[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Dummy ethernet device setup




Dear Dirk

As I saw out of your email, you are using debian, or a debian clone. Your setup that you propose to me is debian specific and mine is Fedora or Redhat specific. That's why I trying to separate the xen networking part in a single block, so that I have finally a platform independent solution, or at least a solution which is easy to adapt.
At the moment I am working with Fedora, but the productive environment can be on Redhat or Suse (hopefully not Suse). But when we go on with the virtualisation process, I have to work with sun solaris. If I do there a complete new type of setup it's not easy for my colleges to work with my setup. I myself know surely the differences, but the others ...

The next point is that I use cfengine. Cfengine is a tool for managing configuration files. You can use it for every linux distribution, bsd, solaris, hpux, aix... But before using cfengine, you have to standardize your setup of the servers. For more information check this site www.cfengine.org

That why I tried to bring up this discussion about a clean xen network setup.

And still the questions are, when to start the xen network, what to take out in the xend script, where to store the config files....

Thanks a lot for your inputs, Dirk.


bye Philipp

===============================================
Philipp Jäggi
SNCT Sandweiler
bp 23
L-5230 Sandweiler

mailto: philipp.jaeggi@xxxxxxx





"Dirk H. Schulz" <dirk.schulz@xxxxxxxxxxxxx>

03/14/2006 10:11 AM

To
Philipp Jäggi <philipp.jaggi@xxxxxxx>, xen-users@xxxxxxxxxxxxxxxxxxx
cc
Subject
Re: [Xen-users] Dummy ethernet device setup





Hello Philipp,

Philipp Jäggi schrieb:

>So, my question is about how to setup cleanly the bridges, the veth2. I
>don't want to create a shell script that makes all the necessary steps as
>I perform it in the shell. So where do I specify the bridge configuration,
>  
>
You can setup a bridge in /etc/network/interfaces (or wherever your
interfaces are described in your distro) like any other interface.

I have used that on my home firewall, e.g.:

> auto xen-br0
> iface xen-br0 inet static
>         address 192.168.137.254
> #       hwaddress ether 00:00:00:78:bd:01
>         netmask 255.255.255.0
>         network 192.168.137.0
>         broadcast 192.168.137.255
>         pre-up brctl addbr xen-br0
>         post-down brctl delbr xen-br0

Only assigning the MAC address to the bridge seems not to work,
everything else does. Of course you have to disable the
bridge-setup-script xen uses when starting. I did not bother to find out
if xen can be forced not to start a networking script at all, so I
simply added "exit 0" to the beginning of the bridged networking script
- that is quick and dirty and works.

>where do I store the veth2 config?
>
I would write that into the config file for the domX.

>My idea about is at the moment, to
>create a folder /etc/sysconfig/xen-nework, where I store the bridge
>information and the ifcfg-veth2. But for this I need a wrapper scripts
>that start all up cleanly, something like /etc/rc.d/init.d/xen-network. By
>my problem is, to find the right point in the XEN startup process, where I
>have to start the network.
>
That was the reason why I set up the bridge as interface with the base
system.

>Because Xen itself start also the network for
>eth0 and eth1. This I would like to take out of the /etc/rc.d/init.d/xend
>script and paste it into my xen-network script, so that finally everything
>that belongs to network is started in one block.
>
>I have to do this issues, because in a productive environment with just a
>couple of people working in the IT and high security requirements,
>configuration safety is everything.
>
Let's say, nowadays security is everything - everywhere.
But nevertheless: you could add the domUs to the bridge connected to the
physical interface and have a firewall on every domU (I use shorewall
for that kind of setup). Or have a firewall in dom0 and NAT the traffic
to the domUs. Or push the physical interface in a domU that is a
separate firewall of its own.

>That why the whole system will be
>administrated with the help of cfengine.
>
What is cfengine? What does it help concerning security? I am quite
interested in these things.

> As a result of this I have to
>separate and concernat everything in clean blocks of config files and
>startup scripts. To do this I requested a guide to clean xen network
>setup, where everything works after the bootsquence... :-)
>
>
>Hope you can still help me...
>  
>
We will see. :-) At least I can try. By the way, if we keep the
discussion on the list there will be more input from experienced people
- there are quite some people out there having solved the same problems.

Dirk

>  
>


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.