example, ipconfig /all.

In the Xen sample configurations from the same website that we both already referenced, it suggests below, as well as other configurations, for the host; for example, type all of the below, without skipping the first part.

Example 2: A single bridged network using eth0 configured with a static local IP address

iface eth0 inet manual

iface xenbr0 inet static
    bridge_ports eth0
    address 192.168.1.2
    broadcast 192.168.1.255
    netmask 255.255.255.0
    gateway 192.168.1.1

You can confirm this with ifconfig and route on both your dom0 and dom1, or similar tools on the host, as explained in the link above and make sure that it is all configured correctly.

Basic tweaking

If you want to make sure that neither reach the internet (or other parts of a network, in general), other than keeping the physical cable unplugged of course, you could change the default gateway to 0.0.0.0, and then add a "route" (a box should be just below in most Network Manager-style GUIs), with the same client IP address and subnet mask, but then with the address of the host, as a gateway. In some GUIs there is even a box that says something like "allow this connection route only for the local network."

Adding a "route" in your Windows client may also act as a work around to solve your original problem.

Related Solutions

No network on domU in network-bridge configuration for Xen-4.0

Is "MAC based" security activated by your network department? This sounds to me as if only the first outgoing MAC on the physical line is being accepted.

Bridge does not forwarding packets centos

First of all if you are using VirtualBox to host the XEN server please ensure to use Ethernet not Wireless network and set Promiscuous Mode to "Allow All".

Secondly just to make everything clean, let's start with clean installation of CentOS with XEN and install the Bridge Network and CentOS VM on it.

Assuming you have external server 192.168.1.6 with CentOS ISO extracted on /var/www/html/centos/6.3/os/i386/ and kickstart file on /var/www/html/centos/6.3/os/i386/ks.cfg and /var/www/html/centos/6.3/os/i386/repodata with correct names match names in repodata/TRANS.TBL file

On the XEN server (CentOS+XEN) install the following packages:

yum install -y rsync wget vim-enhanced openssh-clients
yum install -y libvirt python-virtinst libvirt-daemon-xen
yum install -y bridge-utils tunctl

Then edit ifcfg-* file to create the bridge

echo "DEVICE=br0
TYPE=Bridge
BOOTPROTO=dhcp
ONBOOT=yes" > /etc/sysconfig/network-scripts/ifcfg-br0

echo "DEVICE=eth0
HWADDR=XX:XX:XX:XX:XX:XX
ONBOOT=yes
TYPE=Ethernet
IPV6INIT=no
USERCTL=no
BRIDGE=br0" >  /etc/sysconfig/network-scripts/ifcfg-eth0

edit HWADDR=XX:XX:XX:XX:XX:XX line to match your MAC address. Don't reboot on ssh console, use VBox console

reboot

after reboot, assuming you have DHCP server the XEN server will got a new IP, login via VBox console to get the new IP

ifconfig result should be similar to

br0       Link encap:Ethernet  HWaddr 08:00:27:23:54:69  
          inet addr:192.168.1.105  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fe23:5469/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:5063 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3142 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:34251267 (32.6 MiB)  TX bytes:361205 (352.7 KiB)

eth0      Link encap:Ethernet  HWaddr 08:00:27:23:54:69  
          inet6 addr: fe80::a00:27ff:fe23:5469/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:149910 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5045 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:182020057 (173.5 MiB)  TX bytes:493792 (482.2 KiB)

Now the bridge is ready you can use the IP of br0 to get ssh console again

To create a virtual machine on XEN which use previous bridge:

cd /var/lib/xen/images/

Create virtual disk:

dd if=/dev/zero of=centos_1.img bs=4K count=0 seek=1024K
qemu-img create -f raw centos_1.img 8G

Then use virt-install to create the VM:

virt-install -d -n TestVM1 -r 512 --vcpus=1 \
--bridge=br0 --disk /var/lib/xen/images/centos_1.img \
--nographics -p -l "http://192.168.1.6/centos/6.3/os/i386" \
--extra-args="text console=com1 utf8 console=hvc0 ks=http://192.168.1.6/centos/6.3/os/i386/ks.cfg"

Now the VM should start and be able to get IP from the DHCP server normally and able to complete unattended remote installation.

The ifconfig result on XEN should be similar to:

br0       Link encap:Ethernet  HWaddr 08:00:27:23:54:69  
          inet addr:192.168.1.105  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fe23:5469/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:10247 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8090 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:102264338 (97.5 MiB)  TX bytes:827859 (808.4 KiB)

eth0      Link encap:Ethernet  HWaddr 08:00:27:23:54:69  
          inet6 addr: fe80::a00:27ff:fe23:5469/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:998780 errors:0 dropped:0 overruns:0 frame:0
          TX packets:37992 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:724701715 (691.1 MiB)  TX bytes:2897912 (2.7 MiB)


vif5.0    Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF  
          inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:37 errors:0 dropped:0 overruns:0 frame:0
          TX packets:67 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:32 
          RX bytes:4381 (4.2 KiB)  TX bytes:9842 (9.6 KiB)

After the installation complete you can use xen console to get the IP of it, then you can have ssh console on it.