ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    cannot get promiscuous mode to work with xenserver

    IT Discussion
    xen xenserver networking xenserver 6.5 promiscuous mode
    4
    13
    4.8k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • IT-ADMINI
      IT-ADMIN
      last edited by scottalanmiller

      Hi everybody

      i have xenserver Host with 2 NIC, i installed 2 VM on it, i bridged the 2 PIF to one VM , this VM has now 2 VIF, VIF0 bridged with PIF0 and VIF1 bridged with PIF1,
      PIF0 is connected to the LAN, PIF1 is connected to a mirroring port on the switch (sniffing all traffic ti record voip calls)

      i have already execute the following command :

      xe pif-param-set uuid=<uuid_of_pif> other-config:promiscuous="true"
      xe pif-param-list uuid=<uuid_of_pif>

      xe vif-param-set uuid=<uuid_of_vif> other-config:promiscuous="true"
      xe vif-param-list uuid=<uuid_of_vif>

      xe vif-unplug uuid=<uuid_of_vif>
      xe vif-plug uuid=<uuid_of_vif>

      i tried both :
      xe-switch-network-backend bridge
      xe-switch-network-backend openvswitch

      it is so frustrating, i spend hours in this

      1 Reply Last reply Reply Quote 2
      • IT-ADMINI
        IT-ADMIN
        last edited by

        knowing that PIF1 get the whole traffic (i checked that by tcpdump -i eth1)
        the problem reside in VIF1, PIF1 not mirroring the traffic ti VIF1,

        1 Reply Last reply Reply Quote 1
        • IT-ADMINI
          IT-ADMIN
          last edited by

          also xenbr1 catch all traffic

          1 Reply Last reply Reply Quote 0
          • IT-ADMINI
            IT-ADMIN
            last edited by

            something weird, i have only these interfaces :
            eth0 eth1 lo vif1 vif2 xenbr0 xenbr1

            i think normally i should have something like : vif0.1, vif0.2 bridged with eth0
            and vif1.1, vif1.2 bridged with eth1
            ???

            1 Reply Last reply Reply Quote 0
            • IT-ADMINI
              IT-ADMIN
              last edited by

              tcpdump -i eth1
              sniff all traffic
              tcpdump -i xenbr1
              sniff all traffic
              tcpdump -i vif2
              tcpdump: vif2: No such device exists
              (SIOCGIFHWADDR: No such device)

              1 Reply Last reply Reply Quote 0
              • IT-ADMINI
                IT-ADMIN
                last edited by

                ovs-vsctl show
                e3f94405-fc77-4be7-8e5d-85f824f24ac1
                Bridge "xenbr0"
                fail_mode: standalone
                Port "vif1.0"
                Interface "vif1.0"
                Port "eth0"
                Interface "eth0"
                Port "vif2.0"
                Interface "vif2.0"
                Port "xenbr0"
                Interface "xenbr0"
                type: internal
                Bridge "xenbr1"
                fail_mode: standalone
                Port "xenbr1"
                Interface "xenbr1"
                type: internal
                Port "vif2.1"
                Interface "vif2.1"
                Port "eth1"
                Interface "eth1"
                Port "vif1.1"
                Interface "vif1.1"
                ovs_version: "2.1.3"

                1 Reply Last reply Reply Quote 0
                • IT-ADMINI
                  IT-ADMIN
                  last edited by

                  i still cannot get this done, after reading some documentation i realized that xenserver has promiscuous mode issue in 6.5 and people complaining about that in citrix official support website,
                  i think it is time to shift to vmware ESXI, i hope i can manage myself with it

                  1 Reply Last reply Reply Quote 0
                  • scottalanmillerS
                    scottalanmiller
                    last edited by

                    Sorry that none of us have run into this issue. Why do you need promiscuous mode?

                    1 Reply Last reply Reply Quote 2
                    • IT-ADMINI
                      IT-ADMIN
                      last edited by

                      because i have an application that record voip calls, it need to catch the whole traffic, i configured a mirroring port on my switch that send all traffic to this VM, but unfortunately i was unable to get promiscuous mode working

                      1 Reply Last reply Reply Quote 0
                      • DustinB3403D
                        DustinB3403
                        last edited by

                        I don't know if you've read these but they may be of assistance.

                        http://support.citrix.com/content/dam/supportWS/kA560000000Ts7qCAC/XenServer_6.5.0_Technical_FAQ.pdf

                        and

                        http://support.citrix.com/article/CTX121729

                        The second link has a full How-To for setting promiscuous mode.

                        1 Reply Last reply Reply Quote 0
                        • DustinB3403D
                          DustinB3403
                          last edited by

                          Here is a response from a rather versed XenServer guide on their forums, even pointing to the same article.

                          "Tobias Kreidl MEMBERS
                          #4

                          16,019 posts
                          Posted 14 March 2015 - 03:30 AM
                          Is this what you are looking for?: http://support.citrix.com/article/CTX116493

                          -=Tobias"

                          1 Reply Last reply Reply Quote 0
                          • IT-ADMINI
                            IT-ADMIN
                            last edited by

                            Thank you @DustinB3403 , but unfortunately i have tried all of this before and maybe more than this but without any result

                            J 1 Reply Last reply Reply Quote 0
                            • J
                              Junto026 @IT-ADMIN
                              last edited by

                              @it-admin 4 years later, I encountered the same issue that you did.

                              The solution for me was do do a PCI passthrough of the physical NIC directly to the VM. This bypasses all virtual switching inside Citrix Hypervisor. I posted the exact steps to implement PCI passthrough on Citrix Hypervisor 8.2 here:

                              https://discussions.citrix.com/topic/414458-open-vswitch-not-passing-all-traffic-from-pif-to-vif/

                              1 Reply Last reply Reply Quote 0
                              • 1 / 1
                              • First post
                                Last post