[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] XCP and Amazon EC2-style networking

  • To: Vern Burke <vburke@xxxxxxxx>, xen-users@xxxxxxxxxxxxxxxxxxx
  • From: C V <rayvittal-lists@xxxxxxxxx>
  • Date: Sun, 14 Mar 2010 12:56:40 -0700 (PDT)
  • Cc:
  • Delivery-date: Sun, 14 Mar 2010 12:58:37 -0700
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:X-YMail-OSG:Received:X-Mailer:References:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=TVBVHY7zN2Wz9my1n6DLktMin+kzkKiKkQ53FdDuqTCwCmbW+NNF55vUr1sgqBVloQY6Z5wcSH1hsf/DhOxhjj6fbVw2TYDy99mQEUeZjJdMgZ6BSEwNPJ0Ch80ldREaYuYP/hG4zX0Igbarw1k3i259O7luwT0T8Xdq25Ic820=;
  • List-id: Xen user discussion <xen-users.lists.xensource.com>
That works in a single-user usecase. If an ISP wants to replicate the EC2 model and support multiple tenants, then each tenant gets their own public IP and can program their own firewall rules through the API. Most hardware firewalls don't have APIs  to program firewall rules.


From: Vern Burke <vburke@xxxxxxxx>
To: xen-users@xxxxxxxxxxxxxxxxxxx
Sent: Sun, March 14, 2010 12:39:54 PM
Subject: Re: [Xen-users] XCP and Amazon EC2-style networking

Unless I'm reading something wrong here, I can't figure out why you'd
want a private IP NATted to a dedicated public IP for the DomU. If
you're going to use the DomUs as NATted workstations, just put the whole
thing behind a NAT router and you're done.

Vern Burke

SwiftWater Telecom
http://www.swiftwatertel.com
ISP/CLEC Engineering Services
Data Center Services
Remote Backup Services

On 3/14/2010 3:30 PM, C V wrote:
> On EC2, each instance (Xen DomU) gets an internal IP address (usually
> 10.x.y.z) and also a public IP address which is NAT'ed to the internal
> IP address. I am assuming that this NAT happens in Dom0.
>
> In XCP, the DomU VIFs are directly bridged to the physical network --
> this would be the internal IP equivalent. I don't see any equivalent way
> to NAT the public IP address to the internal IP address. With xend-style
> networking it may have been possible to use network-nat or perhaps
> network-route
>
> vi /etc/xen/xend-config.sxp
> (network-script network-route)
> #(network-script network-bridge)
> #(network-script network-nat)
>
> Is it possible in XCP?
>
> Thanks
> --
> CV
>
>
>
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-users

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.