cannot get promiscuous mode to work with xenserver

IT-ADMIN

Hi everybody

i have xenserver Host with 2 NIC, i installed 2 VM on it, i bridged the 2 PIF to one VM , this VM has now 2 VIF, VIF0 bridged with PIF0 and VIF1 bridged with PIF1,
PIF0 is connected to the LAN, PIF1 is connected to a mirroring port on the switch (sniffing all traffic ti record voip calls)

i have already execute the following command :

xe pif-param-set uuid=<uuid_of_pif> other-config:promiscuous="true"
xe pif-param-list uuid=<uuid_of_pif>

xe vif-param-set uuid=<uuid_of_vif> other-config:promiscuous="true"
xe vif-param-list uuid=<uuid_of_vif>

xe vif-unplug uuid=<uuid_of_vif>
xe vif-plug uuid=<uuid_of_vif>

i tried both :
xe-switch-network-backend bridge
xe-switch-network-backend openvswitch

it is so frustrating, i spend hours in this

IT-ADMIN

knowing that PIF1 get the whole traffic (i checked that by tcpdump -i eth1)
the problem reside in VIF1, PIF1 not mirroring the traffic ti VIF1,

IT-ADMIN

also xenbr1 catch all traffic

IT-ADMIN

something weird, i have only these interfaces :
eth0 eth1 lo vif1 vif2 xenbr0 xenbr1

i think normally i should have something like : vif0.1, vif0.2 bridged with eth0
and vif1.1, vif1.2 bridged with eth1
???

IT-ADMIN

tcpdump -i eth1
sniff all traffic
tcpdump -i xenbr1
sniff all traffic
tcpdump -i vif2
tcpdump: vif2: No such device exists
(SIOCGIFHWADDR: No such device)

IT-ADMIN

ovs-vsctl show
e3f94405-fc77-4be7-8e5d-85f824f24ac1
Bridge "xenbr0"
fail_mode: standalone
Port "vif1.0"
Interface "vif1.0"
Port "eth0"
Interface "eth0"
Port "vif2.0"
Interface "vif2.0"
Port "xenbr0"
Interface "xenbr0"
type: internal
Bridge "xenbr1"
fail_mode: standalone
Port "xenbr1"
Interface "xenbr1"
type: internal
Port "vif2.1"
Interface "vif2.1"
Port "eth1"
Interface "eth1"
Port "vif1.1"
Interface "vif1.1"
ovs_version: "2.1.3"

IT-ADMIN

i still cannot get this done, after reading some documentation i realized that xenserver has promiscuous mode issue in 6.5 and people complaining about that in citrix official support website,
i think it is time to shift to vmware ESXI, i hope i can manage myself with it

scottalanmiller

Sorry that none of us have run into this issue. Why do you need promiscuous mode?

IT-ADMIN

because i have an application that record voip calls, it need to catch the whole traffic, i configured a mirroring port on my switch that send all traffic to this VM, but unfortunately i was unable to get promiscuous mode working

DustinB3403

I don't know if you've read these but they may be of assistance.

http://support.citrix.com/content/dam/supportWS/kA560000000Ts7qCAC/XenServer_6.5.0_Technical_FAQ.pdf

and

http://support.citrix.com/article/CTX121729

The second link has a full How-To for setting promiscuous mode.

DustinB3403

Here is a response from a rather versed XenServer guide on their forums, even pointing to the same article.

"Tobias Kreidl MEMBERS
#4

16,019 posts
Posted 14 March 2015 - 03:30 AM
Is this what you are looking for?: http://support.citrix.com/article/CTX116493

-=Tobias"

IT-ADMIN

Thank you @DustinB3403 , but unfortunately i have tried all of this before and maybe more than this but without any result

Junto026

@it-admin 4 years later, I encountered the same issue that you did.

The solution for me was do do a PCI passthrough of the physical NIC directly to the VM. This bypasses all virtual switching inside Citrix Hypervisor. I posted the exact steps to implement PCI passthrough on Citrix Hypervisor 8.2 here:

https://discussions.citrix.com/topic/414458-open-vswitch-not-passing-all-traffic-from-pif-to-vif/