| |
|
 |
|
 |
|
|
|
| |
|
|
xen-users
Re: [Xen-users] Migration of Xen Networking Setup to new ISP
Thomas Jensen wrote:
I currently use pci hide to hide a physical NIC from the Dom0. This
NIC is passed to a firewall DomU. Two other NICs are passed to the
firewall DomU to create a standard three NIC firewall. The fourth
NIC in the Dom0 is on a separate subnet (not part of the firewall)
and is used only for managment of the Dom0.
I would like to setup a firewall DomU on the new ISP and then
migrate the DomUs to the new firewall one at a time. I am getting
tripped up on the fact that my server can't have two gateway
addresses active at one time.
Well a lot depends on how you want to migrate. There are different
approaches, in part a lot depends on whether you intend to keep the
old ISP going :
The Big Bang
You switch off the old connection, and turn on the new one. No
complications here, you simply switch configs and wait for the DNS
changes to propagate. Nothing special here except to have all your
configs worked out in advance to minimise downtime.
Dual running
A bit more work, but you parallel run for a while while DNS changes
propagate and eventually turn off the old connection (unless you want
to keep it running).
Phased migration
You move one bit (service or server) at a time, probably combined
with parallel running.
You can do policy based routing in your firewall. Setup a new
internal bridge for the new subnet you get from your ISP - it doesn't
need to have a NIC assigned to it. Add extra virtual NICs to the
guests.
You then need to set up routing policies (can't help there, never
done it but I know it can be done) so that :
Traffic TO subnet A is routed to the old internal network
Traffic FROM subnet A is routed out via ISP A
Traffic TO subnet B is routed to the new network
Traffic FROM subnet B is routed out via ISP B
I think you can probably do this by running a shared network with
both subnet A and subnet B on it - ie the extra internal bridge
probably isn't necessary. Something to look into.
This article explains how it's done with Shorewall (installed by
default on all my systems)
http://shorewall.net/MultiISP.html
--
Simon Hobson
Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
|
|
| |
|
Home