Bug 857279
Summary: | xen 3.0.3 network-bridge xenbr0 under bonded interface creates potential for a switching loop | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 5 | Reporter: | Philip Booysen <zer0tilt> |
Component: | xen | Assignee: | Xen Maintainance List <xen-maint> |
Status: | CLOSED NOTABUG | QA Contact: | Virtualization Bugs <virt-bugs> |
Severity: | high | Docs Contact: | |
Priority: | unspecified | ||
Version: | 5.8 | CC: | leiwang, moli, mrezanin, qguan, wshi, xen-maint |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2012-09-14 07:59:13 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Philip Booysen
2012-09-14 01:56:45 UTC
To use xen on machine with bonding use setup as desribed in [1]. Default configuration is not supposed to work on non-trivial network setting (like bonding or vlans). In this case network scripts has to be modified. Can you retest if problems are hit with setting done as described in [1]? [1]: https://access.redhat.com/knowledge/articles/22538 (In reply to comment #1) > To use xen on machine with bonding use setup as desribed in [1]. Default > configuration is not supposed to work on non-trivial network setting (like > bonding or vlans). In this case network scripts has to be modified. > > Can you retest if problems are hit with setting done as described in [1]? > > [1]: https://access.redhat.com/knowledge/articles/22538 Agreed, default configuration is not suppose to work on non-trivial network settings (including bonding and vlans). Red Hat propose that in such a case, with non-trivial network settings, one should: 1) Disable the network-script using "(network-script /bin/true)" and configure non-trivial network settings outside libvirtd under /etc/sysconfig/network-script/ifcfg-* as proposed by [1] and [2] here under OR 2) Use "(network-script 'network-bridge-bonding bridge=bond0 netdev=0')" as proposed by [3] here under. Should a non-trivial networking configuration be setup by the System Adminstrator, including /etc/sysconfig/network-scripts/ifcfg-* , as per [1] and/or [2], and the current default xend-config.sxp setting called "(network-script network-bridge)" gets deployed, be it intentionally or unintentionally, a denial of service attack or even a DDOS can occur under favorable conditions on an attached layer 2 network of any size. I believe a risk aversion for accidentally creating the above scenario is in the best interest of Red Hat's customers using xen-3 under RHEL 5. Such a risk aversion could be implemented by setting a safer and more sane default in xend-config.sxp in the origin of the xen rpm package to "(network-script /bin/true)". xenbr0 existence testing could also be added to default network-bridge script. The system and this xen network-script setting can there after be configured to the needs of the actual environment, before xen unintentionally misconfigures a non-trivial network setup and cause possible network outage. [1]: https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/5/html/Virtualization/sect-Virtualization-Network_Configuration-Bridged_networking_with_libvirt.html [2]: http://wiki.xen.org/wiki/Network_Configuration_Examples_%28Xen_4.1%2B%29#Red_Hat-style_bridge_configuration_.28e.g._RHEL.2C_Fedora.2C_CentOS.29 [3]: https://access.redhat.com/knowledge/articles/22538 (In reply to comment #2) > Agreed, default configuration is not suppose to work on non-trivial network > settings (including bonding and vlans). > > Red Hat propose that in such a case, with non-trivial network settings, one > should: > > 1) Disable the network-script using "(network-script /bin/true)" and > configure non-trivial network settings outside libvirtd under > /etc/sysconfig/network-script/ifcfg-* as proposed by [1] and [2] here under > > OR > > 2) Use "(network-script 'network-bridge-bonding bridge=bond0 netdev=0')" as > proposed by [3] here under. > > Should a non-trivial networking configuration be setup by the System > Adminstrator, including /etc/sysconfig/network-scripts/ifcfg-* , as per [1] > and/or [2], and the current default xend-config.sxp setting called > "(network-script network-bridge)" gets deployed, be it intentionally or > unintentionally, a denial of service attack or even a DDOS can occur under > favorable conditions on an attached layer 2 network of any size. > > I believe a risk aversion for accidentally creating the above scenario is in > the best interest of Red Hat's customers using xen-3 under RHEL 5. Such a > risk aversion could be implemented by setting a safer and more sane default > in xend-config.sxp in the origin of the xen rpm package to "(network-script > /bin/true)". xenbr0 existence testing could also be added to default > network-bridge script. The system and this xen network-script setting can > there after be configured to the needs of the actual environment, before xen > unintentionally misconfigures a non-trivial network setup and cause possible > network outage. Changing default configuration in current phase of lifetime would cause risk of breaking systems of current customers that is higher than benefits of this preventive measurements. Described scenario require user to modify default network configuration. In this case we do not guarantee correct working of xen configuration. Any manual changes to network setting on xen based system has to be done by person aware of relation between all parts of networking setup and in cooperation with Red Hat Support. Therefore any of recommended change is not going to be implemented in RHEL 5. If you experience difficulties with setting network up, please contact Support Team to help you. |