Fedora xen - Nov 2007 - Fedora Core 8 + Xenbr0 + network bridging?

Hello all,

 

I was working with Xen and Cent OS and by default a virtual networking
driver called Xenbr0 was created that acted as a "pass through" for
the
virtual machine. IE that machine contacted our real DHCP server and
requested an IP address and all was well. However, on Fedora Core 8 it
seems that the default networking setup is to use virbr0 and to have a
totally different subnet and the host machine assigning IP addresses to
the guests...

 

How can I get back to just a pure network bridge that had the guests
contact our DHCP server for leases?

 

Thanks!

 

David



****************************************************************************
            Checked by MailWasher server (www.Firetrust.com)
                WARNING. No FirstAlert account found.
             To reduce spam further activate FirstAlert.
    This message can be removed by purchasing a FirstAlert Account.
****************************************************************************

This changed from FC6 to F7 with the nifty new http://www.libvirt.org/. You want
to disable the default network that libvirt sets up and configure your settings
in /etc/sysconfig/network-scripts/.

Configure /etc/xen/xend-config.sxp by changing "(network-script
network-bridge)" to "(network-script /bin/true)".

Also see: 
# virsh net-list
# virsh net-destroy

This may help you with the bridge configuration:
https://www.redhat.com/archives/fedora-xen/2007-August/msg00040.html

--
Dale Bewley - Unix Administrator - Shields Library - UC Davis
GPG: 0xB098A0F3 0D5A 9AEB 43F4 F84C 7EFD  1753 064D 2583 B098 A0F3

Thank Dale for your quick reply! I''ve definitely started to realize
that
libvirt was what was creating the 192.168.122 subnet but I''m still
unclear on what I''d need to do to go back to something like xenbr0.

What would I end up putting into /etc/sysconfi/network-scripts after
changing the line to /bin/true that would allow my xen guests to just
get IPs on the same subnet that the host is on. Just passing
communication through.

Thanks again and my apologies if this sounds like a stupid question :-)

David

-----Original Message-----
From: Dale Bewley [mailto:dlbewley@lib.ucdavis.edu] 
Sent: Friday, November 30, 2007 1:40 PM
To: David Levinger
Cc: fedora-xen@redhat.com
Subject: Re: [Fedora-xen] Fedora Core 8 + Xenbr0 + network bridging?

This changed from FC6 to F7 with the nifty new http://www.libvirt.org/.
You want to disable the default network that libvirt sets up and
configure your settings in /etc/sysconfig/network-scripts/.

Configure /etc/xen/xend-config.sxp by changing "(network-script
network-bridge)" to "(network-script /bin/true)".

Also see: 
# virsh net-list
# virsh net-destroy

This may help you with the bridge configuration:
https://www.redhat.com/archives/fedora-xen/2007-August/msg00040.html

--
Dale Bewley - Unix Administrator - Shields Library - UC Davis
GPG: 0xB098A0F3 0D5A 9AEB 43F4 F84C 7EFD  1753 064D 2583 B098 A0F3



************************************************************************
****
            Checked by MailWasher server (www.Firetrust.com)
                WARNING. No FirstAlert account found.
             To reduce spam further activate FirstAlert.
    This message can be removed by purchasing a FirstAlert Account.
************************************************************************
****

On Fri, Nov 30, 2007 at 02:04:30PM -0800, David Levinger
wrote:
> Thank Dale for your quick reply! I''ve definitely started to
realize that
> libvirt was what was creating the 192.168.122 subnet but I''m still
> unclear on what I''d need to do to go back to something like
xenbr0.
> 
> What would I end up putting into /etc/sysconfi/network-scripts after
> changing the line to /bin/true that would allow my xen guests to just
> get IPs on the same subnet that the host is on. Just passing
> communication through.
> 
> Thanks again and my apologies if this sounds like a stupid question :-)
> 
> David
Hi David.

The instructions you need to set up bridging on a Fedora or RHEL
installation are at
http://watzmann.net/blog/index.php/2007/04/27/networking_with_kvm_and_libvirt
. Basically what you wind up doing is disabling Xen bridging
altogether and using your linux distribution''s networking scripts to
set the bridge up reliably for your guests. The only reason not to use
Xen''s native bridging is that it tries to be distro-agnostic and the
result is predictably poor. Once you disable that (by the "/bin/true"
change above) and set up the bridge as described, you should have no
difficulty. 

Best of luck,
--Hugh

----- "David Levinger" <davidl@matissenetworks.com>
wrote:
> Thank Dale for your quick reply! I''ve definitely started to
realize
> that
> libvirt was what was creating the 192.168.122 subnet but I''m still
> unclear on what I''d need to do to go back to something like
xenbr0.
> 
> What would I end up putting into /etc/sysconfi/network-scripts after
> changing the line to /bin/true that would allow my xen guests to just
> get IPs on the same subnet that the host is on. Just passing
> communication through.
> 
> Thanks again and my apologies if this sounds like a stupid question
> :-)
> 
> David
I have a bridge on VLAN 6 so I call it br6 you can use xenbr0 is you like. Mine
mostly looks something like this after removing the VLAN trunk complication:

# cat ifcfg-eth0
DEVICE=eth0
BOOTPROTO=none
ONBOOT=yes
BRIDGE=br6

# cat ifcfg-br6
DEVICE=br6
TYPE=Bridge
BOOTPROTO=static
ONBOOT=yes
IPADDR=10.10.6.1
NETMASK=255.255.255.0
NETWORK=10.10.6.0
BROADCAST=10.10.6.255

Now your primary IP of your dom0 lives on the br6 interface. Your
domU''s will be on the same VLAN and should see your DHCP server.
Don''t forget to enable IP forwarding.

