Xen users - Oct 2006 - xen and virtual networking.

Chaps,

I''m running Xen on a laptop and transferring the images over to a box
somewhere. The thing about being on a laptop is that networks are very
intermittent. Moving from office to server room to home... Would be
nice to be able to have a virtualised network with my many domUs.

Then I came across this thing:- http://mln.sourceforge.net/
Anyone tried it? Recommend? How far can I take bridging? Can I
simulate a net without being actually physically connected to one?

</networking noob/>

-- 
John Maclean  - 07739 171 531
MSc (DIC)

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Thanks for that speedy reply. That''d be a nice thing to try on a
*wireless* network which is where I''m coming from. Loads of open nets
out here. In  the office or server room I''d just run
/etc/init.d/network restart or ifup <interface> within dom0 and all of
the domUs.

Iv''e read somewhere that bridging is not best for wireless devices.
Could you send me the config files or post them to the list? I''d
appreciate that!


On 24/10/06, Theo Cabrerizo Diem <diem@carpediem.sh>
wrote:
> Hello John,
>
> That was one of my ideas ... I don''t have the mobility option but
I
> tought about using my domU''s as less "intrusive" as
possible :D
>
> So the idea came :
> - have two briges (eth-br and xen-br)
> - interfaces on eth-br: peth0, vif0.0
> - interfaces on xen-br: vif0.1
> - ips of Dom0 : eth0 (1.2.3.4 - external ip), eth1 (192.168.1.1)
> *note that the second interface on dom0 is provided by xen. I
don''t have
> 2 cards
>
> Dom0 eth0 works flawlessly since it goes through eth-br and reaches my
> network.
>
> By default, once I start a domU, it add''s a vifX.0 to the xen-br
bridge,
> so uses Dom0 as default gateway (which does the masquerading/routing),
> so if you change networks, you simply resconfigure dom0 eth0 and
> everything is done :D the DomU''s doesn''t need to know
anything about
> external networks.
>
> domU''s have 192.168.1.X ips and use 192.168.1.1 as default
gateway.
>
> If someone in my work network needs access to one of my virtual
> machines, I attach a vifX.1 (the second interface on domU) to the eth-br
> bridge and do a ''ifup eth1''  on domU (whichs fires
dhclient on eth1, but
> doesn''t change the gateway, it stays using eth0 to reach the
gateway).
> If you change external networks, you don''t loose any connection
between
> domU''s and/or dom0 ... only ''external''
connections.
>
> Why two bridges and not simple iptables nat stuff ? because (for
> validation pruposes, this setup is much closer from the real machines
> than port mangling/nat''ing)
>
> I can post my config files and more information if that interests
> you ... but I have one little problem with this setup : the masquerading
> stuff isn''t working properly in dom0 (as I posted before on this
list,
> but no answer came from xen network gurus ;) - subject ''One more
NAT
> problem (not tranversing POSTROUTING)'' )
>
> Cheers,
>
> Theo Diem
>
> On Tue, 2006-10-24 at 19:29 +0100, john maclean wrote:
> > Chaps,
> >
> > I''m running Xen on a laptop and transferring the images over
to a box
> > somewhere. The thing about being on a laptop is that networks are very
> > intermittent. Moving from office to server room to home... Would be
> > nice to be able to have a virtualised network with my many domUs.
> >
> > Then I came across this thing:- http://mln.sourceforge.net/
> > Anyone tried it? Recommend? How far can I take bridging? Can I
> > simulate a net without being actually physically connected to one?
> >
> > </networking noob/>
> >
>
>

--
John Maclean  - 07739 171 531
MSc (DIC)


-- 
John Maclean  - 07739 171 531
MSc (DIC)

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Hi again,

Well, wireless devices tends to have plenty of retransmissions if your
signal is low ... your mileage may vary :).

I''m using debian so some configuration is quite debian specific (the
bridge setup) but let me know if you still have doubts.

I set the network on boot time (and not on xend scripts) since there''s
some daemons that comes before xend, and once xend changes a lot of
things, they need to be restarted after xen. So setting this earlier
solves the problem.

As I said, I''m having problems with this setup to masquerade domU
traffic, and seems that no one could help :(

--- /etc/modules :
netloop nloopbacks=2
--- end of /etc/modules

--- /etc/network/interfaces :
  auto eth-br
  iface eth-br inet manual
        # configure bridge ports
        pre-up ip link set eth0 arp off multicast off addr
fe:ff:ff:ff:ff:ff
        pre-up ip link set vif0.0 arp off multicast off addr
fe:ff:ff:ff:ff:ff
        # bridge config
        hwaddress ether fe:ff:ff:ff:ff:ff
        bridge_ports eth0 vif0.0
        bridge_stp off
        bridge_fd 0
        up ip link set eth-br arp off
        up ip link set eth-br multicast off

  auto xen-br
  iface xen-br inet manual
        # configure bridge ports
        pre-up ip link set vif0.1 arp off multicast off addr
fe:ff:ff:ff:ff:ff
        # bridge config
        hwaddress ether fe:ff:ff:ff:ff:ff
        bridge_ports vif0.1
        bridge_stp off
        bridge_fd 0
        up ip link set xen-br arp off
        up ip link set xen-br multicast off

  auto veth0
  iface veth0 inet dhcp
        hwaddress ether 00:13:72:27:9b:71
        up ip link set veth0 arp on

