IPfire on Xen 4.11 - 2 bridge setup not working

#1

Hi all,

I’m trying to extend my working DomU config for a running IPfire 2.25 (x86_64) - Core Update 152 Xen hvm DomU with 2 NIC via pass-through and one bridge - with a second bridge.

With this I’m getting the following qemu log entry

“qemu-system-i386: -device rtl8139,id=nic1,netdev=net1,mac=xx:xx:xx:xx:xx:xx: xen: failed to populate ram at 800c0000”

and the DomU start fails. This qemu error occurs with qemu-xen 4.2 as shipped with ubuntu 20.04 as well as with qemu 5.0 shipped with ubuntu 20.10.

Since I couldn’t find any working solution on the Internet to get a second bridge working on a HVM (PV’s of course not showing this issue) I’m looking for ideas how to implement an orange network without a second bridge. Current setup is:

  • RED as NIC provided via pci-passthrough
  • BLUE as NIC provided via pci-passthrough
  • GREEN as linux bridge (xenbr0)

The idea was to have ORANGE as a second bridge (xenbr1) without any physical interface assigned.

Any ideas/suggestions are highly appreciated.

Best, Oliver

#2

Hi all,

found a working solution even it’s not 100% ideal.

Just summarizing it here for other users still working with Xen to have some information about it.

Problem:
QEMU, at least 4.2 and 5.0 doesn’t allow to attach more than one bridge to a fully virtualized DomU (HVM). Paravirtualizing IPfire isn’t an option either since it’s not supported anymore.

Solution:
Xen since version 4.10 does support PVHv2 as some kind of lightweight HVM without the necessity of invoking QEMU at all. Luckily IPfire does support this kind of virtualization.
Downside of this PVHv2 setup is that pci-passthrough isn’t working even with the most recent version of Xen (4.14) and therefore no NIC can be exclusively assigned to IPfire.

Keeping this in mind the setup will be:

  1. Install IPfire from the ISO as HVM DomU assigning only one bridge to it
  2. Shutdown the IPfire DomU and make the following changes to the config file
    type=‘pvh’ instead of type=‘hvm’
    bootloader=‘pygrub’
    attach additional bridges for red, blue and orange as desired
  3. Start the IPfire DomU with this modified config file
  4. Connect to the IPfire DomU and run the normal setup procedure

I have this setup working on an ubuntu 20.04 server with Xen as shipped with this distribution.

Once Xen supports pci-passthrough on PVHv2 (it’s on their road map) bridges can be replaced by NICs again.

Hope that this is somehow helpful for one or another.

Best, Oliver

1 Like