B.G. Bruce
2005-Jan-19 21:11 UTC
[Xen-devel] Must have been asked before, but I can''t find the solution
I''m attempting to migrate from vmware to xen, however I need to be able
to run more than one bridge. Think of it this way:
xen0 xenU-1 xenU-2 xenU-3
------------------------------------------------------------------------
Inside_bridge_1: eth0 vm1_eth0 vm2_eth0
virtual_switch_2: vm1_eth1 vm2_eth1 vm3_eth1
Outside_bridge_3: eth1 vm2_eth2 vm3_eth0
Now, I can modify the existing network/vif-bridge or build replacement
scripts/config files that will get this done, with the exception of the
MAC. If you configure (xen-2.0.3-src.tar.bz2) a domain for more than 1
nic, the xenU domains use the same MAC for all interfaces. EX.
devel root # ip link
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether aa:00:00:0d:d0:26 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 1000
link/ether aa:00:00:0d:d0:26 brd ff:ff:ff:ff:ff:ff
4: eth2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 1000
link/ether aa:00:00:0d:d0:26 brd ff:ff:ff:ff:ff:ff
5: eth3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 1000
link/ether aa:00:00:0d:d0:26 brd ff:ff:ff:ff:ff:ff
How/where do I change this? (not in the config file as far as I can
tell)
Thanks,
B.
-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xen-devel
Ian Pratt
2005-Jan-19 21:21 UTC
RE: [Xen-devel] Must have been asked before, but I can''t find the solution
> I''m attempting to migrate from vmware to xen, however I need > to be able > to run more than one bridge.Should be no problem.> Now, I can modify the existing network/vif-bridge or build replacement > scripts/config files that will get this done, with the > exception of the > MAC. If you configure (xen-2.0.3-src.tar.bz2) a domain for > more than 1 > nic, the xenU domains use the same MAC for all interfaces. EX.OK, we need to add the vif number into the MAC generation hash. Anyone care to submit a patch?> How/where do I change this? (not in the config file as far as I can > tell)I believe you can set the MAC for each vif. Ian ------------------------------------------------------- This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting Tool for open source databases. Create drag-&-drop reports. Save time by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. Download a FREE copy at http://www.intelliview.com/go/osdn_nl _______________________________________________ Xen-devel mailing list Xen-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/xen-devel
B.G. Bruce
2005-Jan-19 21:32 UTC
RE: [Xen-devel] Must have been asked before, but I can''t find the solution
On Wed, 2005-01-19 at 17:21, Ian Pratt wrote:> > I''m attempting to migrate from vmware to xen, however I need > > to be able > > to run more than one bridge. > > Should be no problem. > > > Now, I can modify the existing network/vif-bridge or build replacement > > scripts/config files that will get this done, with the > > exception of the > > MAC. If you configure (xen-2.0.3-src.tar.bz2) a domain for > > more than 1 > > nic, the xenU domains use the same MAC for all interfaces. EX. > > OK, we need to add the vif number into the MAC generation hash. Anyone > care to submit a patch? > > > How/where do I change this? (not in the config file as far as I can > > tell) > > I believe you can set the MAC for each vif.WHERE? I must be missing something but for the life of me, I have not been able to set this for anything other than eth0. If it CAN be done in the config file, please give an example. Thanks, B.> > Ian > > > ------------------------------------------------------- > This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting > Tool for open source databases. Create drag-&-drop reports. Save time > by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. > Download a FREE copy at http://www.intelliview.com/go/osdn_nl > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/xen-devel >------------------------------------------------------- This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting Tool for open source databases. Create drag-&-drop reports. Save time by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. Download a FREE copy at http://www.intelliview.com/go/osdn_nl _______________________________________________ Xen-devel mailing list Xen-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/xen-devel
Kip Macy
2005-Jan-19 21:51 UTC
RE: [Xen-devel] Must have been asked before, but I can''t find the solution
