[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH] Vnet documentation

Patch adding a vnet chapter to the xen user maual.

# HG changeset patch
# User mjw@xxxxxxxxxxxxxxxxxxx
# Node ID a6ef0eb9dfd77a84616896e7149a4c9aad5cc84c
# Parent  fab07e0704f9293934fcfefc66536644a21267d7
Add a vnet chapter.

Signed-off-by: Mike Wray <mike.wray@xxxxxx>

diff -r fab07e0704f9 -r a6ef0eb9dfd7 docs/src/user.tex
--- a/docs/src/user.tex Thu Feb  9 14:10:29 2006
+++ b/docs/src/user.tex Thu Feb  9 14:26:22 2006
@@ -2099,6 +2099,155 @@
 \subsection{Save/Restore and Migration}
 VMX guests currently cannot be saved and restored, nor migrated. These 
features are currently under active development.
+\chapter{Vnets - Domain Virtual Networking}
+Xen optionally supports virtual networking for domains using {\em vnets}.
+These emulate private LANs that domains can use. Domains on the same
+vnet can be hosted on the same machine or on separate machines, and the
+vnets remain connected if domains are migrated. Ethernet traffic 
+on a vnet is tunneled inside IP packets on the physical network. A vnet is a 
+network and addressing within it need have no relation to addressing on 
+the underlying physical network. Separate vnets, or vnets and the physical 
+can be connected using domains with more than one network interface and
+enabling IP forwarding or bridging in the usual way.
+Vnet support is included in \texttt{xm} and \xend:
+# xm vnet-create <config>
+creates a vnet using the configuration in the file \verb|<config>|.
+When a vnet is created its configuration is stored by \xend and the vnet 
persists until it is
+deleted using
+# xm vnet-delete <vnetid>
+The vnets \xend knows about are listed by
+# xm vnet-list
+More vnet management commands are available using the
+\texttt{vn} tool included in the vnet distribution.
+The format of a vnet configuration file is
+(vnet (id       <vnetid>)
+      (bridge   <bridge>)
+      (vnetif   <vnet interface>)
+      (security <level>))
+White space is not significant. The parameters are:
+  \item \verb|<vnetid>|: vnet id, the 128-bit vnet identifier. This can be 
+    as 8 4-digit hex numbers separated by colons, or in short form as a single 
4-digit hex number.
+    The short form is the same as the long form with the first 7 fields zero.
+    Vnet ids must be non-zero and id 1 is reserved.
+  \item \verb|<bridge>|: the name of a bridge interface to create for the 
vnet. Domains
+    are connected to the vnet by connecting their virtual interfaces to the 
+    Bridge names are limited to 14 characters by the kernel.
+  \item \verb|<vnetif>|: the name of the virtual interface onto the vnet 
(optional). The
+    interface encapsulates and decapsulates vnet traffic for the network and 
is attached
+    to the vnet bridge. Interface names are limited to 14 characters by the 
+  \item \verb|<level>|: security level for the vnet (optional). The level may 
be one of 
+      \begin{itemize}
+        \item \verb|none|: no security (default). Vnet traffic is in clear on 
the network.
+        \item \verb|auth|: authentication. Vnet traffic is authenticated using 
+           ESP with hmac96.
+        \item \verb|conf|: confidentiality. Vnet traffic is authenticated and 
+           using IPSEC ESP with hmac96 and AES-128.
+      \end{itemize}
+      Authentication and confidentiality are experimental and use hard-wired 
keys at present.
+When a vnet is created its configuration is stored by \xend and the vnet 
persists until it is
+deleted using \texttt{xm vnet-delete <vnetid>}. The interfaces and bridges 
used by vnets
+are visible in the output of \texttt{ifconfig} and \texttt{brctl show}.
+If the file \path{vnet97.sxp} contains
+(vnet (id 97) (bridge vnet97) (vnetif vnif97)
+      (security none))
+Then \texttt{xm vnet-create vnet97.sxp} will define a vnet with id 97 and no 
+The bridge for the vnet is called vnet97 and the virtual interface for it is 
+To add an interface on a domain to this vnet set its bridge to vnet97
+in its configuration. In Python:
+In sxp:
+(dev (vif (mac aa:00:00:01:02:03) (bridge vnet97)))
+Once the domain is started you should see its interface in the output of 
\texttt{brctl show}
+under the ports for \texttt{vnet97}.
+To get best performance it is a good idea to reduce the MTU of a domain's 
+onto a vnet to 1400. For example using \texttt{ifconfig eth0 mtu 1400} or 
+\texttt{MTU=1400} in \texttt{ifcfg-eth0}.
+You may also have to change or remove cached config files for eth0 under
+\texttt{/etc/sysconfig/networking}. Vnets work anyway, but performance can be 
+by IP fragmentation caused by the vnet encapsulation exceeding the hardware 
+\section{Installing vnet support}
+Vnets are implemented using a kernel module, which needs to be loaded before
+they can be used. You can either do this manually before starting \xend, using 
+command \texttt{vn insmod}, or configure \xend to use the \path{network-vnet}
+script in the xend configuration file \texttt{/etc/xend/xend-config.sxp}:
+(network-script        network-vnet)
+This script insmods the module and calls the \path{network-bridge} script.
+The vnet code is not compiled and installed by default.
+To compile the code and install on the current system
+use \texttt{make install} in the root of the vnet source tree,
+\path{tools/vnet}. It is also possible to install to an installation
+directory using \texttt{make dist}. See the \path{Makefile} in
+the source for details.
+The vnet module creates vnet interfaces \texttt{vnif0002},
+\texttt{vnif0003} and \texttt{vnif0004} by default. You can test that
+vnets are working by configuring IP addresses on these interfaces
+and trying to ping them across the network. For example, using machines
+hostA and hostB:
+hostA# ifconfig vnif0004 up
+hostB# ifconfig vnif0004 up
+hostB# ping
+The vnet implementation uses IP multicast to discover vnet interfaces, so
+all machines hosting vnets must be reachable by multicast. Network switches
+are often configured not to forward multicast packets, so this often
+means that all machines using a vnet must be on the same LAN segment,
+unless you configure vnet forwarding.
+You can test multicast coverage by pinging the vnet multicast address:
+# ping -b
+You should see replies from all machines with the vnet module running.
+You can see if vnet packets are being sent or received by dumping traffic
+on the vnet UDP port:
+# tcpdump udp port 1798
+If multicast is not being forwaded between machines you can configure
+multicast forwarding using vn. Suppose we have machines hostA on
+and hostB on and that multicast is not forwarded between them.
+We use vn to configure each machine to forward to the other:
+hostA# vn peer-add hostB
+hostB# vn peer-add hostA
+Multicast forwarding needs to be used carefully - you must avoid creating 
+loops. Typically only one machine on a subnet needs to be configured to 
+as it will forward multicasts received from other machines on the subnet.
 %% Chapter Glossary of Terms moved to glossary.tex
 \chapter{Glossary of Terms}
Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.