[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Dummy ethernet device setup

To: "Dirk H. Schulz" <dirk.schulz@xxxxxxxxxxxxx>
From: Philipp Jäggi <philipp.jaggi@xxxxxxx>
Date: Tue, 14 Mar 2006 11:11:43 +0100
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Tue, 14 Mar 2006 11:57:38 +0000
List-id: Xen user discussion <xen-users.lists.xensource.com>

Dear Dirk

As I saw out of your email, you are using debian, or a debian clone. Your setup that you propose to me is debian specific and mine is Fedora or Redhat specific. That's why I trying to separate the xen networking part in a single block, so that I have finally a platform independent solution, or at least a solution which is easy to adapt.
At the moment I am working with Fedora, but the productive environment can be on Redhat or Suse (hopefully not Suse). But when we go on with the virtualisation process, I have to work with sun solaris. If I do there a complete new type of setup it's not easy for my colleges to work with my setup. I myself know surely the differences, but the others ...

The next point is that I use cfengine. Cfengine is a tool for managing configuration files. You can use it for every linux distribution, bsd, solaris, hpux, aix... But before using cfengine, you have to standardize your setup of the servers. For more information check this site www.cfengine.org

That why I tried to bring up this discussion about a clean xen network setup.

And still the questions are, when to start the xen network, what to take out in the xend script, where to store the config files....

Thanks a lot for your inputs, Dirk.

bye Philipp

===============================================
Philipp Jäggi
SNCT Sandweiler
bp 23
L-5230 Sandweiler

mailto: philipp.jaeggi@xxxxxxx

"Dirk H. Schulz" <dirk.schulz@xxxxxxxxxxxxx>

03/14/2006 10:11 AM

To	Philipp Jäggi <philipp.jaggi@xxxxxxx>, xen-users@xxxxxxxxxxxxxxxxxxx
cc
Subject	Re: [Xen-users] Dummy ethernet device setup

Hello Philipp, Philipp Jäggi schrieb: >So, my question is about how to setup cleanly the bridges, the veth2. I >don't want to create a shell script that makes all the necessary steps as >I perform it in the shell. So where do I specify the bridge configuration, > > You can setup a bridge in /etc/network/interfaces (or wherever your interfaces are described in your distro) like any other interface. I have used that on my home firewall, e.g.: > auto xen-br0 > iface xen-br0 inet static > address 192.168.137.254 > # hwaddress ether 00:00:00:78:bd:01 > netmask 255.255.255.0 > network 192.168.137.0 > broadcast 192.168.137.255 > pre-up brctl addbr xen-br0 > post-down brctl delbr xen-br0 Only assigning the MAC address to the bridge seems not to work, everything else does. Of course you have to disable the bridge-setup-script xen uses when starting. I did not bother to find out if xen can be forced not to start a networking script at all, so I simply added "exit 0" to the beginning of the bridged networking script - that is quick and dirty and works. >where do I store the veth2 config? > I would write that into the config file for the domX. >My idea about is at the moment, to >create a folder /etc/sysconfig/xen-nework, where I store the bridge >information and the ifcfg-veth2. But for this I need a wrapper scripts >that start all up cleanly, something like /etc/rc.d/init.d/xen-network. By >my problem is, to find the right point in the XEN startup process, where I >have to start the network. > That was the reason why I set up the bridge as interface with the base system. >Because Xen itself start also the network for >eth0 and eth1. This I would like to take out of the /etc/rc.d/init.d/xend >script and paste it into my xen-network script, so that finally everything >that belongs to network is started in one block. > >I have to do this issues, because in a productive environment with just a >couple of people working in the IT and high security requirements, >configuration safety is everything. > Let's say, nowadays security is everything - everywhere. But nevertheless: you could add the domUs to the bridge connected to the physical interface and have a firewall on every domU (I use shorewall for that kind of setup). Or have a firewall in dom0 and NAT the traffic to the domUs. Or push the physical interface in a domU that is a separate firewall of its own. >That why the whole system will be >administrated with the help of cfengine. > What is cfengine? What does it help concerning security? I am quite interested in these things. > As a result of this I have to >separate and concernat everything in clean blocks of config files and >startup scripts. To do this I requested a guide to clean xen network >setup, where everything works after the bootsquence... :-) > > >Hope you can still help me... > > We will see. :-) At least I can try. By the way, if we keep the discussion on the list there will be more input from experienced people - there are quite some people out there having solved the same problems. Dirk > >

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

References:
- Re: [Xen-users] Dummy ethernet device setup
  - From: Dirk H. Schulz

Prev by Date: Re: [Xen-users] Xen 3.0 on OpenSUSE 10.0
Next by Date: [Xen-users] Network Problem in domU under OpenSUSE 10.0
Previous by thread: Re: [Xen-users] Dummy ethernet device setup
Next by thread: [Xen-users] RE: RE: domU lvm and resizing
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.