WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] Virtual Machine Interfaces

To: "Fajar A. Nugraha" <list@xxxxxxxxx>
Subject: Re: [Xen-users] Virtual Machine Interfaces
From: Russell Seymour <russell.seymour@xxxxxxxxxxxxxxxxxxx>
Date: Wed, 29 Dec 2010 21:55:32 +0000
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Wed, 29 Dec 2010 13:58:04 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <AANLkTin-mar7YpKCqOOJzAytZ_uWMiN8ynviChGwM9jS@xxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <4D1B3D5D.6010509@xxxxxxxxxxxxxxxxx> <AANLkTim0ZQ=zFYS3f0fTeBxtTa+60pEqhyGED_=7g=Od@xxxxxxxxxxxxxx> <4D1BA8AF.9000108@xxxxxxxxxxxxxxxxx> <AANLkTin-mar7YpKCqOOJzAytZ_uWMiN8ynviChGwM9jS@xxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.12) Gecko/20101027 Lightning/1.0b2 Thunderbird/3.1.6
OK great this is getting clearer :-).

I thought i would do the virtual bridge networking as I can then use iptables etc to manage it.  I am not able to use full bridged networking for the static public IP addresses for my domUs as I have to use routing as this is a restriction imposed by my hosting provider.

So this is what it think I can do:

    - comment out network script in xend-config.xsp
    - create the bridges as needed, e.g. virbr0 and brtap0
    - configure routing and masqurading for the public IP addresses to NAT through to the internal addresses on the domUs connected to virbr0
    - use the bridged brtap0 and assign ip addresses on my domUs that are within my OpenVPN subnet

I think that is correct, apologies if I am barking up the wrong tree.

Thanks very much for your help.

Russell



On 29/12/2010 21:47, Fajar A. Nugraha wrote:
On Thu, Dec 30, 2010 at 4:31 AM, Russell Seymour
<russell.seymour@xxxxxxxxxxxxxxxxxxx> wrote:
Fajar,

Thanks very much for this.

I am looking at changing the way the networking works as you have
suggested.  I used iptables currently for my home router so am familiar with
this sort of setup.

I have created my virbr0 using libvirt,
I use virbr0 as an example. It's setup by default by libvirt using
masquarade NAT. If you want routing without NAT, create a new bridge
using your OS's networking setup.

See http://wiki.debian.org/BridgeNetworkConnections for
/etc/network/interfaces example. You won't need "bridge_ports" for
this purpose (since the bridge will only connect with domU's
interfaces, not dom0's eth).

but how do I know tell Xen to use
this interface?  I have modified the .sxp file to use bridge networking,
which sxp? xend-config.sxp?

but
it creates its own thing.
if you don't need to bridge domU directly to dom0's eth, you can just
comment-out network-script line on xend-config.sxp entirely.

  I have tried to set it to netdev=virbr0 but that
did not seem to have any effect.  IN other words how can I get Xen to use
this custom bridge?
Are you going for full bridged networking?
If yes, the easiest way would be to :
- comment-out network-script on xend-config.sxp (or leave it with
network-route, if you still need it)
- create your own bridge in /etc/network/interfaces (call it brtap0 or whatever)
- create necessary routing/iptables rules
- use something like this on domU's vif config line

vif = [ 'mac=00:16:3E:7F:A5:5C, script=vif-bridge, bridge=brtap0,
vifname=domU1-eth0' ]

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
<Prev in Thread] Current Thread [Next in Thread>