This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


RE: [Xen-users] Isolated network

To: "Florian Manschwetus" <florianmanschwetus@xxxxxx>, <Xen-users@xxxxxxxxxxxxxxxxxxx>
Subject: RE: [Xen-users] Isolated network
From: "Jonathan Tripathy" <jonnyt@xxxxxxxxxxx>
Date: Fri, 4 Jun 2010 16:04:50 +0100
Delivery-date: Fri, 04 Jun 2010 08:08:16 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <46C13AA90DB8844DAB79680243857F0F062012@xxxxxxxxxxxxxxxxxxx> <4C08F9AA.1080304@xxxxxx> <46C13AA90DB8844DAB79680243857F0F06201A@xxxxxxxxxxxxxxxxxxx> <4C09135F.4070501@xxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AcsD9a28MaE7Q1yGThizEhhZLuhcbQAAZoLF
Thread-topic: [Xen-users] Isolated network


From: Florian Manschwetus [mailto:florianmanschwetus@xxxxxx]
Sent: Fri 04/06/2010 15:53
To: Jonathan Tripathy
Cc: Xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] Isolated network

> Hi There,
> Sorry, I think I worded my post wrong. What I meant was is there a way
> to make sure that the DomUs can't access the Dom0, i.e. so they are on
> an isolated network. By default in virt-manager, the Dom0 gets attached
> to each bridge created...
> Also, what additional features does opensolaris support?
> Thanks
Depending where and how your guest disks are stored, you would have zfs
for that. At least your dom0 would benefit from zfs (bootenvironments
and frequent snapshotting of all data).
Really easy handling of vlans, bridges and other networking stuff.
(e.g. to configure a nic, you have to plumb it to the system, but you
can use an unplumbed nic for a bridge (what would address your current
No idea so far how well it integrate that all with virt-manager

For udom or smarter dom0 you can use zones.

At all, I would say, you should have a closer look (read a bit at
opensolaris.org) and try it for your own if you are interested.

I have a productive xen running with two osolb134 dom0s with x64-linux,
-windows and -opensolaris as guests.


My main question is though, is that since all bridge are actually located in the Dom0, what is the best way to stop DomUs from access Dom0? Should I just make a "bridge firewall" at the bridge?

Xen-users mailing list
<Prev in Thread] Current Thread [Next in Thread>