[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-users] Xen networking concepts



Hello, xen-users!

I am fiddling with the Xen 2.0 and Xen 3.0 configuration in order to do
a combined installation of a firewall system and a webserver on the same
machine. Now I use a recent Xen 3.0 on top (or below, depending on how
you think of it) a Debian Sarge 3.1r1. The idea is to have the
following:

 - Dom0 connected with a single external IP routing everything to Dom1
 - Dom1 with a firewall system and two virtual network cards
 - Dom2 the webserver behind the firewall with a single virtual network
   card

I tried to use direct access but abandoned the idea because the system
is colocated and has only one IP address. This brings me to my problem.
I read the various networking threads a couple of times (including the
ideal(istic) firewall thread). Somehow I cannot completely wrap my mind
around Xen's networking concepts. I think I can work with two bridges
and internal local networks where the Dom0 will do SNAT for outbound
packets. The setup looks a bit like this (work in progress, just a quick
sketch):

http://web.luchs.at/information/media/xen_setup.png

After starting the two domains and manually setting up the second bridge
I get something like this on a test system:

samuel:~# xm list
Name                              ID Mem(MiB) VCPUs State  Time(s)
Domain-0                           0       64     1 r-----   143.2
astaro                             1      120     1 ------  2838.8
webserver                          2       48     1 -b----    34.5
samuel:~# brctl show
bridge name     bridge id               STP enabled     interfaces
xenbr0          8000.feffffffffff       no              peth0
                                                        vif0.0
                                                        vif1.0
xenbr1          8000.b67150095f2d       no              dummy0
                                                        vif1.1
                                                        vif2.0
samuel:~# 

vif1.0 and vif1.1 belong to the firewall, vif2.0 belongs to the
webserver. I gathered from the threads that the interface names change
when I restart the domains. What is the best practice to pin down
interface names?

How can I create xenbr1 automatically after Dom0 comes up? In the above
listing dummy0 is out of place because right after the boot process,
there are no domains running and therefore xenbr1 cannot be created with
the vif interfaces. Do I need a dummy interface for every bridge that is
used to connect domains?

Another thing I noticed is that I have a lot of network devices that are
unused. The system has 27 net devices, vif is numbered up to vif0.7 and
I have veth devices up to veth7. Why is that? Xen 2.0 didn't create so
many devices. What are they used for? Is this a kind of device pool?

I hope my questions are not redundant. I spent days wading through the
docs and the mailing list archives, I may have missed something due to
growing confusion.

Best regards,
Lynx.

-- 
"From the delicate strands,
 between minds we weave our mesh:
 a blanket to warm the soul."
 --- Lady Deirdre Skye (SMAC) ---


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.