Re: [Xen-users] Networking with xen

[Luke S Crawford <lsc@xxxxxxxxx>]

"Quezada, Pedro" <PedroQ@xxxxxxxxxx> writes:

> is there a possibilTy to conneCt doms toguether and for a spanning tree loop.

Well, if you setup two bridges, sure.  Or if you give a Domu 2 vifs and 
bridge them in the DomU. 

It's not possible in the default setup, where you only have one bridge and 
one vif in each DomU

But if you really want the "don't let me shoot myself in the foot" level of
handholding, you really shouldn't be using Open Source.  talk to Citrix
about the commercial version of Xen, or if performance isn't critical and/or
you are largely a windows shop, talk to VMware.  

> The network capabilities of xen can really cause concerns to the network 
> admins...
> 
> I mean this product not used well can bypass all security in a network...

You need to think of your xen bridge as a switch.   From the network
admin perspective,  you are simply plugging in another switch and any
number of servers behind that switch.   The exact same security concerns apply.
I don't see how this bypasses all security on a network.  

It does mean that the Dom0 administrators are administering a switch;  if you
plug more than one network into the Dom0, you have the same problems you have
when you plug more than one network into any other server (that is, someone
with root on the server in question can create bridges/tunnels between those
two tunnels if they want)  



_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users