> > WHERE? I must be missing something but for the life of me, I have not > been able to set this for anything other than eth0. If it CAN be done > in the config file, please give an example.and the voodoo is ... vif = [ mac=aa:1:0:0:3:37,bridge=xen-br0 ] let me know if you want the complete context that this comes from -Kip> > Thanks, > > B. > > > > > Ian > > > > > > ------------------------------------------------------- > > This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting > > Tool for open source databases. Create drag-&-drop reports. Save time > > by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. > > Download a FREE copy at http://www.intelliview.com/go/osdn_nl > > _______________________________________________ > > Xen-devel mailing list > > Xen-devel@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/xen-devel > > > > > ------------------------------------------------------- > This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting > Tool for open source databases. Create drag-&-drop reports. Save time > by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. > Download a FREE copy at http://www.intelliview.com/go/osdn_nl > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/xen-devel >------------------------------------------------------- This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting Tool for open source databases. Create drag-&-drop reports. Save time by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. Download a FREE copy at http://www.intelliview.com/go/osdn_nl _______________________________________________ Xen-devel mailing list Xen-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/xen-devel
Felipe Alfaro Solana
2005-Jan-19 21:52 UTC
Re: [Xen-devel] Must have been asked before, but I can''t find the solution
On 19 Jan 2005, at 22:21, Ian Pratt wrote:> >> I''m attempting to migrate from vmware to xen, however I need >> to be able >> to run more than one bridge. > > Should be no problem. > >> Now, I can modify the existing network/vif-bridge or build replacement >> scripts/config files that will get this done, with the >> exception of the >> MAC. If you configure (xen-2.0.3-src.tar.bz2) a domain for >> more than 1 >> nic, the xenU domains use the same MAC for all interfaces. EX. > > OK, we need to add the vif number into the MAC generation hash. Anyone > care to submit a patch? > >> How/where do I change this? (not in the config file as far as I can >> tell) > > I believe you can set the MAC for each vif.Yep! By adding vif = [ "mac = XX:XX:XX:XX:XX:XX" ] to the domain configuration file. ------------------------------------------------------- This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting Tool for open source databases. Create drag-&-drop reports. Save time by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. Download a FREE copy at http://www.intelliview.com/go/osdn_nl _______________________________________________ Xen-devel mailing list Xen-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/xen-devel
B.G. Bruce
2005-Jan-19 22:08 UTC
Re: [Xen-devel] Must have been asked before, but I can''t find the solution
On Wed, 2005-01-19 at 17:52, Felipe Alfaro Solana wrote:> On 19 Jan 2005, at 22:21, Ian Pratt wrote: > > > > >> I''m attempting to migrate from vmware to xen, however I need > >> to be able > >> to run more than one bridge. > > > > Should be no problem. > > > >> Now, I can modify the existing network/vif-bridge or build replacement > >> scripts/config files that will get this done, with the > >> exception of the > >> MAC. If you configure (xen-2.0.3-src.tar.bz2) a domain for > >> more than 1 > >> nic, the xenU domains use the same MAC for all interfaces. EX. > > > > OK, we need to add the vif number into the MAC generation hash. Anyone > > care to submit a patch? > > > >> How/where do I change this? (not in the config file as far as I can > >> tell) > > > > I believe you can set the MAC for each vif. > > Yep! By adding > > vif = [ "mac = XX:XX:XX:XX:XX:XX" ] > > to the domain configuration file. >Ok, yes, that works for eth0, but what about eth1,eth2,eth3,.... what voodoo do I use for multiple vif? B.> > > ------------------------------------------------------- > This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting > Tool for open source databases. Create drag-&-drop reports. Save time > by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. > Download a FREE copy at http://www.intelliview.com/go/osdn_nl > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/xen-devel >------------------------------------------------------- This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting Tool for open source databases. Create drag-&-drop reports. Save time by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. Download a FREE copy at http://www.intelliview.com/go/osdn_nl _______________________________________________ Xen-devel mailing list Xen-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/xen-devel
Kip Macy
2005-Jan-19 22:13 UTC
Re: [Xen-devel] Must have been asked before, but I can''t find the solution
bootscript "xenargs":
more ~mowat/xen/xenargs
BSD_KERNEL=/u/mowat/p4/tricks/freebsd/usr/src/sys/i386/compile/XENCONF/kernel
