[CentOS] Not firewall, but what?

Sat May 8 07:38:43 UTC 2010
Jussi Hirvi <listmember at greenspot.fi>

On 8.5.2010 4.31, Kahlil Hodgson wrote:
> Hmmm have you got more than one bridge on your network?  If so you need
> to make sure you have STP turned ON on all your bridges.
> If you have any services that require network at start up (nfs), you'll
> need set you network start up delay to more than 10 seconds
> as well, so STP has some time to settle.
>
> I encountered similar problems when I plugged a _second_ virtualisation
> host into my network.

Turning on stp sounds promising (I have to confess that I never heard 
about stp before). Stp is indeed off for both bridges:

[root at farm1 scripts]# brctl show
bridge name     bridge id               STP enabled     interfaces
virbr0          8000.000000000000       yes
xenbr0          8000.feffffffffff       no              vif5.0
                                                         vif4.0
                                                         peth0
                                                         vif0.0
xenbr1          8000.feffffffffff       no              vif5.1
                                                         vif3.0
                                                         vif2.0
                                                         peth1
                                                         vif0.1


How can I turn stp on? In my /etc/xen/scripts/xen-network-common.sh 
there is a section:

  # Don't create the bridge if it already exists.
     if [ ! -e "/sys/class/net/${bridge}/bridge" ]; then
         brctl addbr ${bridge}
         brctl stp ${bridge} off
         brctl setfd ${bridge} 0
         sysctl -w "net.bridge.bridge-nf-call-arptables=0"
         sysctl -w "net.bridge.bridge-nf-call-ip6tables=0"
         sysctl -w "net.bridge.bridge-nf-call-iptables=0"
         ip link set ${bridge} arp off
         ip link set ${bridge} multicast off
     fi

Is if safe to turn stp "on" there (instead of "off"? (Requires xend 
restart at least, I suppose.) Or is there a better way to turn stp on 
permanently?

The box has 2 physical if cards, and both of them are used for bridges 
(xenbr0 and xenbr1).


- Jussi

-- 
Jussi Hirvi * Green Spot
Topeliuksenkatu 15 C * 00250 Helsinki * Finland
Tel. +358 9 493 981 * Mobile +358 40 771 2098 (only sms)
jussi.hirvi at greenspot.fi * http://www.greenspot.fi