I am running XenServer 6.2 with two NICs on separate subnets:

xenbr0 :
xenbr1 :

The .1.50 NIC communicates with an internal network and works perfectly. The .0.50 is plugged directly into the external router but cannot even manage a ping.

Here are things that may be of some help:

[root@voltaire ~]# ip route dev xenbr0  proto kernel  scope link  src dev xenbr1  proto kernel  scope link  src

[root@voltaire ~]# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN 
   link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth1: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
   link/ether 00:13:3b:0e:ae:55 brd ff:ff:ff:ff:ff:ff
3: eth2: <NO-CARRIER,BROADCAST,UP> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000
   link/ether 00:13:3b:0e:ae:56 brd ff:ff:ff:ff:ff:ff
4: eth0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
   link/ether 00:25:22:e0:a9:ce brd ff:ff:ff:ff:ff:ff
5: xenbr1: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN 
   link/ether 00:13:3b:0e:ae:55 brd ff:ff:ff:ff:ff:ff
6: xenbr0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN 
   link/ether 00:25:22:e0:a9:ce brd ff:ff:ff:ff:ff:ff
7: xenbr2: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN 
   link/ether 00:13:3b:0e:ae:56 brd ff:ff:ff:ff:ff:ff
8: vif1.0: <BROADCAST,NOARP,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 32
   link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
9: vif1.1: <BROADCAST,NOARP,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 32
   link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
10: tap1.0: <BROADCAST,NOARP,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 500
    link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
11: tap1.1: <BROADCAST,NOARP,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 500
   link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff

[root@voltaire ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN 
   link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
   inet scope host lo
2: eth1: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
   link/ether 00:13:3b:0e:ae:55 brd ff:ff:ff:ff:ff:ff
3: eth2: <NO-CARRIER,BROADCAST,UP> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000
   link/ether 00:13:3b:0e:ae:56 brd ff:ff:ff:ff:ff:ff
4: eth0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
    link/ether 00:25:22:e0:a9:ce brd ff:ff:ff:ff:ff:ff
5: xenbr1: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN 
   link/ether 00:13:3b:0e:ae:55 brd ff:ff:ff:ff:ff:ff
   inet brd scope global xenbr1
6: xenbr0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN 
   link/ether 00:25:22:e0:a9:ce brd ff:ff:ff:ff:ff:ff
   inet brd scope global xenbr0
7: xenbr2: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN 
   link/ether 00:13:3b:0e:ae:56 brd ff:ff:ff:ff:ff:ff
8: vif1.0: <BROADCAST,NOARP,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 32
   link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
9: vif1.1: <BROADCAST,NOARP,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 32
   link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
10: tap1.0: <BROADCAST,NOARP,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 500
    link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
11: tap1.1: <BROADCAST,NOARP,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 500
    link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff

[root@voltaire ~]# ping
PING ( 56(84) bytes of data.
64 bytes from icmp_seq=1 ttl=128 time=10.0 ms
64 bytes from icmp_seq=2 ttl=128 time=0.718 ms
64 bytes from icmp_seq=3 ttl=128 time=0.681 ms
--- ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2017ms
rtt min/avg/max/mdev = 0.681/3.809/10.029/4.398 ms

[root@voltaire ~]# ping
PING ( 56(84) bytes of data.
From icmp_seq=1 Destination Host Unreachable
From icmp_seq=2 Destination Host Unreachable
From icmp_seq=3 Destination Host Unreachable
--- ping statistics ---
5 packets transmitted, 0 received, +3 errors, 100% packet loss, time 4026ms, pipe 3

I have spent the last 6 hours going through every article I can find. I have applied every fix mentioned, but nothing seems to work.

Lets start with the obvious:

  1. I'm certain that the network cable is plugged in.
  2. I'm certain that all the IP addresses are correct and that there are no conflicts.
  3. I've tried setting up NAT via iptables (even though that shouldn't be necessary because I'm not trying to NAT with this box)
  4. I've tried setting up multiple routing tables (also a little extraneous, I feel, since I can't even ping from both interfaces)

I hope that some one here can figure out what I'm missing because I'm about at the end of my rope.

iptables for Giedrius Rekasius

[root@voltaire ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
RH-Firewall-1-INPUT  all  --  anywhere             anywhere            

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
RH-Firewall-1-INPUT  all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
Chain RH-Firewall-1-INPUT (2 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     icmp --  anywhere             anywhere            icmp any 
ACCEPT     esp  --  anywhere             anywhere            
ACCEPT     ah   --  anywhere             anywhere            
ACCEPT     udp  --  anywhere            udp dpt:mdns 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:ipp 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ipp 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:bootps
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpt:ha-cluster 
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh 
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:http 
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:https 
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited 

Also, per your question about VLAN configuration on the router: I am actually using separate routers, one for each subnet, so I don't have VLAN's configured. Each router is responsible for the entire Class C.

brctl show for Peter

[root@voltaire ~]# brctl show
bridge name bridge            idSTP enabledinterfaces
xenbr0      0000.002522e0a9ce no    eth0
xenbr1      0000.00133b0eae55 no    eth1
xenbr2      0000.00133b0eae56 no    eth2

I'm not sure of which 'xen bridge ugly hack script' you refer, this is my first foray into networking on XenServer and pretty much everything at this point looks kind of ugly/hacky.

If it helps, I didn't create the bridge interfaces myself. I only went through the process of adding the interfaces. Everything is showing up correctly in XenCenter, though.

Apparently, I didn't cover enough of the obvious solutions first. I never ran sysctl -p, so IP forwarding was never enabled.

I would like to officially relinquish my geek hat. Someone more qualified than I should take it.