CONFIG=/u/mowat/xen/freebsd
BOOTARGS="boot_verbose=yes, boot_gdb=yes"
# Other BSD bootargs
#
# boot_single=yes
# boot_gdb_pause=yes
# curly IP addresses
# SIM_NAME=xen-vm1
# IPADDR="172.16.9.213 172.16.9.214"
# DISKS=loop5
#
# Don''t need to specify number of NICS if we specify the list of MACs
# NICS=2
# mowat1/mowat2 sim IPs
SIM_NAME=mowat1
IPADDR="10.56.18.123 10.56.18.125"
MACS="aa:1:0:0:3:37 aa:1:0:0:3:38"
DISKS="loop0 loop1 loop2 loop3 loop4 loop5 loop6 loop7"
xm create -f $CONFIG -c name=$SIM_NAME ipstr="$IPADDR"
macstr="$MACS"
diskstr="$DI
SKS" bsdbootargs="$BOOTARGS" kernel=$BSD_KERNEL
excerpt from /u/mowat/xen/freebsd:
i = 0
vlist = string.split(macstr,'' '')
for vintf in vlist:
if vintf == "":
break
if i == 0:
vif = [ "mac="+vintf+",bridge=xen-br0" ]
else:
vif += [ "mac="+vintf+",bridge=xen-br0" ]
i = i + 1
try:
nics
except:
if i > 1:
nics = i
On Wed, 19 Jan 2005, B.G. Bruce wrote:
> On Wed, 2005-01-19 at 17:52, Felipe Alfaro Solana wrote:
> > On 19 Jan 2005, at 22:21, Ian Pratt wrote:
> >
> > >
> > >> I''m attempting to migrate from vmware to xen,
however I need
> > >> to be able
> > >> to run more than one bridge.
> > >
> > > Should be no problem.
> > >
> > >> Now, I can modify the existing network/vif-bridge or build
replacement
> > >> scripts/config files that will get this done, with the
> > >> exception of the
> > >> MAC. If you configure (xen-2.0.3-src.tar.bz2) a domain for
> > >> more than 1
> > >> nic, the xenU domains use the same MAC for all interfaces.
EX.
> > >
> > > OK, we need to add the vif number into the MAC generation hash.
Anyone
> > > care to submit a patch?
> > >
> > >> How/where do I change this? (not in the config file as far as
I can
> > >> tell)
> > >
> > > I believe you can set the MAC for each vif.
> >
> > Yep! By adding
> >
> > vif = [ "mac = XX:XX:XX:XX:XX:XX" ]
> >
> > to the domain configuration file.
> >
>
> Ok, yes, that works for eth0, but what about eth1,eth2,eth3,.... what
> voodoo do I use for multiple vif?
>
> B.
>
> >
> >
> > -------------------------------------------------------
> > This SF.Net email is sponsored by: IntelliVIEW -- Interactive
Reporting
> > Tool for open source databases. Create drag-&-drop reports. Save
time
> > by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
> > Download a FREE copy at http://www.intelliview.com/go/osdn_nl
> > _______________________________________________
> > Xen-devel mailing list
> > Xen-devel@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/xen-devel
> >
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
> Tool for open source databases. Create drag-&-drop reports. Save time
> by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
> Download a FREE copy at http://www.intelliview.com/go/osdn_nl
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/xen-devel
>
-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xen-devel
Mark Williamson
2005-Jan-20 13:01 UTC
Re: [Xen-devel] Must have been asked before, but I can''t find the solution
> Ok, yes, that works for eth0, but what about eth1,eth2,eth3,.... what > voodoo do I use for multiple vif?Square brackets mean it''s a list (config files are really Python scripts that get run in a sandbox, so this is in fact just a Python list!): vif = [ "mac = XX:XX:XX:XX:XX:XX", "mac = XX:XX:XX:XX:XX:XX" ] Should give you the functionality you want. HTH, Mark> > B. > > > ------------------------------------------------------- > > This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting > > Tool for open source databases. Create drag-&-drop reports. Save time > > by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. > > Download a FREE copy at http://www.intelliview.com/go/osdn_nl > > _______________________________________________ > > Xen-devel mailing list > > Xen-devel@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/xen-devel > > ------------------------------------------------------- > This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting > Tool for open source databases. Create drag-&-drop reports. Save time > by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. > Download a FREE copy at http://www.intelliview.com/go/osdn_nl > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/xen-devel------------------------------------------------------- This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting Tool for open source databases. Create drag-&-drop reports. Save time by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. Download a FREE copy at http://www.intelliview.com/go/osdn_nl _______________________________________________ Xen-devel mailing list Xen-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/xen-devel
B.G. Bruce
2005-Jan-20 15:30 UTC
Re: [Xen-devel] Must have been asked before, but I can''t find the solution
THANK YOU!!!
