[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: RE: [Xen-users] VLAN and BRIDGE HELP


  • To: "augusto lopes" <nhanonme@xxxxxxxxxxxx>
  • From: "James Alspach" <jalspach@xxxxxxxxxxxxx>
  • Date: Mon, 9 Jun 2008 13:29:15 -0700
  • Cc: xen-users@xxxxxxxxxxxxxxxxxxx
  • Delivery-date: Mon, 09 Jun 2008 13:30:04 -0700
  • List-id: Xen user discussion <xen-users.lists.xensource.com>
  • Thread-index: AcjKTEg9Ihxg73jMRAafxBuOWqzVswADq2qg
  • Thread-topic: RE: [Xen-users] VLAN and BRIDGE HELP

While I am still in the process of working through this here are the steps I am taking to set up each machine.

1)       Since each of my servers have multiple NIC ports I bond them together (see page 34 of the Administrators Guide) first. This is best down from the physical server and not via the remote console.  If you do it remotely you will then have to reconfigure the management port before the next step.  I think it is cleaner if you do not have to do that.

a.        Shutdown all VM’s (this is easy since I am pretty much a new installation)

                                                               i.      xe vm-list

                                                             ii.      xe vm-shutdown uuid=

b.       Create the network (this is like a virtual switch), write down the first part of the UUID that is returned after this command since the next step may cause it to scroll off the page

                                                               i.      xe network-create name-label=bond0

c.       Create the actual bond (keep track of the uuid of this bond since it will be used in step 2)

                                                               i.      xe pif-list

                                                             ii.      xe bond-create network-uuid=<UUID from above> pif-uuids=<UUID if the first interface from the last step>,<UUID if the second interface from the last step>

d.       Reconfigure the IP address info.  I do not use DHCP for my servers so I make this static.  Also, I do not know for sure how to enter multiple DNS servers. You may just separate them with a comma but I have not tested that yet. Finally, the case seems to be important here.  I noticed it on the DNS keyword.  If it is lowercase it does not seem to work.

                                                               i.      xe pif-reconfigure-ip uuid=<UUID of the bond created above> mode=static gateway=<GATEWAY> IP=<IP ADDRESS> netmask=<NETMASK> DNS=<DNS SERVER ADDRESS>

2)       Next for the VLAN work (see page 33 of the Administrators Guide).  First, of course, each NIC port must be on a trunked switch port. IN our case, we forced the port encapsulation to dot1q and the mode to trunk with a native VLAN of 1. We did this using ranges so that we know everything is configured the same. I am not sure if allowing the ports to negotiate the encapsulation or making the trunk mode dynamic would have worked but, we were not taking any chances. This way we had two fewer things to troubleshoot if we had problems.

a.       Create a new network.  This will be like a VLAN specific switch for all of your DOM’s

                                                               i.      xe network-create name-label=vlan103

b.       Next tie the network to the network interface on the physical server (in our case, the bonded interfaces) and specify the VLAN. Keep track of the UUID returned as you will need it when we create VIF’s for the DOM’s

                                                               i.      xe vlan-create network-uuid=<UUID from above> pif-uuid=<UUID of the bond in step 1.c.ii> vlan=103

3)       The next step is to get the management port back up and running.  These are the same steps for setting up VIF’s on other VM’s.

a.       Get the UUID of DOM0

                                                               i.      xe vm-list

b.       Create a VIF to tie DOM0 to the management VLAN (this is the VLAN I created above).  In this case I had one interface (BOND0) so I set the device to 1.  Keep track of this UUID as you will need it to configure the management interface.

                                                               i.      xe vif-create vm-uuid=<UUID of DOM0> network-uuid=<UUID of the network created just above in 2.b.i> device=1

c.       Configure IP information of the VIF.  First run ifconfig to get the device name and then run it again to configure it

                                                               i.      ifconfig

                                                             ii.      ifconfig eth1 <IP ADDRESS> netmask <NETMASK>

d.       Configure it as the management interface

                                                               i.      xe host-management-reconfigure pif-uuid=<UUID of the VIF created above>

e.       Clean up after yourself.  This will help to keep you from getting confused later when you look at the settings.

                                                               i.      xe pif-reconfigure-ip uuid=<old mgmt PIF UUID> mode=None

f.         As long as a VM is not running, you can just start it and the new interface will be ready.  For DOM0 we will have to plug it in.

                                                               i.      xe vif-plug uuid=<UUID of the VIF created above>

 

Notes

1)       The XenNetworking WiKi page helped me wrap my head around what was going on. http://wiki.xensource.com/xenwiki/XenNetworking

2)       I found this thread on the forums that basically became my template. http://forums.xensource.com/thread.jspa?messageID=15451&#15451

3)       The above thread led me to the knowledge that there is more about VLANS in the admin guide than the index would have you believe. Page 33 – 34 tells you how to set them up.  I hope that this omission can be fixed in the next document release.

4)       I found that the UUID’s work with tab completion from the command line.  This may be obvious to everyone else but I never saw it mentioned in the manual (it may be there but I never saw it).

5)       One problem I had with configuring bridges manually in Linux instead of doing it the Xensource way above was that Xensource automatically removes interfaces it does not know about.  Since I was not sure how to make it aware of things I had manually created, my interfaces and bridges would stay up and running for 30 – 60 seconds or so before being torn down.

