Hi, I''m investigating the use of Xen for a new project, and have come up against a possible problem that I haven''t been able to solve myself yet, and I''m hoping someone here can help. Firstly, some background. Our web presence is currently served by a pair of failover firewalls, a pair of failover webservers, a pair of failover databases, etc. Now though our biggest customer wants us to be more reliable, and resilient, even though we''re not exactly unreliable now! What they want is dual power supplies everywhere, immediate automatic failover everywhere, each half of a pair in physically separate racks, etc. Heartbeat does our failover, and as we require the backup to be up and running at all times, virtual IPs are used, so each VM must be able to add IP aliases at anytime without the host doing anything. To save money, and not waste huge amounts of horse power (our stuff is several years old, and still perfectly capable), we want to use Xen for certain things. Hence me being here. The problem I''m coming up against now is ethernet bonding. Dual PSU switches are expensive, and rare, but Linux supports ethernet bonding easily, so I want to put 2 switches wherever there would be one, and round-robin/active-backup all connections. I''ve given up on bonding interfaces on the host, as the moving about of IPs/MACs, renaming interfaces, doesn''t work* with bonding. So I''ve moved on to bonding interfaces inside the VM. The bond comes up properly, lists both interfaces, but it doesn''t get any MII interfaces so no failover will ever occur, in round-robin setup half the packets will get lost if a switch/port fails. Thoughts/advice anyone? Thanks * /proc/net/bonding/ contains a list of "bonds", renaming bond0 to pbond0 means that bond0 can''t be started as it doesn''t exist anymore. -- Mike Williams System Administration Manager - Comodo Office Tel Europe: +44 (0) 161 8747070 Fax Europe: +44 (0) 161 8771767 _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
On Monday 19 June 2006 12:09, Mike Williams wrote:> * /proc/net/bonding/ contains a list of "bonds", renaming bond0 to pbond0 > means that bond0 can''t be started as it doesn''t exist anymore.I suppose my question really is, how can I run Xen in bridging mode without it moving interfaces/IPs/MACs around? I can''t see anyway for getting the MII information into a VM when it isn''t in fact attached to the actual physical interfaces at all. From reading the documentation, I understand (a little) why this moving of interfaces happens, but I don''t need to be able to separately firewall the host, the VMs will all be on physically separate networks. So far my experiments with hacking network-bridge have been less then successful. Occasionally, for no apparent reason traffic in and out of the VM works, but mostly it doesn''t. -- Mike Williams System Administration Manager - Comodo Office Tel Europe: +44 (0) 161 8747070 Fax Europe: +44 (0) 161 8771767 _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
On Monday 19 June 2006 18:52, Mike Williams wrote:> I suppose my question really is, how can I run Xen in bridging mode without > it moving interfaces/IPs/MACs around? > I can''t see anyway for getting the MII information into a VM when it isn''t > in fact attached to the actual physical interfaces at all. > From reading the documentation, I understand (a little) why this moving of > interfaces happens, but I don''t need to be able to separately firewall the > host, the VMs will all be on physically separate networks. > So far my experiments with hacking network-bridge have been less then > successful. Occasionally, for no apparent reason traffic in and out of the > VM works, but mostly it doesn''t.In case anyone was wondering, I''ve sorted it. Some of the issue was apparently down to network cards. I was using a 4 port d-link branded card (sundance module), I''m now using a pukker intel 2 port card (e1000) and 2 cheap-ass realteks. The traffic to/from the realteks can take a little while to get going. In a copy of network-bridge I''ve changed the op_start() and op_stop() functions to: op_start () { if [ "${bridge}" = "null" ] ; then return fi create_bridge ${bridge} add_to_bridge ${bridge} ${vif0} add_to_bridge2 ${bridge} ${netdev} if [ ${antispoof} = ''yes'' ] ; then antispoofing fi } op_stop () { if [ "${bridge}" = "null" ]; then return fi if ! link_exists "$bridge"; then return fi ip link set ${bridge} down brctl delif ${bridge} ${netdev} brctl delif ${bridge} ${vif0} brctl delbr ${bridge} } -- Mike Williams System Administration Manager - Comodo Office Tel Europe: +44 (0) 161 8747070 Fax Europe: +44 (0) 161 8771767 _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users