Re: default route on other subnet

[Pierre-Philipp Braun <pbraun%nethence.com@localhost>]

Quoting Jean-Yves Migeon 01/07/2011 00:29,
> What you are trying to achieve is kind of difficult. With a xennet0
> configured as a /32 in domU (and without a default route), you are
> basically setting up your domain as being "non routable". It can only
> communicate with itself (excluding certain circumstances, but that's not
> the point here).

Hi Jean-Yves,

sorry for coming back on that matter, but that's exactly the point. 
That's even the subject of this thread: using a default route on another 
subnet.  Do you really think that it's the /32 netmask that prevents the 
route trick to work?  I tryed again today with current and on a brand 
new linux dom0; and it's a very standard XEN configuration.  In fact, 
I'm always building the whole thing from scratch with the official 
tarball for xen & tools (4.1.1), and jeremy's repository (today's 
next-2.6.32).  The same happens again.

In a basic bridge configuration, with a reachable gateway on network 
interface, this is supposed to do the trick on the netbsd guest side,
        ifconfig xennet0 GUESTIP netmask 255.255.255.255 up
        route add -host GATEWAYIP -link xennet0 -iface
        route add default -ifa GUESTIP GATEWAYIP
but instead I still receive the arp warnings (xx:xx:xx:xx:xx:xx tried to 
overwrite permanent arp info for GATEWAYIP).

> Routing packets (like the ones with your ping) will only work when the
> domain is capable of figuring out a route at a L2 level, e.g. AF_LINK
> for routing socket. But the NetBSD domain will refuse to add addresses
> in its ARP table that do not belong to its networks, and as it has none...

I tryed with network 255.255.0.0 instead, trying to overcome what you 
just said, while keeping the rest of the procedure (route add -host and 
default).  No changes, I still receive the happy arp warnings.

> For routing dom0 <> domU, without proxy ARP, I'd suggest to set an IP
> for vif, and a small iproute2 command:

Now about a routing configuration, without proxy ARP (I honestly don't 
know what it is about anyway), I have to use an additional IP indeed, 
which isn't an option here as I'm dealing with public IPs (and I don't 
have much of them).

Of course the problem would be solved if I could use NAT.  Thing is, I'm 
fighting, for a few monthes now, because I precisely would like NetBSD 
to be my nat gateway for the other guests.  I can't stand iptables and 
appreciate the good old ipfilter & ipnat tools.

Thanks