Re: [Xen-users] Re: problems with xen installation
On Fri, Dec 30, 2005 at 08:23:42PM +0530, Anand wrote:
> Dear Andy,
> Thanks for the reply.
> >As you noted the vif name will change every time a domain is
> >restarted. In Xen 2.x you can use the vifname config directive to
> >hardcode vif names per domain. You can also do this in 3.0 if you
> >use a snapshot of -unstable that has this functionality (apologies,
> >I do not know exactly when it was (re)added).
> Thanks, thats indeed excellent news. May i ask is the snapshot stable
> enough to use on the production box (sorry if it sounds a stupid
> question to you). I am using 3.0 stable rpm from xensource on centos
> 4.1 right now.
I can't advise on this I'm afraid as I'm not using it heavily in
It works nicely in the latest 2.x which is what I'm running in
> >You can measure the bandwidth use of the vif interfaces in dom0,
> >either by parsing /proc/net/devices periodically or by polling SNMP.
> This will give the problem of the vifname changing everytime and hence
> loosing track of the vif to whom the bandwidth should be accounted to.
Yes you do need to use vifname for this to work.
> >Finally you could also use iptables in dom0 and the physdev module
> >to add rules for traffic going in/out particular vifs, and poll its
> >counters to measure bandwidth.
> Is it possible for you to direct me to some examples ? It will really
This too requires static vif names. Off the top of my head:
iptables -N accounting_in
iptables -N accounting_out
iptables -A FORWARD -m physdev --physdev-out vif+ -j accounting_in
iptables -A FORWARD -m physdev --physdev-in vif+ -j accounting_out
iptables -A accounting_in -m physdev --physdev-out vif-foo+ -j RETURN
iptables -A accounting_out -m physdev --physdev-in vif-foo+ -j RETURN
The above iptables commands check all forwarded traffic to see if it
came from/to a vif, if they do they are checked to see if they
specifically went through an interface name matching "vif-foo*".
You can then use
iptables -v --list accounting_in
iptables -v --list accounting_out
to view the packet and byte counters for those tables.
Note this matches only IP traffic. You'll need to use ip6tables to
Without static vif names you could add rules to the bridge interface
and try to match only things going to or coming from the IP
addresses that you have assigned but that seems even more hackish to
Description: Digital signature
Xen-users mailing list