[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Still confused about bridging (I think)

David Dyer-Bennet wrote:

Javier Guerra wrote:


On Fri, Sep 19, 2008 at 5:42 PM, David Dyer-Bennet <dd-b@xxxxxxxx> wrote:

I know I'm confused about *something*, because packets aren't getting
through.

The hardware has two NICs, eth0 connects to the corporate lan on
192.168.1.14, and to a private cluster lan on 172.17.0.1.

In dom0, I can reach systems on both lans.

In a guest on 172.17.1.2, I can't reach anything.  Nothing in 172.17,
nothing in 192.168.1.  The guest is domain 9, called vl01.
In dom0 A bridge, xenbr0 (specified in my control files for the domains), 
is set up to let everybody talk to everywhere.

[root@prcapp02 xen]# brctl show
bridge name     bridge id               STP enabled     interfaces
virbr0          8000.000000000000       yes
xenbr0          8000.2ed4b2e93fd1       no              vif9.0
                                                       vif7.0
                                                       tap0
                                                       peth0
                                                       vif0.0



where's the 'way out' from xenbr0? IOW, is peth0 connected to a real NIC?



Yes, that's the "real" nic.  Xen seems to have renamed the interfaces.


i think you should set two bridges, one connected to eth0
(192.168.1.14) , and the other to eth1 (172.17.0.1), then if you want
a DomU on 172.17.x.x, connect it's vif to the second bridge.
I agree with David here. It is the easiest way; otherwise, you'll have to setup your own routing.
I noticed some oddities (although things are constantly being renamed so everything depends on which version you are running :). For starters, on my system (xen-3.0.2-2) the veth devices disappear once xend is started.
I have 3 nics in dom0, each dedicated to one of 3 bridges: WAN, LAN, and DMZ. The bridges and the peth devices are all set to NOARP while the eth and vif devices are all set to ARP ON. None of the nics, vifs, peths or bridges have IPs.
domU #1 gets 3 virtual nics, one on each of the 3 bridges, and does all routing and firewalling between them. All public servers are on domUs attached to the DMZ, all development domUs are attached to the LAN. My ISP provides me with a /29 network giving me 7 public IPs on the WAN. 

This has worked rock solid since April '06.

my $0.02.

Mike Wright :m)
A bridge is a MAC-layer device, it never even looks at the IP address in the packet (the packet need not, in fact, be IP at all). So I'd need a pretty detailed explanation of how this might help before it's even worth trying. 




_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.