Xen 3.2 networking: private and public hosts

networkingxen

I've got Xen 3.2 running on Debian Lenny, and I'm essentially trying to recreate the setup I had on another server that was running OpenVZ.

My dom0 has a static IP address and is Internet facing. Let's say for example, I have 4 domUs. I want dom1 and dom2 to be public facing on the Internet with public IP addresses. I want dom3 and dom4 to have private network addresses (192.168.x.x) yet able to be reached from dom0, dom1, dom2.

This was a snap with OpenVZ, but unfortunately I can't find any good examples of combination setups like these. Either all the domUs are public or they're all private. Any suggestions?

Best Answer

You could simply create a virtual bridge, which is not connected to any physical interfaces for your domU3 and domU4. You other 2 domU's can have an interface on each bridge (physical and virtual) and you can use NAT on dom0 to allow domU3/4 to access the internet through the virtual bridge, by assigning it an IP in dom0. RedHat's libvirt does just this by creating a default "virbr0" which can be used for creating a private domU LAN.

With debian you can easily setup a bridge on startup by: a. installing "bridge-utils" (which you most likely already have if you have xen installed) b. adding something along the following to /etc/network/interfaces:

auto virbr0
iface br0 inet static
address 192.168.0.10
netmask 255.255.255.0
gateway 192.168.0.1

and adding an interface to your domU's which is connected to virbr0 in your domU configuration

vif = [ "bridge=virbr0" ]

Related Solutions

Linux – Xen mixed routing

You should setup two bridges on dom0. You can use the standard entries in /etc/network/interfaces for this. Let's assume your real card is eth0 (and there's a DHCP server behind it) and you have bridge-utils installed. The file could look like this:

auto br0
iface br0 inet dhcp
    bridge_ports eth0
    bridge_maxwait 0

auto br1
iface br1 inet static
    bridge_ports none
    bridge_maxwait 0
    address 192.168.0.1
    netmask 255.255.255.0

You configure /etc/xen/xend-config.sxp with network-brigde and vif-bridge. In each domU config file, you select whether you want it to have direct external access (via br0) or if it should get only access via br1. For this you can use vif lines like those:

vif = ['bridge=br0']
vif = ['bridge=br1']

Of course, you still have to setup the NAT/masquerading over br1 and the network configuration of the domU should match (i.e. those on br0 should used DHCP and those on br1 should have a static IP in my example above).

Debian lenny xen bridge networking problem

the default bridge script does a lot of weird things to make the eth0/peth0 devices.. I have much better luck setting it up in /etc/network/interfaces as

# The primary network interface
auto xen-br0
iface xen-br0 inet static
        address 10.2.2.44
        gateway 10.2.2.1
        netmask 255.255.255.0
        bridge_ports eth0
        bridge_stp off
        bridge_fd 0

and then in xend-config.sxp:

(vif-script vif-bridge bridge=xen-br0)

that way debian sets up the bridge and xen leaves it alone.

Do you have access to the routers and switches? Can you run, or have someone else run:

show ip arp 188.40.96.238
show mac-address-table address 0016.3E1F.C4CC

(or whatever commands are appropriate for the devices you have) That would confirm if your domU is even visible to the rest of the network.

Best Answer

Related Solutions

Linux – Xen mixed routing

Debian lenny xen bridge networking problem

Related Topic