|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] Ideal(istic) Xen firewall design
> This setup works extremely well for my purposes. > I have, however, noticed network performance issues when scp'ing from dom0 > to a client in the local 'Green Zone'. > Rather than the 4MB/s I'd expect (PIIX4 ata33 IDE with software raid), I'm > only getting 1.4MB/s :( (screen shots here: > http://marcusbrutus.cust.internode.on.net/Computers/C3-1 ) Oh dear! What CPU setup do you have here? > I appreciate there's a lot more calculation going on, but still ... Context switches are likely to be the killer when using driver domains. Tell me: do you have any numbers for a domU to "real world" setup with a "vanilla" Xen config? How did that perform? Cheers, Mark > >Mike Tierney schrieb: > >>>> But it is still tempting to just do away with the seperate firewall vm > >>>> and > >>>> do all the firewalling in Dom0! > > With this in mind, I might be prepared to change my setup to something like > this: > > OPTION C-v3.2 > ============= > Internet > > eth1 > > ________________________________________|__________________________________ >________ > > | > | ________________________________|___________________________ > |_______ | > | > | | Firewall > | | | | (dom1) > | | |=======|= eth2 DMZ > | | ____________________________________________________ > | |_____________| | (optional) > | > | eth3 eth4 eth5 > | | > | > | | ________________ | ______________ | > | | _______________ | > | | > | | | Proxy Server | | | Web Server | | | > | | | iPaq Server | | (domU1) | | | > | | | (domU2) | | | (dom2) |========|= > | | | USB Host #1 ______________| | > | | | |____________| | |_____________| | > | | | (for BT Dongle) > | | > | | / | / | / > | | | ( and cradle ) / > | | | / _______________ | / > | | | / |/ | Mail Server | > | | |/ | > | | > | | | | (domU3) | | > | | | | | > | | | | _____________| | > | | | | | > | | | > | | | / | > | | | | / > | | | | > | | | | / > | | | | > | | | | > | > | xen-br0 br1 br1 > | | > | > | | ! ! > | | | > | | _________________________________________________ > | |____________ | > | > | \ | > | | | > > Local eth0 =|============+| dom0 > | | > > |_____________|_______________________________________________ > |____________|_______| > > However, as the bandwidth throughput issue would still remain for all the > other domains, I'm not sure if there's a real benefit. > I have a burner in this machine, with the hopes of using it for domain > filesystem backups in the future. > > Can I assume that this performance would be improved dramatically using a > MP machine (or HT) ? > > Are there other ways of improving this performance? > > Appreciate your advice. > > Marcus. > > > _______________________________________________ > Xen-users mailing list > Xen-users@xxxxxxxxxxxxxxxxxxx > http://lists.xensource.com/xen-users _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |