Xen users - Feb 2009 - Confused about how to setup Private networking between Apps on different Domus

I just started working on Xen for my office setup a couple of weeks
ago, and got to the point where I can install just about everything I
need as a simple Guest.

Now I''m trying to setup private communications between Domus, using
bridges with internal IP addresses.

For example

Internet
  |
  | 192.x.x.1
Dom0 -------- Bridge A ---- Domu #1
  |                        |
  |                        | Private Bridge, 10.0.0.X
  | 192.x.x.2              |
  |---------- Bridge B ---- Domu #2
  |                        |
  |                        | Private Bridge, 10.0.0.X
  | 192.x.x.3              |
  |---------- Bridge C ---- Domu #3

(Sorry, I''m not too sure about drawing these things the right way)

Domus #1 & #3 are Apache web servers and Domu #2 is a Mysql database server.

If I do everything over the 192. addresses, everything talks to everything.

With this new setup I''ve got each of the Domus configured with 2 IP
addresses but I can''t figure out how to get the web servers to talk to
the database server over Private Bridges.  In other words using the
10. addresses, not the 192. addresses.

I''m stuck about understanding how this is supposed to work, and what
I''m supposed to set where.  I guess its supposed to be possible.  But
I really have been spinning my wheels for a couple of days.

Can someone please help with a suggestion or two about what to do here?


BobbyDR

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Robert Danruffin wrote:
>I just started working on Xen for my office setup a couple of weeks
>ago, and got to the point where I can install just about everything I
>need as a simple Guest.
>
>Now I''m trying to setup private communications between Domus, using
>bridges with internal IP addresses.
>
>For example
>
>Internet
>   |
>   | 192.x.x.1
>Dom0 -------- Bridge A ---- Domu #1
>   |                        |
>   |                        | Private Bridge, 10.0.0.X
>   | 192.x.x.2              |
>   |---------- Bridge B ---- Domu #2
>   |                        |
>   |                        | Private Bridge, 10.0.0.X
>   | 192.x.x.3              |
>   |---------- Bridge C ---- Domu #3
>
>(Sorry, I''m not too sure about drawing these things the right way)
>
>Domus #1 & #3 are Apache web servers and Domu #2 is a Mysql database
server.
>
>If I do everything over the 192. addresses, everything talks to everything.
>
>With this new setup I''ve got each of the Domus configured with 2 IP
>addresses but I can''t figure out how to get the web servers to talk
to
>the database server over Private Bridges.  In other words using the
>10. addresses, not the 192. addresses.
>
>I''m stuck about understanding how this is supposed to work, and
what
>I''m supposed to set where.
Look up in the various howto''s, and the archives for the list how to 
set up two bridges with two ethernet cards in Dom0. Then you''ll find 
somewhere in the docs how to do it with a ''dummy'' ethernet
card in
Dom0 - though personally I never got this to work. I''ve never got a 
bridge to work where the Dom0 didn''t have an interface in it.

Once you''ve got that working, the routing should be automatic - each 
DomU will see that it has a local interface on 10.0.0.0 and will 
route via that rather than via the default route on 192.x.x.0.

-- 
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

On Mon, February 16, 2009 6:47 am, Robert Danruffin
wrote:
> I just started working on Xen for my office setup a couple of weeks
> ago, and got to the point where I can install just about everything I
> need as a simple Guest.
>
> Now I''m trying to setup private communications between Domus,
using
> bridges with internal IP addresses.
>
> For example
>
> Internet
>   |
>   | 192.x.x.1
> Dom0 -------- Bridge A ---- Domu #1
>   |                        |
>   |                        | Private Bridge, 10.0.0.X
>   | 192.x.x.2              |
>   |---------- Bridge B ---- Domu #2
>   |                        |
>   |                        | Private Bridge, 10.0.0.X
>   | 192.x.x.3              |
>   |---------- Bridge C ---- Domu #3
>
> (Sorry, I''m not too sure about drawing these things the right way)
>
> Domus #1 & #3 are Apache web servers and Domu #2 is a Mysql database
> server.
>
> If I do everything over the 192. addresses, everything talks to
> everything.
>
> With this new setup I''ve got each of the Domus configured with 2
IP
> addresses but I can''t figure out how to get the web servers to
talk to
> the database server over Private Bridges.  In other words using the
> 10. addresses, not the 192. addresses.
>
> I''m stuck about understanding how this is supposed to work, and
what
> I''m supposed to set where.  I guess its supposed to be possible. 
But
> I really have been spinning my wheels for a couple of days.
>
> Can someone please help with a suggestion or two about what to do here?
I think I can help here, but not using the xen-scripts to create the
bridges. Never did get that part to work.

