[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Please help with network configuration.

Christian-Josef Schrattenthaler <cjs1976@xxxxxx> wrote:

> I have a Debian 8 root server with one network card and 4 external ip 
> addresses from my provider. I did already the standard network configuration 
> (eth0, eth0:0, eth0:1 and eth0:2). So far so good.
> Now I want to create the right bridging for Xen and the virtual machines. And 
> this is the point where I get confused. Should I create one bridge for 
> everything, or should I create a bridge for every external ip address I have? 
> I have 4 external ip addresses, and I want to make 4 virtual machines. This 
> means, that the server and one virtual machine have to share an ip address, 
> which is not a problem, because the server needs ssh, and the virtual 
> machines are with Windows.

OK, you need to clarify exactly what you have, and what you want.
So how are the IPs presented to you ? Do you want the VMs to have a public IP 
or do you want to use private addressing and NAT ?

I *think* you are saying that you want the VMs to have public addresses. So on 
that basis, this is what I suggest :

1) Drop the sub-interfaces. You do *NOT* configure the public IPs on the host - 
that prevents them being used by the guests.

2) Create a bridge for the outside world - this may or may not have an IP on it 
for the host, I'll come back to that.

3) Configure each guest to use one of the public IPs, and connect it's 
interface to the "outside" bridge

4) Optionally, create a second bridge for "internal" traffic, using RFC1918 
private addressing

5) Optionally, configure *one* machine (could be the host, could be one of the 
VMs) to run NAT between one or more of the public IPs and the private addresses 
on the internal network.

Step 2 is done via /etc/network/interfaces. Don't use any network manager or 
similar* - and I highly recommend you remove or at the very least completely 
disable any such beast. Using it will only cause you problems down the line. My 
personal preference is to rename the physical interfaces (using rules in cat 
/etc/udev/rules.d/70-persistent-net.rules to something "logical" - eg on my VMs 
at work I may have pethext, pethbak, pethint and so on for the outside, 
backend, and internal networks. I then create bridges called (eg) ethext, 
ethbak, ethint. A typical bridge declaration goes (in this case, for my backend 
network) like this :
auto ethbak
iface ethbak inet static
  bridge_ports pethbak
  address 10.nn.nn.nnn

On my home network, I run a "router appliance" as a guest. It's really just a 
minimal install of Debian running PPPoE for my internet connection and acting 
as a simple "2 port firewall". The host itself only has internal network 
addresses (IPv4 and IPv6).

* As you are running Debian 8 (aka Jessie), unless you've gone to some lengths 
then you'll also be infected with malware (aka SystemD) whose main purpose as 
far as I can see is to make the system less manageable and less stable (with a 
bonus of making software less portable). I don't know what effect this has on 
the preceeding advice (eg configuring network via /etc/network/interfaces) as I 
don't run Jessie and have no intention of allowing SystemD on any of my systems.

Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.