[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] using both bridged and routed networking

Fajar A. Nugraha wrote:

DON'T let xen setup bridges/route for you (i.e. using xend-config.sxp)
DO setup your own bridges (e.g. setup on /etc/network/interfaces)
DO use bridge + route/NAT instead of trying to mimick xen-style routed setup.

To add to that, this is what I'd do (I use Debian) :

Setup TWO bridges, using the host OS tools - in the case of Debian it is trivially easy to create bridges in /etc/network/interfaces. One of these bridges might not have an external NIC connected to it - it depends on what else is connected in your network.
I'll call these brext and brint for convenience.

For those devices which get an outside IP, connect their VIFs to brext when creating them (bridge = brext in the VIF statement or something similar).

For those devices which are routed/NATed, connect their VIFs to brint.

Now, you can either do the routing/NAT in Dom0, or what I've done at home is to run a small DomU just as a 2 port router. It has two VIFs* connected to brint and brext - you can run whatever OS or firewall appliance you like/have the skills to setup and manage for this (I just use Shorewall and Debian, others prefer something 'packaged'). * Actually, one interface was for a while a native NIC made available by PCI passthrough - but the principal is the same.

Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.

Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.