WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

[Xen-users] Multiple VMs - one static routable IP address

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] Multiple VMs - one static routable IP address
From: xensource@xxxxxxxxxxxxxxxxxxx
Date: Wed, 16 May 2007 09:01:43 -0500 (CDT)
Delivery-date: Wed, 16 May 2007 07:00:15 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
I have a new server and am looking into using XEN. Looks like everything I need is there, and gives me the security and power I've found frustrating or lacking in VMWare... I have one problem tho... I want to have each VM be able to completely host it's own domain name and it's own services. I only have one routable IP address however. I need to service ports: 22, 25, 80, 110, and 443

I have no worldly idea how to route the packets to each respective VM when everybody is trying to use the same ports, and are all sitting behind the firewall effectively running non-routable IP addresses.

Example:
Domain-0 will host mail services on port 25
Domain-1 will also...
Domain-2 as well
Domain-3 again...

For port 80 and 443 traffic, I suppose I could always just stick apache in proxy mode and route to the respective VM running on the 10-net behind the firewall, and I can run SSHD on a non-standard port for each one I suppose as well... but with everybody running their own sendmail and needing to receive mail (sending shouldn't be a problem in this configuration near as I can tell anyway) everybody pig piles in on port 25 and only Domain-0 wins. I could hack up some sort of MTA forwarding I suppose, but there HAS to be some way that this is done such that I don't have to special case every port. I just don't know what that is it seems.

So, when a packet comes in to the DHCP as asks for the IP address for one (of seven) of the domain names I host. They will all resolve to the same single routable IP address I have. I suspect I need some sort of soft-router running on Domain 0 to see if the packet is destined for one of the VMs and if so route to the 10.0.0.X address accordingly.

I'm completely new to bridging, tho am by no means new to Linux systems administration. All VMs, including Domain-0, are running CentOS 5. My _guess_ is I need to get a fourth DomU installed and running and have THAT run the routable IP address, and then forward all traffic into Domain-0, or the respective other VM domains, switching based on the domain name the traffic is trying to go to... I wouldn't be able to connect to any of the VMs but that forward facing one by using the IP address, but then, I seldom to never do that anyway... plus that way I could hide Domain-0 a bit better anyway. I just have no idea what bits I'd need to install and run to get that working.

Any help pointing me in the right direction would be greatly appreciated. This can't be a unique problem... I'm sure the S390 guys are running thousands of VMs per system, and suspect there is no way all of those VMs are also running routable IP addresses. I just don't know how to get the packets to the right VM when I've only got the one externally routable IP address.

Help Help Help!

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users