As I don''t know what you are using for the dom0, I will keep this
generic.
You''ll need to make sure you have the right packages installed for the
following.

As you already have the 192.x network working, the following should set up
the 10.x network (All this has to be done on the dom0)

1) Create a bridge device ( brctl addbr <name of bridge> )
2) Bring bridge device up ( ifconfig <name of bridge> up )

In the configuration for the domU, add the new bridge to the
''vif'' part.
As example, the vif=... for my firewall domU is:
---
vif = [''mac=00:16:3E:10:01:02,bridge=netbr'',
   ''mac=00:16:3E:10:01:03,bridge=dmzbr'']
--- (above simplified)

This should then provide 2 networks in the domU, using the MAC-addresses
specified you can then identify which interface is for which bridge.
I use udev eth-renaming to easier identify the actual interface as well,
but that is not necessary to make this work.

Please let me know if the above makes sense.

--
Joost


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

On Mon, February 16, 2009 9:02 am, Simon Hobson wrote:
> Robert Danruffin wrote:
>>I just started working on Xen for my office setup a couple of weeks ago,
and got to the point where I can install just about everything I need as
a simple Guest.
>>
>>Now I''m trying to setup private communications between Domus,
using
bridges with internal IP addresses.
>>
>>For example
>>
>>Internet
>>   |
>>   | 192.x.x.1
>>Dom0 -------- Bridge A ---- Domu #1
>>   |                        |
>>   |                        | Private Bridge, 10.0.0.X
>>   | 192.x.x.2              |
>>   |---------- Bridge B ---- Domu #2
>>   |                        |
>>   |                        | Private Bridge, 10.0.0.X
>>   | 192.x.x.3              |
>>   |---------- Bridge C ---- Domu #3
>>
>>(Sorry, I''m not too sure about drawing these things the right
way)
>>
>>Domus #1 & #3 are Apache web servers and Domu #2 is a Mysql database
>> server.
>>
>>If I do everything over the 192. addresses, everything talks to
>> everything.
>>
>>With this new setup I''ve got each of the Domus configured with
2 IP
addresses but I can''t figure out how to get the web servers to talk to
the database server over Private Bridges.  In other words using the 10.
addresses, not the 192. addresses.
>>
>>I''m stuck about understanding how this is supposed to work, and
what I''m
supposed to set where.
>
> Look up in the various howto''s, and the archives for the list how
to set
up two bridges with two ethernet cards in Dom0. Then you''ll find
somewhere in the docs how to do it with a ''dummy'' ethernet
card in Dom0
- though personally I never got this to work. I''ve never got a bridge
to
work where the Dom0 didn''t have an interface in
it.
>
> Once you''ve got that working, the routing should be automatic -
each
DomU will see that it has a local interface on 10.0.0.0 and will route
via that rather than via the default route on 192.x.x.0.

I actually got that working, but I only use the xen-script for the bridge
that my dom0 is using.
The other bridges I am doing ''manually'' in a script using
''brctl''.

If you really want to know how to set that up, let me know and I will post
my configs to the list tonight.

--
Joost




_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Hi,

Thanks a lot for the ideas.

I got it all working once I got the fact that "the routing should be
automatic".

I didn''t use the xen-scripts. I couldn''t get them to work
either.  I
thought it was me, but after reading your comments I gave up.

It took a while to figure it out reading online but finally I just set
up a Private Bridge configuration in the Dom0 and used it in the Guest
configuration.


The web server and the database are now talking to one another over
the private lan!

Thanks much!

BobbyDR

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users