From owner-freebsd-bugs@FreeBSD.ORG Fri Apr 4 15:30:01 2014 Return-Path: Delivered-To: freebsd-bugs@smarthost.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 28F9B731 for ; Fri, 4 Apr 2014 15:30:01 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 04FD7CA1 for ; Fri, 4 Apr 2014 15:30:01 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s34FU0Mu052582 for ; Fri, 4 Apr 2014 15:30:00 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s34FU0tg052581; Fri, 4 Apr 2014 15:30:00 GMT (envelope-from gnats) Resent-Date: Fri, 4 Apr 2014 15:30:00 GMT Resent-Message-Id: <201404041530.s34FU0tg052581@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Karl Pielorz Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 3C4E04FC for ; Fri, 4 Apr 2014 15:24:36 +0000 (UTC) Received: from cgiserv.freebsd.org (cgiserv.freebsd.org [IPv6:2001:1900:2254:206a::50:4]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 0D63FC52 for ; Fri, 4 Apr 2014 15:24:36 +0000 (UTC) Received: from cgiserv.freebsd.org ([127.0.1.6]) by cgiserv.freebsd.org (8.14.8/8.14.8) with ESMTP id s34FOYF3060666 for ; Fri, 4 Apr 2014 15:24:34 GMT (envelope-from nobody@cgiserv.freebsd.org) Received: (from nobody@localhost) by cgiserv.freebsd.org (8.14.8/8.14.8/Submit) id s34FOYmP060654; Fri, 4 Apr 2014 15:24:34 GMT (envelope-from nobody) Message-Id: <201404041524.s34FOYmP060654@cgiserv.freebsd.org> Date: Fri, 4 Apr 2014 15:24:34 GMT From: Karl Pielorz To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Subject: misc/188261: FreeBSD DomU PVHVM guests cannot 'route' traffic for other Xen PV guests on same Dom0 Host. X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Apr 2014 15:30:01 -0000 >Number: 188261 >Category: misc >Synopsis: FreeBSD DomU PVHVM guests cannot 'route' traffic for other Xen PV guests on same Dom0 Host. >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Apr 04 15:30:00 UTC 2014 >Closed-Date: >Last-Modified: >Originator: Karl Pielorz >Release: 9.2-STABLE / 10.0-RELEASE >Organization: >Environment: FreeBSD host 10.0-RELEASE FreeBSD 10.0-RELEASE #0 r260789 : Thu Jan 16 22:34:59 UTC 2014 root@snap.freebsd.org/usr/obj/usr/src/sys/GENERIC amd64 >Description: When running FreeBSD under Xen as a DomU guest - a PVHVM based FreeBSD machine cannot route traffic for any other PV based DomU guests on the same Xen Dom0. >How-To-Repeat: Install XenServer 6.2. Install FreeBSD 9.2 / 10.0 as a DomU guest, using the PVHVM (so you end up with a NIC called 'xn0' etc.) Set this first machine up with (for example) 'gateway_enable="YES"' etc. and configure it to route or NAT traffic to the Internet. Install another DomU guest (e.g. FreeBSD again, or Windows) on the same XenServer. Make the default gateway of the 2nd DomU the IP of the first DomU. Even though the fist DomU machine can fetch data/route traffic to/from "The Internet" - the second DomU machine cannot use it as a gateway. Pings will work, TCP sessions will initially 'connect' but cannot exchange any traffic. If you replace the 'router' DomU machine with say a Linux box (or Windows box) it works as expected. Only FreeBSD in PVHVM mode does not work as the gateway. >Fix: To fix the problem either: - Replace the DomU router machine with a Linux guest (not ideal!) - Drop the DomU router machine into HVM mode (i.e. xn0 etc. get replaced by rl0 et'al) - Drop the other DomU guests from PV/PVHVM mode down to HVM mode (this also appears to fix the problem!) - Move the DomU router machine to a different XenServer, even if it's in the same pool (problem only happens if the DomU router machine, and the DomU guest trying to use it as a gateway are on the same physical Xen Dom0 host). None of these solutions are ideal - it's basically precluding you from running a 'gateway' machine on XenServer unless it's either cited on it's own pool - or not efficient (i.e. HVM mode only) - which in turn makes it non-agile. >Release-Note: >Audit-Trail: >Unformatted: