WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] Re: problems with xen installation

To: Andy Smith <andy@xxxxxxxxxxxxxx>
Subject: Re: [Xen-users] Re: problems with xen installation
From: Anand <xen.mails@xxxxxxxxx>
Date: Fri, 30 Dec 2005 20:58:21 +0530
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Fri, 30 Dec 2005 15:35:38 +0000
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=KP5IShHtArePxL6zk7Pu19mZIkYJIEFHa7ymguA2I5ZtiOWWjwMyuTOI9ElBl3hoSU35Pvkk4Qo2/YFBXU6K7KrvnryPaenO68rGSEHVu0QLTy55lHuwPh8uZEgkBSCDM7XivFbvfXbP2I++P7iQgRoUzN+4lkAvNWGTlpSV2YE=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <20051230151426.GH10278@xxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <6a7b2d540512290856m7f0a774h8e132104050891ef@xxxxxxxxxxxxxx> <6a7b2d540512290948q2103e986sa334ee7b9e2163cc@xxxxxxxxxxxxxx> <acb757c00512291014u17aac4d6u2591a4f3da070efd@xxxxxxxxxxxxxx> <6a7b2d540512291157s78259528r9a3207dd4172ccfe@xxxxxxxxxxxxxx> <acb757c00512292121q69401768n94c93188b499f453@xxxxxxxxxxxxxx> <6a7b2d540512300223pd6ecaah2bb9c874497eb255@xxxxxxxxxxxxxx> <acb757c00512300430w78bf0b96qde89b2937dc1274b@xxxxxxxxxxxxxx> <20051230134459.GA10278@xxxxxxxxxxxxxx> <acb757c00512300653w68d2cfa3k2760c85b24dec4d9@xxxxxxxxxxxxxx> <20051230151426.GH10278@xxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Dear Andy,

Thanks for all the help. I will try it out.

On 12/30/05, Andy Smith <andy@xxxxxxxxxxxxxx> wrote:
On Fri, Dec 30, 2005 at 08:23:42PM +0530, Anand wrote:
>
>    Dear Andy,
>    Thanks for the reply.
>    >As you noted the vif name will change every time a domain is
>    >restarted.  In Xen 2.x you can use the vifname config directive to
>    >hardcode vif names per domain.  You can also do this in 3.0 if you
>    >use a snapshot of -unstable that has this functionality (apologies,
>    >I do not know exactly when it was (re)added).
>    Thanks, thats indeed excellent news. May i ask is the snapshot stable
>    enough to use on the production box (sorry if it sounds a stupid
>    question to you). I am using 3.0 stable rpm from xensource on centos
>    4.1 right now.

I can't advise on this I'm afraid as I'm not using it heavily in
production.

It works nicely in the latest 2.x which is what I'm running in
production.

>    >You can measure the bandwidth use of the vif interfaces in dom0,
>    >either by parsing /proc/net/devices periodically or by polling SNMP.
>    This will give the problem of the vifname changing everytime and hence
>    loosing track of the vif to whom the bandwidth should be accounted to.

Yes you do need to use vifname for this to work.

>    >Finally you could also use iptables in dom0 and the physdev module
>    >to add rules for traffic going in/out particular vifs, and poll its
>    >counters to measure bandwidth.
>    Is it possible for you to direct me to some examples ? It will really
>    help.

This too requires static vif names.  Off the top of my head:

iptables -N accounting_in
iptables -N accounting_out

iptables -A FORWARD -m physdev --physdev-out vif+ -j accounting_in
iptables -A FORWARD -m physdev --physdev-in  vif+ -j accounting_out

iptables -A accounting_in  -m physdev --physdev-out vif-foo+ -j RETURN
iptables -A accounting_out -m physdev --physdev-in  vif-foo+ -j RETURN

The above iptables commands check all forwarded traffic to see if it
came from/to a vif, if they do they are checked to see if they
specifically went through an interface name matching "vif-foo*".
You can then use

iptables -v --list accounting_in
iptables -v --list accounting_out

to view the packet and byte counters for those tables.

Note this matches only IP traffic.  You'll need to use ip6tables to
match IPv6.

Without static vif names you could add rules to the bridge interface
and try to match only things going to or coming from the IP
addresses that you have assigned but that seems even more hackish to
me..



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDtU7SIJm2TL8VSQsRAtBrAKDW6fAWiPi3DoMD3hG2375VEBoONQCgpTvA
poJ7lh1XIbW7dwT/PhuLqh0=
=xw9q
-----END PGP SIGNATURE-----


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users