On 8.5.2010 11.56, Kahlil Hodgson wrote: >> Is if safe to turn stp "on" there (instead of "off"? (Requires xend >> restart at least, I suppose.) Or is there a better way to turn stp on >> permanently? > > STP is safe to turn on, but there is a small start up and tiny > performance hit - that's why its off by default. All the bridges on > your network have to establish relationships with each other, which can > take 10-15 seconds depending on you network. Also, its not just the > bridges on that box that you have to worry about: any other bridges on > other boxes that are on the same network also need STP turned on. Your > old Fedora box may be a potential culprit. > > I've never used Xen, so I can't give any firm advice. > That looks like the place where the bridge is created, so at a guess, > that's where you want to turn it on. Not to sure about turning ARP or > MULTICAST off though -- that might interfere with STP. > >> The box has 2 physical if cards, and both of them are used for bridges >> (xenbr0 and xenbr1). > > Yeah. Thinking you definitely need STP. You can turn it on temporarily > with > > brctl stp xenbr0 on > brctl stp xenbr1 on > > wait a few seconds and run > > brctrl showstp xenbr0 > > to see what's going on, and also see if it fixes your problem. > > Hope this helps > > Kal Thanks, it does (though the problem still persists). I turned stp on (for both bridges). I found another virbridge on another machine which has 2 if-cards: "virbr0", created by CentOS 5 by default I guess, for dhcp network, which I never even thought of. I brought this bridge down with icfonfig - btw, how can I disable it so that it stays off through reboots? So far the problem persists - I guess that I will have to start modifying routing tables. I guess it's natural that this kind of problem is weird. :-) For example, it is kind of natural that I can access these problematic 62.236.221.xx addresses (on the xen box) from other boxes in the same 62.236.221.xx network segment. But I can *also* access those ip addresses from the network 62.220.237.xx. Why? No idea. (the other if-card on the xen box is configured to this network segment, but I don't see why this would explain this.) Also seen from my home computer at 84.20.154.60 everything seems normal - no idea why! These (62.236.221.xx, 62.220.237.xx, 84.20.154.58/xx) are the only known clients from which the problematic addresses (62.236.221.67, 62.236.221.71) on the xen box are visible. :-/ - Jussi -- Jussi Hirvi * Green Spot Topeliuksenkatu 15 C * 00250 Helsinki * Finland Tel. +358 9 493 981 * Mobile +358 40 771 2098 (only sms) jussi.hirvi at greenspot.fi * http://www.greenspot.fi