[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-users] Should VMs' IP addresses be on the same subnet as the Dom0 and other boxes on our LAN?

To: xen-users@xxxxxxxxxxxxxxxxxxx
From: gregk.xen@xxxxxxxxxxxxx
Date: Sat, 17 Sep 2011 15:40:40 -0700
Delivery-date: Sat, 17 Sep 2011 15:41:40 -0700
List-id: Xen user discussion <xen-users.lists.xensource.com>

Hi.

I've installed our 1st Virtualized server using Xen.  I've managed to
create & populate a VM that's going to be used as our office mail
server.

Everything seems to work ok -- I can send/receive email to/from the
'real world'.

I've read a bunch at the Xen wiki about routing, and bridging, and
security.  Wow! Lots of stuff to digest compared to doing stuff in
VirtualBox. But I get this is a different beast, and I think I got a
good idea of what I _can_ do.

I've one question about assigning VM's IP addresses.  Basically, what
_should_ I do about assigning VM IP addresses?

What I have right now is pretty basic.

Internet
  |
  |
  |  X.X.X.X/29
Firewall+Router: 10.0.0.1
  |  10.0.0.1/24
  |
  |
Ethernet Switch
  |
  |---- my Desktop: eth0:10.0.0.2
  |
  |---- Server Dom0: eth0:10.0.0.3
             |
             |---- VM#1 (Mail Server): bridge:10.0.0.4

Mail sent from the outside to my network gets a NAT redirect to the Mail
Server @ 10.0.0.4.

Works great.

My question is:

For security, or performance, or general Xen, reasons, should I change
that "VM#1 (Mail Server)" IP address to a different subnet.  Like
10.100.0.1/24?  And do some sort of routing somewhere?

Instead of having mail traffic passthrough 'through' the Dom0 to the VM,
is it better to have a second, real Ethernet card assigned to the VM,
and do this instead:

Internet
  |
  |
  |  X.X.X.X/29
Firewall+Router: eth0: 10.0.0.1, 10.100.0.1
  |  10.0.0.1/24, 10.100.0.1/24
  |
Ethernet Switch
  |
  |-------------------------------------------------------------|
  |                                                             |
  |                                                             |
  |---- my Desktop: eth0:10.0.0.2                               |
  |                                                             |
  |---- Server Dom0: eth0:10.0.0.3                              |
             |                                                  |
             |---- VM#1 (Mail Server): bridge:10.0.0.4          |
                              |                                 |
                              |----: 'real' eth1:10.100.0.4 ----|

?

Thanks for your help with any suggestions or any good URLs to read!

Greg

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

Follow-Ups:
- Re: [Xen-users] Should VMs' IP addresses be on the same subnet as the Dom0 and other boxes on our LAN?
  - From: Simon Hobson

Prev by Date: [Xen-users] XCP autostart and LVM disabled
Next by Date: Re: [Xen-users] Yet Another PCI passthrough question
Previous by thread: [Xen-users] XCP autostart and LVM disabled
Next by thread: Re: [Xen-users] Should VMs' IP addresses be on the same subnet as the Dom0 and other boxes on our LAN?
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.