Thanks for your reply.
root@n02:~# dpkg --get-selections | grep xen
libxen-4.1 install
libxenstore3.0 install
python-xenapi install
xen-hypervisor-4.1-amd64 install
xen-linux-system-3.2.0-4-amd64 install
xen-linux-system-amd64 install
xen-system-amd64 install
xen-tools install
xen-utils-4.1 install
xen-utils-common install
xenstore-utils install
xenwatch install
From my /etc/xen/xend-config.sxp:
(xen-api-server ((unix)))
(xend-unix-server yes)
(xend-unix-path /var/lib/xend/xend-socket)
#(xend-unix-xmlrpc-server yes)
#(xend-tcp-xmlrpc-server no)
#(xend-relocation-server yes)
#(xend-http-server no)
#(xend-udev-event-server no)
Well, I guess XEN is not a source of the multicast. Thank for sorting this out.
At 26 Jan 2015 10:03:08 +0000 (UTC) from Ian Campbell <Ian.Campbell@xxxxxxxxxx>:
On Sun, 2015-01-25 at 23:56 +0000, LA Guy wrote:
> Hello xen-users.
>
> My snort alerted my about the multicast generated by the server which
> has XEN on it. I'm trying to find out what app generates multicast and
> I'm failing miserably, though I suspect it's XEN. I have XEN
> relocation service enabled, though I haven't configured it yet cause
> HDDs for my second server had not arrived yet.
>
> Does any part of XEN generates multicast (including XEN relocation and
> XEN api, which I suspect are the sources of multicast)? Is there any
> way to limit sending those multicast messages through a desegnated
> interface, rather than sending them to the whole network?
>
> I read the manuals, but haven't found answer to my questions.
>
> Also, please CC my email address as I am not subscribed to the
> maillist.
You don't say which version of Xen or which toolstack you are using, but
AFAIK neither xl nor xend will produce multicast network traffic.
xl certainly doesn't produce any network traffic at all of its own
accord (i.e. unless you run xl migrate). I'm reasonably sure that xend
is the same.
Ian.
| 
