[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Xen with 'Routing' scripts

Am Freitag, den 15.04.2005, 09:20 +0200 schrieb Roland Paterson-Jones: 
> Hi
> I had a brief look at the routing scripts in /etc/xen/scripts. 
> Essentially the main script turns on ip forwarding in dom-0, and the 
> dom-U vif script seems to configure a address for each vif 
> (auto-configure address, I think), then enable proxy ARP on the vif.
> Some questions: How do remote machines pick up routing information for 
> the dom-U's? Do I have to run a routing protocol in dom-0 (maybe with 
> zebra) so that remote machines can 'see' the dom-U's?

Depends on network configuration: If you use bridging or proxy-arp or
NAT that's not necessary. If not, routes can be configured statically
into remote machines or dynamically via routing protocals like RIP or

This is not a Xen-specific question, look around for networking howtos.

> Could someone maybe explain the details of the ifconfig <vif> 
> ... 

>From RFC 3330 <http://www.faqs.org/rfcs/rfc3330.html>: - This is the "link local" block.  It is allocated for 
  communication between hosts on a single link.  Hosts obtain these
  addresses by auto-configuration, such as when a DHCP server may not
  be found.

You may use random IPs in this range as a poor backup alternative to 
dhcp. MS Windows and many devices like printers use such IPs if they
cannot find a dhcp server.

> and what the proxy ARP stuff does?

It kinda "pseudo-bridging". For example if your domU and your dom0 shall
use ips within the same IP prefix (say, and another
physical host is acting as default gateway (lets say dom0=,
domU=, gw=, there are (at least) four

* DNAT all domU-services on dom0

    iptables -t nat -A PREROUTING -j DNAT -d \
       --dport 80 --to-destination

* hostroutes for domU 

    gw#   ip route add via
    dom0# ip route add dev vif1.0

* bridging

* proxy-arp: When gw tries to send an IP packet to domU it thinks domU
  is link-local, so it tries to resolve to a MAC address by
  ARP-request. But that ARP-request can never reach domU (it's not
  bridged). Now 

    ip route add dev vif1.0
    sysctl -w net.ipv4.conf.eth0.proxy_arp=1

  (or has it to be "net.ipv4.conf.vif1.0.proxy_arp"?) tells dom0 to
  reply to that ARP-request with dom0's MAC-address on behalf of domU.

  A better way to do proxyarp are static arp entries:

So the xen-script ips plus proxyarp on vif* is probably
for automagical inter-domU-communication.


Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.