WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-users] Traffic Counting / port analysis using Xen 3.0.2?

from [fess] [Permanent Link][Original]
To: bigfoot29@xxxxxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] Traffic Counting / port analysis using Xen 3.0.2?
From: fess <fess-xenlists@xxxxxxxx>
Date: Sun, 28 May 2006 19:05:33 -0700
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Sun, 28 May 2006 19:06:12 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <36745.85.116.203.38.1148242446.squirrel@xxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <36745.85.116.203.38.1148242446.squirrel@xxxxxxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx 

I think you can setup bridges in any config you want,
so I'm pretty sure you can accomplish what you're trying to do.
you should be able to setup a bridge with most of the domus on it
and one gateway domu, with an interface on the main bridge,
and another interface on a front bridge with the real eth0.
then it could setup it's own bridge between the two, and
it would then be in a position to do bridge based
firewalling or accounting.

I found this page helpful:

  http://wiki.xensource.com/xenwiki/XenNetworking
And then this page, which shows how the shorwall guy setup a slightly more complex Xen network: 

  http://shorewall.net/XenMyWay.html


hope that helps.

--fess



On May 21, 2006, at 1:14 PM, bigfoot29@xxxxxxxxxxxxxxxxxxxxxx wrote:


Hi!

My first post here, so sorry if this question has been asked a hundred
times already. I searched the web for quite some time, but I wasn't able 
to find a solution based on the howto's out there...

In Xen 2.0.7 it was easy to do very detailed traffic counting using
mechanisms like tcpdump and such because the system acted like a hub. Now 
with 3.0 it got more secure - the bridge acts like a switch. Of course,
that is preferrable, but how can I do a detailed traffic statistics of
different servers I have no access to (owned by other ppl)?
Can/must this be done in the Xen0-domain? Is there an more "elegant" way (security wise) to fire up an own virtual machine handling this and acting 
as a bridge itself?
I am not very comfortable with iptables, so messing around with that would create more security holes than fix things for me. - What means, that you 
shouldn't expect an iptables-hero here :).
Are there any tuts out there handling deeper nested networks using Xen3? 
Like:

dom0
|-vm1
|-vm2
|-vm3
|  |-vm4
|  |-vm5
|
|-vm6

where vm3 is acting like a bridge but has the ability to filter/count
passing traffic to vm4 and 5. 4 and 5 have no "direct" connection to dom0 
- only by passing the bridge at vm3.

Any help is appreciated :D
Thanks in Advance!

Regards, Bigfoot29.


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users



_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-users] proper shutdown of domUs, fess
Next by Date:  Re: [Xen-users] NICs under SLES9 SP3, Jan Albrecht
Previous by Thread:  [Xen-users] Traffic Counting / port analysis using Xen 3.0.2?, bigfoot29
Next by Thread:  [Xen-users] Force dom0 to use specific cpu?, Jonathon Jones
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy