WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] Multiple VMs - one static routable IP address

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] Multiple VMs - one static routable IP address
From: Alex Samad <alex@xxxxxxxxxxxx>
Date: Thu, 17 May 2007 14:32:59 +1000
Delivery-date: Wed, 16 May 2007 21:31:32 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <Pine.LNX.4.64.0705160855430.16847@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <Pine.LNX.4.64.0705160855430.16847@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.13 (2006-08-11)
On Wed, May 16, 2007 at 09:01:43AM -0500, xensource@xxxxxxxxxxxxxxxxxxx wrote:
> I have a new server and am looking into using XEN. Looks like everything I 
> need is there, and gives me the security and power I've found frustrating 
> or lacking in VMWare... I have one problem tho... I want to have each VM 
> be able to completely host it's own domain name and it's own services. I 
> only have one routable IP address however. I need to service ports: 22, 
> 25, 80, 110, and 443
your going to have problems with 22, 110 and 443. You can potentially do it for 
port 80, but yuo would have to service the request on the host.  THis is going 
to be the same for all the virtual machines if you have non routable addresses, 
no real way around it.  You could possible try ipv6 - but then your client 
would have to use ipv6 (both of you can use the ipv4 in ipv6 ability)

> 
> I have no worldly idea how to route the packets to each respective VM when 
> everybody is trying to use the same ports, and are all sitting behind the 
> firewall effectively running non-routable IP addresses.
> 
> Example:
> Domain-0 will host mail services on port 25
> Domain-1 will also...
> Domain-2 as well
> Domain-3 again...
> 
> For port 80 and 443 traffic, I suppose I could always just stick apache in 
> proxy mode and route to the respective VM running on the 10-net behind the 
> firewall, and I can run SSHD on a non-standard port for each one I suppose 
> as well... but with everybody running their own sendmail and needing to 
> receive mail (sending shouldn't be a problem in this configuration near as 
> I can tell anyway) everybody pig piles in on port 25 and only Domain-0 
> wins. I could hack up some sort of MTA forwarding I suppose, but there HAS 
> to be some way that this is done such that I don't have to special case 
> every port. I just don't know what that is it seems.
> 
> So, when a packet comes in to the DHCP as asks for the IP address for one 
> (of seven) of the domain names I host. They will all resolve to the same 
> single routable IP address I have. I suspect I need some sort of 
> soft-router running on Domain 0 to see if the packet is destined for one 
> of the VMs and if so route to the 10.0.0.X address accordingly.
> 
> I'm completely new to bridging, tho am by no means new to Linux systems 
> administration. All VMs, including Domain-0, are running CentOS 5.  My 
> _guess_ is I need to get a fourth  DomU installed and running and have 
> THAT run the routable IP address, and then forward all traffic into 
> Domain-0, or the respective other VM domains, switching based on the 
> domain name the traffic is trying to go to...  I wouldn't be able to 
> connect to any of the VMs but that forward facing one by using the IP 
> address, but then, I seldom to never do that anyway...  plus that way I 
> could hide Domain-0 a bit better anyway.  I just have no idea what bits 
> I'd need to install and run to get that working.
> 
> Any help pointing me in the right direction would be greatly appreciated. 
> This can't be a unique problem... I'm sure the S390 guys are running 
> thousands of VMs per system, and suspect there is no way all of those VMs 
> are also running routable IP addresses. I just don't know how to get the 
> packets to the right VM when I've only got the one externally routable IP 
> address.
> 
> Help Help Help!
> 
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-users
> 

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users