6)       Once you get the management interface setup, you can create links to other VLANS using the XenCenter and skip much of the above.

7)       I have not tested yet but, my hope is that this information will travel to each of the other machines I add to the resource pool. That is why I took the above steps on the master server.

 

I also attached the above info as a PDF.  If anyone sees any problems with what I have described or better ways to go about it, please let me know so that I can update this in the hope that it helps somebody somewhere.

 

 

James Alspach

 

P.S. Thank you for everyone who provided suggestions and help while I was (and still am) trying to figure this all out.

 

 

 

James Alspach

Systems Analyst II
Shasta County Office of Education


From: augusto lopes [mailto:nhanonme@xxxxxxxxxxxx]
Sent: Monday, June 09, 2008 9:17 AM
To: James Alspach
Subject: En: RE: [Xen-users] VLAN and BRIDGE HELP

 

Hello James;

I was just checking all the recent help emails and found this particular one which is basically referring to a similar environment I would like to set up. Basically, in my scenario I am asked to set up three guest domains (domU1 - domU3). The first tow will provide web and mail services sequentially. And the last one will basically be the DBM server.
Since in a normal network environment domU3 should be on a protected subnet and the other tow on a dmz subnet, I have not been able to set up VLANs appropriately for them. I have practically set up netfilter (iptables firewall ) on the Dom0, but do not understand VLAN concept in xen's virtual environment well enough to accomplish the main goal of separating each service to its own domain.

After reading your help, I can picture the all thing better, but I am still not sure how to bring it all about. Would you please give me some ropes regarding this topic?

I am working with RHEL5 as the Dom0 and guest domains will be various win server 2k3 as well as  rhel5.

Thank you in advance for you help.

Augusto Lopes
Intern System Admin
Apollo System

James Alspach <jalspach@xxxxxxxxxxxxx> escreveu:

Data: Thu, 5 Jun 2008 09:24:04 -0700
De: "James Alspach" <jalspach@xxxxxxxxxxxxx>
Para: "Emil Palm" <empa@xxxxxxxxxx>,
<xen-users@xxxxxxxxxxxxxxxxxxx>
Assunto: RE: [Xen-users] VLAN help


Emil –

Thank you! This gives me another avenue to explore. 

So what you are saying is that one does not have to explicitly create the new interface on the VLAN by making changes in /etc/sysconfig/network-scripts/ ?  By configuring the vlan in vconfig it builds the new interface automagically?  Will this setup survive a reboot or should I build a script to set this up each time?

In my case I have bonded two NICs (well actually two ports on the same NIC but no need to split hairs) so I would imagine I would replace eth0 in your example with bond0.

The host OS I am using is, I believe, CentOS.  I am using the Xen Enterprise version installed right off of the CD which uses some RedHat derived distro.

 

Thank you for your help

James

 

 

 

James Alspach

Systems Analyst II
Shasta County Office of Education


From: Emil Palm [mailto:empa@xxxxxxxxxx]
Sent: Thursday, June 05, 2008 12:35 AM
To: James Alspach; xen-users@xxxxxxxxxxxxxxxxxxx
Subject: RE: [Xen-users] VLAN help

 

Hi!

 

I'v just recently set that kind of eviroment up. What Host OS are you running becouse i wrote 2 diffrent howtos for Red Hat and one for SuSe.

 

But in theory you just have 1 interface for ex: eth0

then you do vconfig add eth0 VLANID

 

when that is done you create a bridge something like this:
brctl addbr brVLANID

brctl addif brVLANID eth0.VLANDID

 

when that is setup you should change "network-script=network-bridge" to "network-script=network-dummy" within your xend-config.sxp so Xend doesnt screw up your real physical interface.

 

When that is done just put: vif=["mac=XX:XX:XX:XX:XX:XX,bridge=brVLANID",] in your domU configuration file.

 

If you want more info just give me a mail and i will help you as the best as i can.

 

Emil Palm

Cardium AB

Sweden
 

-----Original message-----
From: James Alspach <jalspach@xxxxxxxxxxxxx>
Sent: Wed 06/04/08 19:56:40
To: xen-users@xxxxxxxxxxxxxxxxxxx;
Subject: [Xen-users] VLAN help

We are in the process of setting up a few Xensource servers whose initial function will be to run Exchange 2007.  As part of this (and for future VM’s) I need to be able to provide access to various VLANS to the various DOM’s.

In theory this sounds fairly straight forward: DOM0 gets a PIF for each VLAN.  This PIF connects to a VLAN specific bridge and then, for each DOM that needs one, a VIF is created and connected to the bridge.

Does this sound correct?

If so, my question is how to specify the VLAN for a PIF.  I can list it but I am not able to set it since it is read only.

 

How do virtual networks fit into the above and how is a virtual network different from a virtual bridge?

 

Any help or pointers to information are greatly appreciated.

 

Thank you for your help;

James

 

 

 

 

 

 

 

James Alspach
Systems Analyst II

Shasta County Office of Education

1644 Magnolia avenue

Redding, California

96003
jalspach@xxxxxxxxxxxxx
(530) 225-0293

 

IT Hotline: 225-0279

 

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

 

 


Abra sua conta no Yahoo! Mail, o único sem limite de espaço para armazenamento!

Attachment: xensource networking.pdf
Description: xensource networking.pdf

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.