[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] quick question about bonding with vlans and Xen

On 5/24/2010 11:16 PM, Fajar A. Nugraha wrote:
On Tue, May 25, 2010 at 4:25 AM, Donny Brooks<dbrooks@xxxxxxxxxxxxxxxx>  wrote:
Ok, so far I have followed up till this point with eth2 and eth3 (third and 
fourth ports in the server) leaving eth0 and eth1 alone for now.
... which you can add to the bridge as well later, if you like.

So when I pass the domu "bridge=br1" (changed it to br1 from 9) and it is a 
dhcp host, how does it know where to get it's IP?
I think you're still missing the basics. Here's an analogy to make
things easier. When using the above setup (bonding + vlan + bridge),
Xen dom0 behaves the same way as an L2 switch with vlans enabled and
multiple bonded ports for uplink trunk.

For simplicity sake lets assume the bridge names is the same as vlan
numbers. I wouldn't recommend using vlan1 (and thus br1), as vlan1 is
usually the default management vlan/default vlan for untagged traffic.
So lets assume we'll be using vlan9/br9. eth2 and eth3 (which is the
uplink trunk interface) must be connected to a switch as trunk,
possibly requiring special bonding setup on the switch side as well
(depends on which bonding mode you use). The switch must already have
an existing vlan9, which is connected to an existing network with an
existing DHCP server.

So in that sense, a domU connected to br9 behaves just like another
physical machine connected to the switch directly and assigned vlan9.
It can get IP address from an existing DHCP server on that vlan. If no
DHCP server exists, you have to create one first :D

I have 18 VLAN's I need to pass to Xen, VLAN 2-19. Is it that br1 needs only 
setup with one vlan? So if I did a ifcfg-bond0.2 I would make a br2 and point 
the domu to that? Just trying to clarify since I think that's how I would need 
to do it.
You'd need 18 vlan interface, from bond0.2 to bond0.19, and 18
bridges, from br2 to br19.

But do I have to assign an IP to each "interface"? Would I need to designate 
one specific NIC to handle Dom0 and it's static IP or would Dom0 still be able to have a 
static IP with all 4 bonded together with vlans on them?
Again, think L2 switch. Usually it will only have one management IP
address, no matter how many vlans it has. Let's assume your dom0
management IP address will be on vlan9, so on
/etc/sysconfig/network-scripts/ifcfg-br9 you can put IP address
settings, and leave all other bridges WITHOUT IP address setting. This
setup has the advantage that dom0 will also benefit from the bonding

Another approach that you can use is to have a dedicated NIC for dom0
management IP address. Let's assume eth0. You can connect it to a
different switch. This setup has the advantage that you'd get an
out-of-band management network (think HP's ILO or Sun's rsc), but you
don't have the benefit of bonding.

For simplicity sake, I might just leave dom0 on eth0 for now and just use eth1 
thru eth3 for the bond. That way if I foobar something I can still get to dom0 
remotely. Thank you for taking the time to explain this. Now I just need to 
figure out the switch portion of the bond :)
In my example above, "mode=balance-alb" means you don't have to do
much on the switch side. Just make sure the ports eth1-3 uses are set
as trunk, not access. If you use  "mode=802.3ad" or 4, you'd need to
setup bonding on the switch side as well. This page has a good

Just writing back to let everyone know that I was able to get this working. It took me a bit as I was mis-reading what Fajar was saying. But his examples were spot on. Below is the exact steps I did to accomplish this:

1. On the switch (Cisco 4705R in my case) I simply put the 3 interfaces into trunk mode with the following commands:

interface GigabitEthernet6/30
 description to xen bond0 interface 1
 switchport trunk encapsulation dot1q
 switchport mode trunk
interface GigabitEthernet6/31
 description to xen bond0 interface 2
 switchport trunk encapsulation dot1q
 switchport mode trunk
interface GigabitEthernet6/32
 description to xen bond0 interface 3
 switchport trunk encapsulation dot1q
 switchport mode trunk

The encapsulation part was needed on my switch but may not on others. It griped about it so I added it.

2. On the Xen dom0 I commented out the "(network-script network-bridge)" line in /etc/xen/xend-config.sxp
3. I created the bond device on Xen dom0:

cat /etc/sysconfig/network-scripts/ifcfg-bond0

4. Created the config file:

cat /etc/modprobe.d/bond0
alias bond0 bonding
options bond0 mode=balance-alb miimon=100

5. Added eth1-eth3 to the bond:

cat /etc/sysconfig/network-scripts/ifcfg-eth1
# Broadcom Corporation NetXtreme II BCM5709 Gigabit Ethernet

cat /etc/sysconfig/network-scripts/ifcfg-eth2
# Broadcom Corporation NetXtreme II BCM5709 Gigabit Ethernet

cat /etc/sysconfig/network-scripts/ifcfg-eth3
# Broadcom Corporation NetXtreme II BCM5709 Gigabit Ethernet

6. Created the bridges br2 through br19 (one for each vlan you want accesss to) Just first one for example:

cat /etc/sysconfig/network-scripts/ifcfg-br2

7. Created vlans on top of the bond, and assign it to the bridge. Again bond0.2 through bond0.19 one for each vlan. Just first as example:

cat /etc/sysconfig/network-scripts/ifcfg-bond0.2

8. I then "virsh edit domuname" and changed the "bridge" line to this:

<interface type='bridge'>
<mac address='00:00:00:00:00:ee'/>
<source bridge='br2'/>

where br2 is the bridge you want that machine to have access to.

In a nutshell I was able to bond 3 gigabit interfaces together (soon to be 4) and have all of our vlans pass across that bond. What threw me for a loop is I misread Fajar's part about doing the switch side stuff according to the http://wiki.oracle.com/page/Cisco+Systems+IOS-based+switches-+interface+bonding+and+trunking site. You don't need that unless you are doing the 802.3ad bonding (which is a PAIN IN THE REAR!!!). So for simplicity just do the above steps and you will be rewarded. Now just to get the gigabit drivers for my HVM windows 2003 machine.

Donny B.

Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.