vif = [ "mac=aa:00:00:00:00:11, bridge=priv",
"mac=aa:00:00:00:00:12,
bridge=pub", "mac=aa:00:00:00:00:13, bridge=mgmt",
"mac=aa:00:00:00:00:14, bridge=vsw0" ]
returns:
devel root # ip link
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether aa:00:00:00:00:11 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 1000
link/ether aa:00:00:00:00:12 brd ff:ff:ff:ff:ff:ff
4: eth2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 1000
link/ether aa:00:00:00:00:13 brd ff:ff:ff:ff:ff:ff
5: eth3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 1000
link/ether aa:00:00:00:00:14 brd ff:ff:ff:ff:ff:ff
On Thu, 2005-01-20 at 09:01, Mark Williamson wrote:> > Ok, yes, that works for eth0, but what about eth1,eth2,eth3,.... what
> > voodoo do I use for multiple vif?
>
> Square brackets mean it''s a list (config files are really Python
scripts that
> get run in a sandbox, so this is in fact just a Python list!):
>
> vif = [ "mac = XX:XX:XX:XX:XX:XX", "mac =
XX:XX:XX:XX:XX:XX" ]
>
> Should give you the functionality you want.
>
> HTH,
> Mark
>
> >
> > B.
> >
> > > -------------------------------------------------------
> > > This SF.Net email is sponsored by: IntelliVIEW -- Interactive
Reporting
> > > Tool for open source databases. Create drag-&-drop reports.
Save time
> > > by over 75%! Publish reports on the web. Export to DOC, XLS, RTF,
etc.
> > > Download a FREE copy at http://www.intelliview.com/go/osdn_nl
> > > _______________________________________________
> > > Xen-devel mailing list
> > > Xen-devel@lists.sourceforge.net
> > > https://lists.sourceforge.net/lists/listinfo/xen-devel
> >
> > -------------------------------------------------------
> > This SF.Net email is sponsored by: IntelliVIEW -- Interactive
Reporting
> > Tool for open source databases. Create drag-&-drop reports. Save
time
> > by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
> > Download a FREE copy at http://www.intelliview.com/go/osdn_nl
> > _______________________________________________
> > Xen-devel mailing list
> > Xen-devel@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/xen-devel
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
> Tool for open source databases. Create drag-&-drop reports. Save time
> by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
> Download a FREE copy at http://www.intelliview.com/go/osdn_nl
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/xen-devel
>
-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xen-devel
What I''d LOVE to achieve with XEN (for security reasons) is the following: DOM0: minimal linux install with LVM2 primarily for backending the ide disks. BE_NIC_0: Back end NIC_0 domain (bridge) with minimal linux install - no ip address assigned - using ebtables to filter/protect BE_NIC_1: Same as BE_NIC_0 only for NIC_1 BE_VNIC_2: Back end for a "virtual nic"/bridge for DomU to DomU communication (DMZ). BE_MGMT: firewall config/mgmt console (xwindows) (preferred x displaying (direct) through AGP on console - is this possible) and ntp/clock sync (can this happen here or does it have to happen on DOM0?). Various front end DomU''s: for router/fw and various application layer gateways. My idea here is to be able to isolate the components into minimal operating environments allowing for specific need/application to be rebooted without having to reboot the entire box should that particular component be DoS''ed. Your thoughts on this setup would be appreciated (also you can see that having a socket interface rather than an ip interface for XEND would be of GREAT advantage). Now, I''ve tried setting this up but I''m running into some confusion here. 1) I only seem to be able to compile the actual NIC drivers with DOM0 (e100/e1000/3c95x, etc). Is this where I should be compiling them even though the NIC''s will be used in another DOM? If not, how do I go about compiling the drivers for the BE DOM''S? (they don''t show up as options - yes, I do have XEN_PHYSDEV_ACCESS and XEN_NETDEV_BACKEND enabled. 2) Even with pci_dom0_hide=(01,01,0)(02,00,0) as part of my grub.conf (for the startup of xen.gz), I still see these devices under DOM0, is this normal? lspci shows the devices as 0000:01:01.0 and 0000:02:00:0.0) respectively. Are my parameters to pci_dom0_hide correct? 3) Should I be using stable, testing or unstable for this? NOTE: stable and testing both are unable to attach xen console to ttyS whereas unstable works correctly for this. 4) It would be preferred to run X in a domain separate from Dom0, but still be accessible for use on the local console without having to install X and a VNC client in DOM0. Is this possible, or am I just dreaming here? Regards, B. ------------------------------------------------------- This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting Tool for open source databases. Create drag-&-drop reports. Save time by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. Download a FREE copy at http://www.intelliview.com/go/osdn_nl _______________________________________________ Xen-devel mailing list Xen-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/xen-devel
