Xen project Mailing List

RE: [Xen-users] Networking with xen

To: "Luke S Crawford" <lsc@xxxxxxxxx>

From: "Quezada, Pedro" <PedroQ@xxxxxxxxxx>

Date: Wed, 15 Oct 2008 09:57:53 -0400

Cc: xen-users@xxxxxxxxxxxxxxxxxxx

Delivery-date: Wed, 15 Oct 2008 06:58:59 -0700

List-id: Xen user discussion <xen-users.lists.xensource.com>

Thread-index: AckuhhffgNiEzYRzT/yTs+P4TEuTcgARcVSw

Thread-topic: [Xen-users] Networking with xen

So is performance throughput an issue with Xen ? Hey I have been looking into it look at this diagram http://man.chinaunix.net/network/shorewall-docs-html-3.0.8/images/Xen4.p ng That is unbelievable what can be done with it....... True one can plug a server with multiple nics and have same effect.. But it ends at the nic and is already something we don't like to do.. Good practice to monitor what we put out there externally.. Is just the fact that one can allow on server to go out the internet for business purposes.. Then many machines bridged and the routed out of the external interface and then natted... It mean that there is another network "infrastructure" behind the server and it can become elaborate... Thanks for your reply...I am playing with it see what implication it poses. Loops and a standard method of operating with a large spanning tree environment.. -----Original Message----- From: lsc@xxxxxxxxxxxxxxxxxx [mailto:lsc@xxxxxxxxxxxxxxxxxx] On Behalf Of Luke S Crawford Sent: Wednesday, October 15, 2008 1:23 AM To: Quezada, Pedro Cc: xen-users@xxxxxxxxxxxxxxxxxxx Subject: Re: [Xen-users] Networking with xen "Quezada, Pedro" <PedroQ@xxxxxxxxxx> writes: > is there a possibilTy to conneCt doms toguether and for a spanning tree loop. Well, if you setup two bridges, sure. Or if you give a Domu 2 vifs and bridge them in the DomU. It's not possible in the default setup, where you only have one bridge and one vif in each DomU But if you really want the "don't let me shoot myself in the foot" level of handholding, you really shouldn't be using Open Source. talk to Citrix about the commercial version of Xen, or if performance isn't critical and/or you are largely a windows shop, talk to VMware. > The network capabilities of xen can really cause concerns to the network admins... > > I mean this product not used well can bypass all security in a network... You need to think of your xen bridge as a switch. From the network admin perspective, you are simply plugging in another switch and any number of servers behind that switch. The exact same security concerns apply. I don't see how this bypasses all security on a network. It does mean that the Dom0 administrators are administering a switch; if you plug more than one network into the Dom0, you have the same problems you have when you plug more than one network into any other server (that is, someone with root on the server in question can create bridges/tunnels between those two tunnels if they want) _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.