[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Xen-users] Isolated network

  • To: "Florian Manschwetus" <florianmanschwetus@xxxxxx>, <Xen-users@xxxxxxxxxxxxxxxxxxx>
  • From: "Jonathan Tripathy" <jonnyt@xxxxxxxxxxx>
  • Date: Fri, 4 Jun 2010 16:04:50 +0100
  • Cc:
  • Delivery-date: Fri, 04 Jun 2010 08:08:16 -0700
  • List-id: Xen user discussion <xen-users.lists.xensource.com>
  • Thread-index: AcsD9a28MaE7Q1yGThizEhhZLuhcbQAAZoLF
  • Thread-topic: [Xen-users] Isolated network


From: Florian Manschwetus [mailto:florianmanschwetus@xxxxxx]
Sent: Fri 04/06/2010 15:53
To: Jonathan Tripathy
Cc: Xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] Isolated network

> Hi There,
> Sorry, I think I worded my post wrong. What I meant was is there a way
> to make sure that the DomUs can't access the Dom0, i.e. so they are on
> an isolated network. By default in virt-manager, the Dom0 gets attached
> to each bridge created...
> Also, what additional features does opensolaris support?
> Thanks
Depending where and how your guest disks are stored, you would have zfs
for that. At least your dom0 would benefit from zfs (bootenvironments
and frequent snapshotting of all data).
Really easy handling of vlans, bridges and other networking stuff.
(e.g. to configure a nic, you have to plumb it to the system, but you
can use an unplumbed nic for a bridge (what would address your current
No idea so far how well it integrate that all with virt-manager

For udom or smarter dom0 you can use zones.

At all, I would say, you should have a closer look (read a bit at
opensolaris.org) and try it for your own if you are interested.

I have a productive xen running with two osolb134 dom0s with x64-linux,
-windows and -opensolaris as guests.


My main question is though, is that since all bridge are actually located in the Dom0, what is the best way to stop DomUs from access Dom0? Should I just make a "bridge firewall" at the bridge?

Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.