Red Hat Bugzilla – Bug 472959
Xen antispoofing kicking in too early
Last modified: 2010-11-24 13:46:58 EST
Description of problem:
Xen antispoofing functionality kicks in to fast. Here is transcript from logs:
Nov XX 02:52:41 some-host kernel: ADDRCONF(NETDEV_UP): vif1.0: link is not ready
Nov XX 02:52:41 some-host kernel: ADDRCONF(NETDEV_UP): vif1.1: link is not ready
Nov XX 02:52:41 some-host logger: /etc/xen/scripts/vif-bridge: iptables -A FORWARD -m physdev --physdev-in vif1.0 -j ACCEPT failed. If you are using iptables, this may affect networking for guest domains.
Nov XX 02:52:42 some-host kernel: blkback: ring-ref 8, event-channel 27, protocol 1 (x86_64-abi)
Nov XX 02:52:45 some-host kernel: ADDRCONF(NETDEV_CHANGE): vif1.0: link becomes ready
Nov XX 02:52:45 some-host kernel: xenbr1: topology change detected, propagating
Nov XX 02:52:45 some-host kernel: xenbr1: port 3(vif1.0) entering forwarding state
Nov XX 02:52:45 some-host kernel: ADDRCONF(NETDEV_CHANGE): vif1.1: link becomes ready
Nov 21 02:52:45 some-host kernel: xenbr3: topology change detected, propagating
Nov 21 02:52:45 some-host kernel: xenbr3: port 3(vif1.1) entering forwarding state
Version-Release number of selected component (if applicable):
Should be reproducible with other versions too
Steps to Reproduce:
1. Restart server
2. Wait until guest startup
3. Check domU network connectivity
Some domU guest might not have network functionality (packets are dropped)
All domU have network connectivity
Some check should be made, which would block antispoofing until interfaces are up.
could you please try testing using the latest kernel-xen and xen packages available in RHEL-5.5? If it's still an issue could you please attach more information about how is your guest being set (i.e. the guest configuration file) ?
Ok I try to check guest creation with RHEL5-5, I will write my findings.
Ok, thanks. Let us know the guest configuration files when it's still an issue on RHEL 5.5 .
were you able to reproduce the problem with RHEL-5.5? I'm having trouble to reproduce this.
I was unable to reproduce the problem too.
Based on my testing and comment #8 closing.