> DOM0: minimal linux install with LVM2 primarily for backending the ide > disks.Fine.> BE_NIC_0: Back end NIC_0 domain (bridge) with minimal linux install - > no ip address assigned - using ebtables to filter/protect > BE_NIC_1: Same as BE_NIC_0 only for NIC_1This should work, although a recent post suggested there was some sort of bug in the multiple backend support...> BE_VNIC_2: Back end for a "virtual nic"/bridge for DomU to DomU > communication (DMZ).So does this have any connections to the physical network cards at all? The problem is that AFAIK the current code won''t allow a domain to run a backend driver unless it''s controlling a real physical device.> BE_MGMT: firewall config/mgmt console (xwindows) (preferred x > displaying (direct) through AGP on console - is this possible) and > ntp/clock sync (can this happen here or does it have to happen on > DOM0?).Clock sync can probably only occur from dom0 at the moment. Likewise for AGP access (although one user had some success in giving a graphics card to a domU, it''s not fully working yet).> Various front end DomU''s: for router/fw and various application layer > gateways.Right.> My idea here is to be able to isolate the components into minimal > operating environments allowing for specific need/application to be > rebooted without having to reboot the entire box should that particular > component be DoS''ed.Makes sense.> 1) I only seem to be able to compile the actual NIC drivers with DOM0 > (e100/e1000/3c95x, etc). Is this where I should be compiling them even > though the NIC''s will be used in another DOM? If not, how do I go about > compiling the drivers for the BE DOM''S? (they don''t show up as options - > yes, I do have XEN_PHYSDEV_ACCESS and XEN_NETDEV_BACKEND enabled.Just stick all the drivers you need into a xen0 kernel, then use that kernel in any domain that''s talking to the hardware. You can use a xen0 kernel anywhere.> 2) Even with pci_dom0_hide=(01,01,0)(02,00,0) as part of my grub.conf > (for the startup of xen.gz), I still see these devices under DOM0, is > this normal? lspci shows the devices as 0000:01:01.0 and 0000:02:00:0.0) > respectively. Are my parameters to pci_dom0_hide correct?Try physdev_dom0_hide - pci_dom0_hide is a bug that got introduced to the docs at some point (I think it has now been fixed).> 3) Should I be using stable, testing or unstable for this? NOTE: > stable and testing both are unable to attach xen console to ttyS whereas > unstable works correctly for this.In general, use stable for production environments. Testing is the "next stable release" and so is quite stable itself (and may have additional bug fixes).> 4) It would be preferred to run X in a domain separate from Dom0, but > still be accessible for use on the local console without having to > install X and a VNC client in DOM0. Is this possible, or am I just > dreaming here?Possible in theory, in practice this doesn''t quite work yet. HTH, Mark ------------------------------------------------------- This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting Tool for open source databases. Create drag-&-drop reports. Save time by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. Download a FREE copy at http://www.intelliview.com/go/osdn_nl _______________________________________________ Xen-devel mailing list Xen-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/xen-devel
On Mon, 2005-01-24 at 12:18, Mark A. Williamson wrote:> > DOM0: minimal linux install with LVM2 primarily for backending the ide > > disks. > > Fine. > > > BE_NIC_0: Back end NIC_0 domain (bridge) with minimal linux install - > > no ip address assigned - using ebtables to filter/protect > > BE_NIC_1: Same as BE_NIC_0 only for NIC_1 > > This should work, although a recent post suggested there was some sort of bug > in the multiple backend support... > > > BE_VNIC_2: Back end for a "virtual nic"/bridge for DomU to DomU > > communication (DMZ). > > So does this have any connections to the physical network cards at all?No. Could I possibly use the "dummy" driver to handle this requirement?> The problem is that AFAIK the current code won''t allow a domain to run a > backend driver unless it''s controlling a real physical device. > > > BE_MGMT: firewall config/mgmt console (xwindows) (preferred x > > displaying (direct) through AGP on console - is this possible) and > > ntp/clock sync (can this happen here or does it have to happen on > > DOM0?). > > Clock sync can probably only occur from dom0 at the moment. Likewise for AGP > access (although one user had some success in giving a graphics card to a > domU, it''s not fully working yet).Ok, I can live with that for the moment ... hopefully this will be addressed in the near future?