[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-users] Xen networking concepts
Hello, xen-users! I am fiddling with the Xen 2.0 and Xen 3.0 configuration in order to do a combined installation of a firewall system and a webserver on the same machine. Now I use a recent Xen 3.0 on top (or below, depending on how you think of it) a Debian Sarge 3.1r1. The idea is to have the following: - Dom0 connected with a single external IP routing everything to Dom1 - Dom1 with a firewall system and two virtual network cards - Dom2 the webserver behind the firewall with a single virtual network card I tried to use direct access but abandoned the idea because the system is colocated and has only one IP address. This brings me to my problem. I read the various networking threads a couple of times (including the ideal(istic) firewall thread). Somehow I cannot completely wrap my mind around Xen's networking concepts. I think I can work with two bridges and internal local networks where the Dom0 will do SNAT for outbound packets. The setup looks a bit like this (work in progress, just a quick sketch): http://web.luchs.at/information/media/xen_setup.png After starting the two domains and manually setting up the second bridge I get something like this on a test system: samuel:~# xm list Name ID Mem(MiB) VCPUs State Time(s) Domain-0 0 64 1 r----- 143.2 astaro 1 120 1 ------ 2838.8 webserver 2 48 1 -b---- 34.5 samuel:~# brctl show bridge name bridge id STP enabled interfaces xenbr0 8000.feffffffffff no peth0 vif0.0 vif1.0 xenbr1 8000.b67150095f2d no dummy0 vif1.1 vif2.0 samuel:~# vif1.0 and vif1.1 belong to the firewall, vif2.0 belongs to the webserver. I gathered from the threads that the interface names change when I restart the domains. What is the best practice to pin down interface names? How can I create xenbr1 automatically after Dom0 comes up? In the above listing dummy0 is out of place because right after the boot process, there are no domains running and therefore xenbr1 cannot be created with the vif interfaces. Do I need a dummy interface for every bridge that is used to connect domains? Another thing I noticed is that I have a lot of network devices that are unused. The system has 27 net devices, vif is numbered up to vif0.7 and I have veth devices up to veth7. Why is that? Xen 2.0 didn't create so many devices. What are they used for? Is this a kind of device pool? I hope my questions are not redundant. I spent days wading through the docs and the mailing list archives, I may have missed something due to growing confusion. Best regards, Lynx. -- "From the delicate strands, between minds we weave our mesh: a blanket to warm the soul." --- Lady Deirdre Skye (SMAC) --- _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |