[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-users] Xen and Private Networking

Hey, I just wrote (well, modified network-bridge) a script to set up
private networking.  Not sure if anyone else is interested, but it would
be nice if this was added into xen.

It is very similar to network-bridge, except it doesn't add peth0 onto
the bridge.  That is, a bridge is set up and all the vifs get added.  In
dom0, we just configure veth0 with an ip address and add vif0.0 to the
bridge.

It works great using network-private and vif-bridge, you get a private
network so the domUs and dom0 can communicate with each other, but with
no one else (well, depends on config in dom0...).

Also, this could replace both network-nat and network-route.  After
using network-private, it is just a standard 2-card router setup with
eth0 outside and veth0 inside.  Shorewall or ipmasq or raw iptables
commands, or any standard tool can easily be set up.  No need to do all
that kind of stuff from inside the xen scripts.

John

#!/bin/sh
#============================================================================
# Xend calls a network script when it starts.
# The script name to use is defined in /etc/xen/xend-config.sxp
# in the network-script field.
#
# This script creates a bridge (default xenbr${vifnum}) and adds a virtual
# device veth${vifnum} to it.  It uses a private network address on
# the virtual device (default 192.168.0.1/24).
# 
# Usage:
#
# network-private (start|stop|status) {VAR=VAL}*
#
# Vars:
#
# vifnum     Virtual device number to use (default 0). Numbers >=8
#            require the netback driver to have nloopbacks set to a
#            higher value than its default of 8.
# bridge     The bridge to use (default xenbr${vifnum}).
# addr       Local address to assign (default 192.168.0.1/24)
# mac        The mac address to assign to veth${vifnum} (default
#            random mac)
#
# Internal Vars:
# vif0="vif0.${vifnum}"
# vdev="veth${vifnum}"
#
# start:
# Creates the bridge
# Configures vdev
# Adds vdev to bridge
#
# stop:
# Removes vdev from bridge
# Stops vdev
# Deletes bridge
#
# status:
# Print addresses, interfaces, routes
#
#============================================================================


dir=$(dirname "$0")
. "$dir/xen-script-common.sh"
. "$dir/xen-network-common.sh"

findCommand "$@"
evalVariables "$@"

vifnum=${vifnum:-0}
bridge=${bridge:-xenbr${vifnum}}
addr=${addr:-192.168.0.1/24}
mac=${mac:-$(awk 'BEGIN { printf "00:16:3e:%02x:%02x:%02x", int(rand()*127), 
int(rand()*255), int(rand()*255); }')}

vdev="veth${vifnum}"
vif0="vif0.${vifnum}"

##
# link_exists interface
#
# Returns 0 if the interface named exists (whether up or down), 1 otherwise.
#
link_exists()
{
    if ip link show "$1" >/dev/null 2>/dev/null
    then
        return 0
    else
        return 1
    fi
}

# Usage: show_status dev bridge
# Print ifconfig and routes.
show_status () {
    local dev=$1
    local bridge=$2
    
    echo '============================================================'
    ip addr show ${dev}
    ip addr show ${bridge}
    echo ' '
    brctl show ${bridge}
    echo ' '
    ip route list
    echo ' '
    route -n
    echo '============================================================'
}

op_start () {
    if [ "${bridge}" = "null" ] ; then
        return
    fi

    if ! link_exists "$vdev"; then
            echo "
Link $vdev is missing.
This may be because you have reached the limit of the number of interfaces
that the loopback driver supports.  If the loopback driver is a module, you
may raise this limit by passing it as a parameter (nloopbacks=<N>); if the
driver is compiled statically into the kernel, then you may set the parameter
using loopback.nloopbacks=<N> on the domain 0 kernel command line.
" >&2
            exit 1
    fi

    create_bridge ${bridge}

    setup_bridge_port ${vif0}

    ip link set ${bridge} up
    add_to_bridge  ${bridge} ${vif0}

    ip addr flush $vdev
    ip addr add $addr dev $vdev
    ip link set dev $vdev address $mac arp on
    ip link set dev $vdev up
}

op_stop () {
    if [ "${bridge}" = "null" ]; then
        return
    fi
    if ! link_exists "$bridge"; then
        return
    fi

    brctl delif ${bridge} ${vif0}
    ip link set ${bridge} down
    brctl delbr ${bridge}

    ip link set $vdev down
}

case "$command" in
    start)
        op_start
        ;;
    
    stop)
        op_stop
        ;;

    status)
        show_status ${netdev} ${bridge}
        ;;

    *)
        echo "Unknown command: $command" >&2
        echo 'Valid commands are: start, stop, status' >&2
        exit 1
esac

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.