Here's what I do:
1) Set up tagged VLAN interface and bring all VLANs in on single interface or on trunk (bond0).
2) Set up VLAN interfaces in dom0. In RH-type distributions this will be something like eth0.1, eth0.2, etc., or bond0.1, bond0.2, etc. In SuSE-type distros, they are vlan1, vlan2, etc.
3) Set up bridges for each of the VLANs. So, if I have vlan1 and vlan2, I set up xenbr1 and xenbr2 as bridges where xenbr1 has vlan1 as a bridge member and xenbr2 has vlan2 as a bridge member. Also, if you want dom0 to have an IP address assigned on any of the VLANs, assign it on the bridge for the VLAN and not the VLAN interface itself.
4) Configure my domUs with bridge=xenbr1 for VLAN1, bridge=xenbr2 for VLAN2, etc.
I've pretty well settled on this as a standard and it works fairly well - it provides a consistent setup on all of my XEN servers so that moving domUs between them works w/o having to reconfigure.
-Nick
>>> On Wed, Jun 4, 2008 at 12:55 PM, "James Alspach" <jalspach@xxxxxxxxxxxxx> wrote:
We are in the process of setting up a few Xensource servers whose initial function will be to run Exchange 2007. As part of this (and for future VM’s) I need to be able to provide access to various VLANS to the various DOM’s.
In theory this sounds fairly straight forward: DOM0 gets a PIF for each VLAN. This PIF connects to a VLAN specific bridge and then, for each DOM that needs one, a VIF is created and connected to the bridge.
If so, my question is how to specify the VLAN for a PIF. I can list it but I am not able to set it since it is read only.
How do virtual networks fit into the above and how is a virtual network different from a virtual bridge?
Any help or pointers to information are greatly appreciated.
This e-mail may contain confidential and privileged material for the sole use of the intended recipient. If this email is not intended for you, or you are not responsible for the delivery of this message to the intended recipient, please note that this message may contain SEAKR Engineering (SEAKR) Privileged/Proprietary Information. In such a case, you are strictly prohibited from downloading, photocopying, distributing or otherwise using this message, its contents or attachments in any way. If you have received this message in error, please notify us immediately by replying to this e-mail and delete the message from your mailbox. Information contained in this message that does not relate to the business of SEAKR is neither endorsed by nor attributable to SEAKR.
|