  auto veth1
  iface veth1 inet static
        hwaddress ether 00:13:72:27:9b:72
        address 192.168.235.1
        netmask 255.255.255.0
        up ip link set veth1 arp on
--- end of /etc/network/interfaces

on xend-config.sxp:
- comment all network-script stuff, since I defined it at boot time
- your vif-script line would look like :
(vif-script ''vif-bridge bridge=xen-br'')

that would add yours DomU''s by default only on the internal bridge

what happens on all this ?
1 ) once you load netloop (with the nloopback=2 option), it creates 4
interfaces in your Dom0 : vif0.0 vif0.1 veth0 and veth1
Imagine vif0.0 and veth0 as different ends of a ethernet cable, one you
connect to a switch (vif0.0) and another is in your box (veth0). Same
happens to vif0.1<->veth1.
2 ) configure eth0 to a broadcast MAC address (required for the bridge
to work), among details (like arp off, multicast off)
3 ) create a eth-br bridge with eth0 and vif0.0 on it (remember, like
having a hub with two cables connected ;) )
4 ) configure veth0 in your dom0 as your normal interface (forget about
eth0); set''s a MAC address on it
5 ) setup another bridge called xen-br with vif0.1 on it (remember,
that''s the other end of veth1 in dom0)
6 ) configure veth1 with a static ip address (which would be the gateway
for the domU''s); set''s another MAC address on it

by this .. everything should work, your dom0 uses veth0 to reach your
''physical'' interface and veth1 to reach your domU''s.

My problem : masquerading (iptables -t nat -A POSTROUTING -o veth0 -j
MASQUERADE ) doesn''t work as supposed to be for domU''s :(. I
belive that
if you get rid of the eth-br (and simply use eth0 on Dom0 for real
network and veth1 as xen network) would work, but you would need to do
NAT to allow external connections to your domU''s

Let me know if you have any questions on my setup =)

[]''s

Theo



On Tue, 2006-10-24 at 22:33 +0100, john maclean wrote:
> Thanks for that speedy reply. That''d be a nice thing to try on a
> *wireless* network which is where I''m coming from. Loads of open
nets
> out here. In  the office or server room I''d just run
> /etc/init.d/network restart or ifup <interface> within dom0 and all
of
> the domUs.
> 
> Iv''e read somewhere that bridging is not best for wireless
devices.
> Could you send me the config files or post them to the list? I''d
> appreciate that!
> 
> 
> On 24/10/06, Theo Cabrerizo Diem <diem@carpediem.sh> wrote:
> > Hello John,
> >
> > That was one of my ideas ... I don''t have the mobility option
but I
> > tought about using my domU''s as less "intrusive" as
possible :D
> >
> > So the idea came :
> > - have two briges (eth-br and xen-br)
> > - interfaces on eth-br: peth0, vif0.0
> > - interfaces on xen-br: vif0.1
> > - ips of Dom0 : eth0 (1.2.3.4 - external ip), eth1 (192.168.1.1)
> > *note that the second interface on dom0 is provided by xen. I
don''t have
> > 2 cards
> >
> > Dom0 eth0 works flawlessly since it goes through eth-br and reaches my
> > network.
> >
> > By default, once I start a domU, it add''s a vifX.0 to the
xen-br bridge,
> > so uses Dom0 as default gateway (which does the masquerading/routing),
> > so if you change networks, you simply resconfigure dom0 eth0 and
> > everything is done :D the DomU''s doesn''t need to
know anything about
> > external networks.
> >
> > domU''s have 192.168.1.X ips and use 192.168.1.1 as default
gateway.
> >
> > If someone in my work network needs access to one of my virtual
> > machines, I attach a vifX.1 (the second interface on domU) to the
eth-br
> > bridge and do a ''ifup eth1''  on domU (whichs fires
dhclient on eth1, but
> > doesn''t change the gateway, it stays using eth0 to reach the
gateway).
> > If you change external networks, you don''t loose any
connection between
> > domU''s and/or dom0 ... only ''external''
connections.
> >
> > Why two bridges and not simple iptables nat stuff ? because (for
> > validation pruposes, this setup is much closer from the real machines
> > than port mangling/nat''ing)
> >
> > I can post my config files and more information if that interests
> > you ... but I have one little problem with this setup : the
masquerading
> > stuff isn''t working properly in dom0 (as I posted before on
this list,
> > but no answer came from xen network gurus ;) - subject ''One
more NAT
> > problem (not tranversing POSTROUTING)'' )
> >
> > Cheers,
> >
> > Theo Diem
> >
> > On Tue, 2006-10-24 at 19:29 +0100, john maclean wrote:
> > > Chaps,
> > >
> > > I''m running Xen on a laptop and transferring the images
over to a box
> > > somewhere. The thing about being on a laptop is that networks are
very
> > > intermittent. Moving from office to server room to home... Would
be
> > > nice to be able to have a virtualised network with my many domUs.
> > >
> > > Then I came across this thing:- http://mln.sourceforge.net/
> > > Anyone tried it? Recommend? How far can I take bridging? Can I
> > > simulate a net without being actually physically connected to
one?
> > >
> > > </networking noob/>
> > >
> >
> >
> 
> 
> --
> John Maclean  - 07739 171 531
> MSc (DIC)
> 
> 

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users