WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] Network configuration problem

To: "Daniel S. Reichenbach" <daniel.s.reichenbach@xxxxxxx>
Subject: Re: [Xen-users] Network configuration problem
From: "Henning Sprang" <henning_sprang@xxxxxx>
Date: Mon, 5 Feb 2007 17:18:01 +0100
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Mon, 05 Feb 2007 08:17:53 -0800
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=ZS3ioittrmWy+Lj+0rHkjD3AuXdjZOgZ+zEKU3NETotCWjfu9si9xRSwXE8pRUVwKa7nFaMg3oRTMkr9MoxFI6u2xDTcuVkiIVYPhFy4J1shV4vxoBywQo3DgvcVTvKchDO+U4UlGAxCm4UYLQd6PZ5YqXr2ynRkUkcGyzFqvT8=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <BDB3B98F-0110-1000-BF04-C47C59082EAB-Webmail-10019@xxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <3DA5E290-0110-1000-900C-96BDBEE59F9B-Webmail-10017@xxxxxxx> <5bb00b3f0702050429n6a80e0bcn3aec3aab16c62555@xxxxxxxxxxxxxx> <B85EB090-0110-1000-B26E-BC892DF8A8B8-Webmail-10009@xxxxxxx> <5bb00b3f0702050523o43a87ac5ydb575e8503c9a58e@xxxxxxxxxxxxxx> <BDB3B98F-0110-1000-BF04-C47C59082EAB-Webmail-10019@xxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
On 2/5/07, Daniel S. Reichenbach <daniel.s.reichenbach@xxxxxxx> wrote:
Hi again,

>Finally, it's hard to tell you how to get there if you don't know
>exactly where you wanna go.
I will give it another try. Been reading up on different network setups, and I
used the pictures provided on the Wiki and used them as a template to draw what
I am looking for.

This is it: http://www.marenkay.com/wp-content/uploads/misc/XEN/networks.png

What we have here, is my server, running Debian Etch, with XEN and dom0 on it.
It has three network interfaces:

 * eth0 is connected to a backup storage system.
 * eth1 is connected to my private network.
 * eth2 is the web connection and has a public IP address. Let's stick to the
   dummy IP used in my previous mail, currently using 192.168.192.33, as it's
   the address block my provider uses for the rack where my system is living.

I do want to run two guest systems on this server, one being dom1 which should
run a small HTTP server for hosting subversion, and related tools, the second
one being dom2, running a mail server.

My provider has assigned a small address block from 192.168.207.160 through
192.168.207.167, so it's a /29 network if I am not totally wrong. Now I am
supposed to use these IP addresses in order to host my services.

Thus I configured them as aliases for eth2. Now I would have to route to dom1
and dom2.

Does that make it understandable? And even more important, does that approach
make sense or is there a better solution for this?

It's getting clearer now.
Now, in your image, you need to add NICs for the domU systems. And
think about how to connect them to the outer world.

The simplest way is, create a bridge, and hook the vif connected to
dom0s eth2 in it: this is, vif0.2, I think - the first number stands
for the domain id, the second for the X in ethX of the interface in
this domain.
Imagine theres a virtual cross-cable between vif0.2 and eth2 (I am not
always exactly sure, why one cannot just connect eth2 to the bridge,
but it is that way).

That is done with some parameters in xend-config.sxp, I believe, but I
am not sure which one right now, by default the network-bridge script
will hook vif0.0(which is connected to eth0) to bridge xenbr0.

after that, when defining vif-script as the default vif-script, your
domU systems should automatically be hooked to the same bridge at
startup.
Assign the nics inside of the domU the ip addresses, and that should be it.

basically, your setup will be this one:
http://wiki.xensource.com/xenwiki/XenNetworking?highlight=%28networking%29#head-602e26cd4a03b992f3938fe1bea03fa0fea0ed8b
But you will have peth2, eth2, vif0.2 - and you have only one NIC on
dom1, but an additionaö dom2 with eth0 and vif2.0 connected to the
bridge. then you directly assign the IP Adresses from you block to the
eth0 NICs inside the domU systems.


If you want dom0 act as a firewall, you have to go for some other,
natted or routed setup. Then it gets a bit more complex, but as you
asked for the simple solution, this is bridging.

Henning

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users