On 8.5.2010 11.56, Kahlil Hodgson wrote:
Is if safe to turn stp "on" there (instead of "off"? (Requires xend restart at least, I suppose.) Or is there a better way to turn stp on permanently?
STP is safe to turn on, but there is a small start up and tiny performance hit - that's why its off by default. All the bridges on your network have to establish relationships with each other, which can take 10-15 seconds depending on you network. Also, its not just the bridges on that box that you have to worry about: any other bridges on other boxes that are on the same network also need STP turned on. Your old Fedora box may be a potential culprit.
I've never used Xen, so I can't give any firm advice. That looks like the place where the bridge is created, so at a guess, that's where you want to turn it on. Not to sure about turning ARP or MULTICAST off though -- that might interfere with STP.
The box has 2 physical if cards, and both of them are used for bridges (xenbr0 and xenbr1).
Yeah. Thinking you definitely need STP. You can turn it on temporarily with
brctl stp xenbr0 on brctl stp xenbr1 on
wait a few seconds and run
brctrl showstp xenbr0
to see what's going on, and also see if it fixes your problem.
Hope this helps
Kal
Thanks, it does (though the problem still persists).
I turned stp on (for both bridges). I found another virbridge on another machine which has 2 if-cards: "virbr0", created by CentOS 5 by default I guess, for dhcp network, which I never even thought of. I brought this bridge down with icfonfig - btw, how can I disable it so that it stays off through reboots?
So far the problem persists - I guess that I will have to start modifying routing tables.
I guess it's natural that this kind of problem is weird. :-)
For example, it is kind of natural that I can access these problematic 62.236.221.xx addresses (on the xen box) from other boxes in the same 62.236.221.xx network segment.
But I can *also* access those ip addresses from the network 62.220.237.xx. Why? No idea. (the other if-card on the xen box is configured to this network segment, but I don't see why this would explain this.)
Also seen from my home computer at 84.20.154.60 everything seems normal - no idea why!
These (62.236.221.xx, 62.220.237.xx, 84.20.154.58/xx) are the only known clients from which the problematic addresses (62.236.221.67, 62.236.221.71) on the xen box are visible. :-/
- Jussi