WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] Question regarding xen, physicals NIC's and VLANs

To: Daniel McNamara <admin@xxxxxxxxxxxxxxx>
Subject: Re: [Xen-users] Question regarding xen, physicals NIC's and VLANs
From: Marcus Brown <marcusbrutus@xxxxxxxxxxxxxxxx>
Date: Mon, 17 Oct 2005 13:16:01 +1100
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Mon, 17 Oct 2005 01:11:31 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <4352F23B.6020507@xxxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <4352F23B.6020507@xxxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Debian Thunderbird 1.0.7 (X11/20051001)
Hi Daniel,

Daniel McNamara wrote:
> Hi guys,
> 
> I have been given an interesting project by my work place that requires
> us to do some virualistation with  a few funky caveats and I'm trying to
> find out if xen can fit into the requirments.
> 
> Essentially we'll have one machine with 5 physicals NIC's. The first
> will be used as the managment link for the host OS.

The standard xen scripts for bridging or routing should handle this fine.

> The other 4 we want to bind to seperate copies of  guest OS running on
> the machine. Here's where it gets interesting. Each of the guest OS's
> will have the same IP, however each one will plug into a switch port
> allocated to different VLANs.
> 
> What I'm trying to find out is if this is possible with xen. Basically I
> want to lock off each of the 4 physical nics to each guest OS and ensure
> that they only talk to their appropiate vlan
> 
> What I'm not sure of is how the host OS handles the network connections
> with xen and wether it will be able to handle this setup.

Using Xen stable (2.0.7) you can hide the remaining 4 nics from dom0 and
allocate each nic to a separate domU. dom0 will be ignorant of both the
nic and it's network settings. I don't believe the Xen unstable (3.0) has
this ability yet, so staying with stable would be your best bet.

A diagram of the setup you suggest might look like this:

     eth1      eth2      eth3      eth4
______|_________|_________|_________|______
| ____|____ ____|____ ____|____ ____|____ |
| | domU1 | | domU2 | | domU3 | | domU4 | |
| |_______| |_______| |_______| |_______| |
|     |         |         |         |     |
|      \_________\       /_________/      |
|                 xen-br0                 |
|   _________________|_________________   |
|   |                                 |   |
|   |             dom0                |===|= eth0
|   |_________________________________|   |
|_________________________________________|
               Host Machine

To hide nics 1-4 from dom0 you need to find out their respective PCI
ID's
eg.
# lspci | grep Ethernet
0000:00:0a.0 Ethernet controller: ...
0000:00:0b.0 Ethernet controller: ...
0000:00:0c.0 Ethernet controller: ...
0000:00:0d.0 Ethernet controller: ...
0000:00:0e.0 Ethernet controller: ...
and then include that ID in your grub config:
# grep hide /boot/grub/menu.lst
kernel          /xen-2.0.7.gz root=/dev/ram0 ro dom0_mem=81920 
physdev_dom0_hide=(00:0b.0)(00:0c.0)(00:0d.0)(00:0e.0)

To use a specific nic for a domU, it's Xen config file needs a line like:
# grep pci /etc/xen/Firewall
pci = ['00,0b,0']
You also need to ensure that the kernel for the domU is privelliged,
and has the drivers for the nic. Using a dom0 kernel would suffice.

To manage the domU's from dom0 you will also want the domUs to each have
access to a virtual interface, either bridged or routed to eth0.
So a domU's config should then also include something like (for bridged)
nics=1
vif = [ 'mac=aa:00:00:25:40:01, bridge=xen-br0' ]
Alternatively, you could just use a Xen console, however it's not nearly
as functional as a ssh session IMHO. (OK, it doesn't look pretty:))

More information can be found in the Xen users manual.

> I have not played a lot with xen but so far it's fitting a majority of
> our requirements.
> 
> I will be using fedora core 4 for both the host and guest OS's at this
> point.

I believe there are numerous posts on this list about setting up Xen on FC4.

> Any help with this question would be appreciated.
> 
> Cheers
> 
> Daniel McNamara
> Code Fish Sys Admin
> 

Hope that helps.

Regards,

Marcus.

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

<Prev in Thread] Current Thread [Next in Thread>