[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] A question about bridged networking

Iain Kay wrote:

Apologies in advance if this is a simple question but it is one I have been pondering and would like to get to the bottom of.

It is simple, and it's not Xen related.

So the scenario is that I have the following kit on a network:
/24 CIDR IP range (WAN)
Layer 3 Cisco Router
Several Layer 2 Managed Switches
Xen dom0 servers connected to one of the managed switches

Xen configured with bridged networking and each VPS setup with the Cisco as the default gateway.

Assuming that I have 2 VPS on the same Xen dom0 server and I attempt to send data between the two using their IPs with the default gateway of the Cisco, can Xen/CentOS automatically intercept the traffic at the bridge level so that it doesn't have to flow beyond the xen dom0 kernel?

If so then does it happen automatically?

You do not have to do anything at all, what you describe is the default for any normal IP network.

When a device wishes to send an IPv4 packet to another device that is in the same subnet, it will completely ignore the default gateway. Instead, it will broadcast an ARP (Address Resolution Protocol) request which effectively says "Who has a.b.c.d, tell a.b.c.e ?" The other device will receive this packet and respond with an ARP response "a.b.c.d is at aa:bb:cc:dd:ee:ff". Once the first device gets this response then it knows the MAC address of the device it wishes to send the packet to and can no send it - directly.
IPv6 is different, but still a similar procedure.

Sending of unicast packets on the local net is done by simply putting the correct MAC address in the destination and squirting it out on the wire. The driver on the other end will get the packet, decode it, and pass it up the network stack to the relevant program (assuming there is something listening on the specified port). Other devices will ignore the packet as the destination MAC address isn't theirs.

The last bit you need to understand is the switches. On a hub based network every packet goes to every node, in a switched network most packets only go to the intended node. Each switch keeps a table of MAC addresses it's seen in packets (in the source MAC field), and the port the packet arrived on - thus when it needs to send a packet on, it can lookup in the table and only send the packet to the port the destination MAC address can be reached through. Only if there is no current entry in it's table, or the packet is addressed to the broadcast MAC (ff:ff:ff:ff:ff:ff) will the packet be sent out on all the switches ports. The bridge in your Xen host is no different - and you can query it's table with "brctl showmacs".

So, when your two virtual hosts send packets to each other, the virtual switch software (bridge code) will see that the destination MAC address in each packet is for a VIF attached to the bridge and only send it via that port - the packets will not even reach the ethernet port and go out on the wire, let alone get routed by the gateway.

Where packets would get routed via the gateway would be if you ran a shared network - 2 (or more) IP subnets on the same wire. If you didn't put specific routing in each device, then a device in one subnet would send packets for a device in another subnet via the gateway. Ie, packets would go out to the gateway, the gateway would then shove them back out again on the same interface.

Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.

Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.