Bhargava Ramu Kavati
2010-Jan-11 07:21 UTC
[Xen-users] vlan id configuration on domU on Xen
Hi,
I am using the below procedure for vlan configuration with ethernet
interface sharing on Xen.
i) configure vlan on interface that is to be shared.
vconfig add ethx 5
ii) Call the below script from xend-config file.
dir=$(dirname "$0")
"$dir/network-bridge" "$@" netdev=ethx.5 vifnum=0
bridge=xenbr0V5
iii) Use the bridge created above in VM''s config file.
iv) Ping from all the VMs (to which ethx.5 is shared) to external host
(which is already in vlan id 5) succeeds.
If we want to verify the same scenario on ESXi, first vswitch needs to be
configured with vlan id 4095 and the VM need to be configured with vlan id 5
(*"vconfig add ethx 5"* on VM). Then ping from VM to external host
(already
in vlan id 5) succeeds.
Whereas in case of Xen, we did not configure the VM''s interface using
*"vconfig
add*". We just attached VM''s interface to xenbr created.
Can you please clarify why the approach is different on Xen when compared to
ESXi. Is there any design/security related issue here on Xen?
Thank you in advance.....
Thanks & Regards,
Ramu
_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users
Fajar A. Nugraha
2010-Jan-11 07:32 UTC
Re: [Xen-users] vlan id configuration on domU on Xen
On Mon, Jan 11, 2010 at 2:21 PM, Bhargava Ramu Kavati <ramu.kavati@gmail.com> wrote:> Hi, > I am using the below procedure for vlan configuration with ethernet > interface sharing on Xen. > i) configure vlan on interface that is to be shared. > vconfig add ethx 5 > ii) Call the below script from xend-config file. > dir=$(dirname "$0") > "$dir/network-bridge" "$@" netdev=ethx.5 vifnum=0 bridge=xenbr0V5 > iii) Use the bridge created above in VM''s config file. > iv) Ping from all the VMs (to which ethx.5 is shared) to external host > (which is already in vlan id 5) succeeds. > If we want to verify the same scenario on ESXi, first vswitch needs to be > configured with vlan id 4095 and the VM need to be configured with vlan id 5 > ("vconfig add ethx 5" on VM). Then ping from VM to external host (already > in vlan id 5) succeeds. > Whereas in case of Xen, we did not configure the VM''s interface using > "vconfig add". We just attached VM''s interface to xenbr created. > > Can you please clarify why the approach is different on Xen when compared to > ESXi.Depends on your design and what you need. The ESXi approach that you mention basically assigns the whole trunk to VMs. You can do the same thing with Xen if you want, bridging ethx instead of ethx.5. The main question is, do you trust your VM users enough to give them trunk access? -- Fajar _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users