# grep phys /etc/sysconfig/iptables
-A FORWARD -m physdev  --physdev-is-bridged -j ACCEPT

# grep forward /etc/sysctl.conf
# Controls IP packet forwarding
net.ipv4.ip_forward = 1

p.s. use ''brctl show'' to see your bridges.
--
Dale Bewley - Unix Administrator - Shields Library - UC Davis
GPG: 0xB098A0F3 0D5A 9AEB 43F4 F84C 7EFD  1753 064D 2583 B098 A0F3

Thanks to both of you guys for helping me out with this! I think I''ve
gotten the idea and now have eth0 up and functional in the way you
described!

However, I realized that there is one additional thing that I would like
to do and that is have eth0 and eth1 bonded together and have the Xen
machines use that bond just like they are currently using the eth0
device. 

I tried doing this in the way that I normally would, bonding them
together, however, it didn''t seem happy afterward. Have either of you
guys done that and if so are there some gotchas I might have missed?

Either way, thank you so much for helping me out with this and
explaining it! It is very much appreciated!

David

-----Original Message-----
From: Dale Bewley [mailto:dlbewley@lib.ucdavis.edu] 
Sent: Friday, November 30, 2007 2:27 PM
To: David Levinger
Cc: fedora-xen@redhat.com
Subject: Re: [Fedora-xen] Fedora Core 8 + Xenbr0 + network bridging?

----- "David Levinger" <davidl@matissenetworks.com>
wrote:
> Thank Dale for your quick reply! I''ve definitely started to
realize
> that
> libvirt was what was creating the 192.168.122 subnet but I''m still
> unclear on what I''d need to do to go back to something like
xenbr0.
> 
> What would I end up putting into /etc/sysconfi/network-scripts after
> changing the line to /bin/true that would allow my xen guests to just
> get IPs on the same subnet that the host is on. Just passing
> communication through.
> 
> Thanks again and my apologies if this sounds like a stupid question
> :-)
> 
> David
I have a bridge on VLAN 6 so I call it br6 you can use xenbr0 is you
like. Mine mostly looks something like this after removing the VLAN
trunk complication:

# cat ifcfg-eth0
DEVICE=eth0
BOOTPROTO=none
ONBOOT=yes
BRIDGE=br6

# cat ifcfg-br6
DEVICE=br6
TYPE=Bridge
BOOTPROTO=static
ONBOOT=yes
IPADDR=10.10.6.1
NETMASK=255.255.255.0
NETWORK=10.10.6.0
BROADCAST=10.10.6.255

Now your primary IP of your dom0 lives on the br6 interface. Your
domU''s
will be on the same VLAN and should see your DHCP server. Don''t forget
to enable IP forwarding.

# grep phys /etc/sysconfig/iptables
-A FORWARD -m physdev  --physdev-is-bridged -j ACCEPT

# grep forward /etc/sysctl.conf
# Controls IP packet forwarding
net.ipv4.ip_forward = 1

p.s. use ''brctl show'' to see your bridges.
--
Dale Bewley - Unix Administrator - Shields Library - UC Davis
GPG: 0xB098A0F3 0D5A 9AEB 43F4 F84C 7EFD  1753 064D 2583 B098 A0F3



************************************************************************
****
            Checked by MailWasher server (www.Firetrust.com)
                WARNING. No FirstAlert account found.
             To reduce spam further activate FirstAlert.
    This message can be removed by purchasing a FirstAlert Account.
************************************************************************
****

I haven''t done bonding, but you should be able to bond them and then
compose a bridge on top of this bonded device I would think.

--
Dale Bewley - Unix Administrator - Shields Library - UC Davis
GPG: 0xB098A0F3 0D5A 9AEB 43F4 F84C 7EFD  1753 064D 2583 B098 A0F3

just FYI for the list, I have a how-to for a bonded and VLAN tagged network.

http://www.certifried.com

ODT and PDF formats available.

It might not be the best way, but I''ve sent it out to my colleagues 
several times and have never received any negative feedback.

Mark



Dale Bewley wrote:
> I haven''t done bonding, but you should be able to bond them and
then compose a bridge on top of this bonded device I would think.
>
> --
> Dale Bewley - Unix Administrator - Shields Library - UC Davis
> GPG: 0xB098A0F3 0D5A 9AEB 43F4 F84C 7EFD  1753 064D 2583 B098 A0F3
>
> --
> Fedora-xen mailing list
> Fedora-xen@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-xen
>