Xen project Mailing List

On 12/30/05, Fernando Maior <fernando.souto.maior@xxxxxxxxx> wrote:

On 12/30/05, Anand <xen.mails@xxxxxxxxx> wrote:
> Dear Andy,
>
> Thanks for all the help. I will try it out.
>
>
> On 12/30/05, Andy Smith < andy@xxxxxxxxxxxxxx> wrote:
> >
> > On Fri, Dec 30, 2005 at 08:23:42PM +0530, Anand wrote:
> > >
> > >    Dear Andy,
> > >    Thanks for the reply.
> > >    >As you noted the vif name will change every time a domain is
> > >    >restarted.  In Xen 2.x you can use the vifname config directive to
> > >    >hardcode vif names per domain.  You can also do this in 3.0 if you
> > >    >use a snapshot of -unstable that has this functionality (apologies,
> > >    >I do not know exactly when it was (re)added).
> > >    Thanks, thats indeed excellent news. May i ask is the snapshot stable
> > >    enough to use on the production box (sorry if it sounds a stupid
> > >    question to you). I am using 3.0 stable rpm from xensource on centos
> > >    4.1 right now.
> >
> > I can't advise on this I'm afraid as I'm not using it heavily in
> > production.
> >
> > It works nicely in the latest 2.x which is what I'm running in
> > production.
> >
> > >    >You can measure the bandwidth use of the vif interfaces in dom0,
> > >    >either by parsing /proc/net/devices periodically or by polling SNMP.
> > >    This will give the problem of the vifname changing everytime and
> hence
> > >    loosing track of the vif to whom the bandwidth should be accounted
> to.
> >
> > Yes you do need to use vifname for this to work.
> >
> > >    >Finally you could also use iptables in dom0 and the physdev module
> > >    >to add rules for traffic going in/out particular vifs, and poll its
> > >    >counters to measure bandwidth.
> > >    Is it possible for you to direct me to some examples ? It will really
> > >    help.
> >
> > This too requires static vif names.  Off the top of my head:
> >
> > iptables -N accounting_in
> > iptables -N accounting_out
> >
> > iptables -A FORWARD -m physdev --physdev-out vif+ -j accounting_in
> > iptables -A FORWARD -m physdev --physdev-in  vif+ -j accounting_out
> >
> > iptables -A accounting_in  -m physdev --physdev-out vif-foo+ -j RETURN
> > iptables -A accounting_out -m physdev --physdev-in  vif-foo+ -j RETURN
> >
> > The above iptables commands check all forwarded traffic to see if it
> > came from/to a vif, if they do they are checked to see if they
> > specifically went through an interface name matching "vif-foo*".
> > You can then use
> >
> > iptables -v --list accounting_in
> > iptables -v --list accounting_out
> >
> > to view the packet and byte counters for those tables.
> >
> > Note this matches only IP traffic.  You'll need to use ip6tables to
> > match IPv6.
> >
> > Without static vif names you could add rules to the bridge interface
> > and try to match only things going to or coming from the IP
> > addresses that you have assigned but that seems even more hackish to
> > me..
> >
> >
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.1 (GNU/Linux)
> >
> >
> iD8DBQFDtU7SIJm2TL8VSQsRAtBrAKDW6fAWiPi3DoMD3hG2375VEBoONQCgpTvA
> > poJ7lh1XIbW7dwT/PhuLqh0=
> > =xw9q
> > -----END PGP SIGNATURE-----
> >
> >
> > _______________________________________________
> > Xen-users mailing list
> > Xen-users@xxxxxxxxxxxxxxxxxxx
> > http://lists.xensource.com/xen-users
> >
> >
>
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-users
>
>

Anand,

You can tweak /etc/xen/scripts/vif-bridges in order to include the
iptables {add|delete} rules when the domain is started/shutdown.

--
Bye,
Fernando Maior
LPIC/1(31908)
LinuxCounter(391325)

Re: [Xen-users] Re: problems with xen installation