Xen Bridge Loop

From Xen


This article describes the causing of bridge loops in dom0 and domU.

Bridged Network under Xen Overview

Xen uses bridged network by default. For detail, see: Xen Networking.

Why STP is turned off?

It will take longer for the bridge to "settle" when new vifs came online if STP is enabled. When DHCP is enabled, it may cause DHCP requests to time out.

On the other hand, turning off STP along with other parameters (hello/learning latencies) is part of a blanket effort to make the bridge dumb but efficient.

What's the problem?

This simple topology is not hiding bridges. If you intentionally set up soft bridges in the vm, loops may be established. Look at the following two scenarios:

There is a loop in switch0 and xenbr0:

 +-----------------------------------+
 |              switch0              |
 +-----+--------+----------+-----+---+
       |        |          |     |
 +-----+--------+-----+   PC2   PC3
 |     |        |     |
 | +---+--------+---+ |
 | |   |        |   | |
 | | peth0    peth1 | |
 | |                | |
 | |     xenbr0     | |
 | |                | |
 | | vif0.0  vif0.1 | |
 | |   |        |   | |
 | +---+--------+---+ |
 |     |        |     |
 |    eth0    eth1    |
 |                    |
 |      Domain0       |
 +--------------------+


There is a loop in xenbr0 and vmbr0:

 +----------------------------------------------+
 |                 switch0                      |
 +-----+------------------------------+-----+---+
       |                              |     |
 +-----+-------------------------+   PC2   PC3
 |     |                         |
 | +---+-----------------------+ |
 | |   |                       | |
 | | peth0           xenbr0    | |
 | |                           | |
 | | vif0.0      vif1.0 vif1.1 | |
 | |   |            |      |   | |
 | +---+------------+------+---+ |
 |     |            |      |     |
 |     |     +------+------+-----+
 |     |     |      |      |    
 |     |     | +----+------+-----+
 |     |     | |    |      |     |
 |     |     | | +--+------+---+ |
 |     |     | | |  |      |   | |
 |   eth0    | | | eth0  eth1  | |
 |           | | |             | |
 |           | | |    vmbr0    | |
 |           | | +-------------+ |    
 |  Domain0  | |     Domain1     |
 +-----------+ +-----------------+


Both of them will cause the switch0 not working. Thus affect all PCs connected to switch0.

The solution is to enable STP on all switch and bridges. Note: only enable STP in one or two bridges is not enough.

Reference