<thomas.vonsteiger@bluewin.ch>
2006-Sep-08 04:56 UTC
[Xen-users] multiple nic''s with vlan -> bridge or bridge -> vlan
Hello, Whats the experience with multiple nic''s and vlan''s/bridge''s for xen guests ? Is it better to build network configs for xen guest''s with: eth0 - vlan''s - bridge''s - domU''s eth1 - vlan''s - bridge''s - domU''s or eth0 - bridge - vlan''s -domU''s eth1 - bridge - vlan''s -domU''s regards, Thomas _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Molle Bestefich
2006-Sep-14 09:14 UTC
Re: [Xen-users] multiple nic''s with vlan -> bridge or bridge -> vlan
thomas.vonsteiger@bluewin.ch wrote:> Is it better to build network configs for xen guest''s with: > > eth0 – vlan''s – bridge''s – domU''s > > eth1 – vlan''s – bridge''s – domU''s > > > > or > > > > eth0 - bridge – vlan''s –domU''s > > eth1 - bridge – vlan''s –domU''sAssuming from your ASCII drawing that you terminate your VLANs inside the domu''s in the second configuration, I''d go with the first configuration from a security point of view. _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Javier Guerra
2006-Sep-14 12:52 UTC
Re: [Xen-users] multiple nic''s with vlan -> bridge or bridge -> vlan
On Thursday 14 September 2006 4:14 am, Molle Bestefich wrote:> thomas.vonsteiger@bluewin.ch wrote: > > eth0 – vlan''s – bridge''s – domU''s > > eth1 – vlan''s – bridge''s – domU''s > > > > or > > > > eth0 - bridge – vlan''s –domU''s > > eth1 - bridge – vlan''s –domU''s > > Assuming from your ASCII drawing that you terminate your VLANs inside > the domu''s in the second configuration, I''d go with the first > configuration from a security point of view.apart from termination worries, the second setup usually has problems. mainly because it''s better to put the physical eth''s MTU to 1504, but the bridges usually choke with MTUs bigger than 1500 -- Javier _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
<thomas.vonsteiger@bluewin.ch>
2006-Sep-15 05:47 UTC
AW: [Xen-users] multiple nic''s with vlan -> bridge or bridge -> vlan
For security eth0 vlan''s bridge''s domU''s it''s "maybe" a better solution. Becose i have problem to run this configuration. There is for each vlan (mtu 1496) a bridge. Something is not running for such networkconfigs. I''m not sure about the traffic between bridge and domU. Is there 8021q traffic or not ? Becose 8021q traffic i have to the dom0 vlan''s, and from there ? The other way, bridge-vlan''s is working fin with mtu 1496. With tcpdump inside domU i can sea all available vlan numbers with the subnet information. It''s running but not secure. Thomas> -----Ursprüngliche Nachricht----- > Von: xen-users-bounces@lists.xensource.com [mailto:xen-users- > bounces@lists.xensource.com] Im Auftrag von Javier Guerra > Gesendet: Donnerstag, 14. September 2006 14:53 > An: xen-users@lists.xensource.com > Betreff: Re: [Xen-users] multiple nic''s with vlan -> bridge or bridge -> > vlan > > On Thursday 14 September 2006 4:14 am, Molle Bestefich wrote: > > thomas.vonsteiger@bluewin.ch wrote: > > > eth0 vlan''s bridge''s domU''s > > > eth1 vlan''s bridge''s domU''s > > > > > > or > > > > > > eth0 - bridge vlan''s domU''s > > > eth1 - bridge vlan''s domU''s > > > > Assuming from your ASCII drawing that you terminate your VLANs inside > > the domu''s in the second configuration, I''d go with the first > > configuration from a security point of view. > > apart from termination worries, the second setup usually has problems. > mainly > because it''s better to put the physical eth''s MTU to 1504, but the bridges > usually choke with MTUs bigger than 1500 > > -- > Javier_______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users