WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] iptables and ipvsadm in domU

On Tue, 2007-05-01 at 16:33 -0700, Fong Vang wrote:
> The documentation for Xen mentions that iptables in dom0 may affect
> domUs.  If iptables and ipvsadm is heavily used in a domU, how does
> this impact dom0?
> 
> In my particular case, I want both dom0 and ONE domU (FW_domu) to be
> visible to the external network (eth1).  There will be several other
> domU's that will be behind FW_domU).   
> 
> as far as the domUs are concerned, this is the layout.
> 
>        FW_domU
>           |
>        LB_domU
>           |
>     +-----+--+--------+
>     |        |        | 
>     domU1    domU2   domU3

I would combine the FW and LB. If this is just http/https load balancing
try pound first, http://apsis.ch/pound/ . You will end up with far less
moving parts that can break. Since this is all on one physical server,
anyway, there isn't much sense in breaking them up. 

I'm not saying what you sketched won't work though. With only 3 nodes
you shouldn't run into too much spaghetti. Odd breakage happens more
when you have more nodes, and more NATing around the LB directly to the
guests.

Were you going to use a popular FW helper like Shorewall, or put
something together yourself? Did you figure on using two bridges?

> what's the best way to set this up.  LB_domU runs LVS (ipvsadm).  Is
> this configuration even supported in Xen.

Sure, as long as there is modular support for everything you want to do
(and corresponding modules to load) on the dom-u for iptables, its no
different than anything else for most purposes.

Good luck :)
--Tim


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

<Prev in Thread] Current Thread [Next in Thread>