> > 1) I only seem to be able to compile the actual NIC drivers with DOM0 > > (e100/e1000/3c95x, etc). Is this where I should be compiling them even > > though the NIC''s will be used in another DOM? If not, how do I go about > > compiling the drivers for the BE DOM''S? (they don''t show up as options - > > yes, I do have XEN_PHYSDEV_ACCESS and XEN_NETDEV_BACKEND enabled. > > Just stick all the drivers you need into a xen0 kernel, then use that kernel > in any domain that''s talking to the hardware. You can use a xen0 kernel > anywhere.Wow, so you can run "multiple" dom0 images (one real dom0) - is there anything I need to add to the .sxp file to differentiate the non-dom0 domains from the real Dom0?> > 2) Even with pci_dom0_hide=(01,01,0)(02,00,0) as part of my grub.conf > > (for the startup of xen.gz), I still see these devices under DOM0, is > > this normal? lspci shows the devices as 0000:01:01.0 and 0000:02:00:0.0) > > respectively. Are my parameters to pci_dom0_hide correct? > > Try physdev_dom0_hide - pci_dom0_hide is a bug that got introduced to the docs > at some point (I think it has now been fixed).Not as of yesterday with regards to the doc available on your website.> > 3) Should I be using stable, testing or unstable for this? NOTE: > > stable and testing both are unable to attach xen console to ttyS whereas > > unstable works correctly for this. > > In general, use stable for production environments. Testing is the "next > stable release" and so is quite stable itself (and may have additional bug > fixes). > > > 4) It would be preferred to run X in a domain separate from Dom0, but > > still be accessible for use on the local console without having to > > install X and a VNC client in DOM0. Is this possible, or am I just > > dreaming here? > > Possible in theory, in practice this doesn''t quite work yet.Good to know - I''ll try it anyways and see if I''m lucky one of the lucky few, or if I have to wait.> HTH, > Mark >Thanks for the input! B. ------------------------------------------------------- This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting Tool for open source databases. Create drag-&-drop reports. Save time by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. Download a FREE copy at http://www.intelliview.com/go/osdn_nl _______________________________________________ Xen-devel mailing list Xen-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/xen-devel
On Monday 24 January 2005 17:36, B.G. Bruce wrote:> > > 2) Even with pci_dom0_hide=(01,01,0)(02,00,0) as part of my grub.conf > > > (for the startup of xen.gz), I still see these devices under DOM0, is > > > this normal? lspci shows the devices as 0000:01:01.0 and > > > 0000:02:00:0.0) respectively. Are my parameters to pci_dom0_hide > > > correct? > > > > Try physdev_dom0_hide - pci_dom0_hide is a bug that got introduced to the > > docs at some point (I think it has now been fixed). > > Not as of yesterday with regards to the doc available on your website.I had send a mail earlier this week asking the docs to be fixed. Apart from the s/physdev/pci/ change the format of the pci entries is not correct in the docs. You should use (01:01.0), etc. This differs from the syntax in the config files used to "unhide" the devices for certain domains. -- Gruss, Tobias ------------------------------------------------------------ Tobias Hunger The box said: ''Windows 95 or better'' tobias@aquazul.com So I installed Linux. ------------------------------------------------------------
B.G. Bruce wrote:> Wow, so you can run "multiple" dom0 images (one real dom0) - is there > anything I need to add to the .sxp file to differentiate the non-dom0 > domains from the real Dom0?As Mark said, you can run kernel compiled for dom0 as domU, if you add things like network frontend and blockdev frontend. The only drawback is greater kernel (-> bigger memory usage, bigger risk of bugs and exploits, maybe (hardly measurable) slowdown?). Only one of them will act as a real "domain0". -jkt -- cd /local/pub && more beer > /dev/mouth ------------------------------------------------------- This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting Tool for open source databases. Create drag-&-drop reports. Save time by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. Download a FREE copy at http://www.intelliview.com/go/osdn_nl _______________________________________________ Xen-devel mailing list Xen-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/xen-devel
> > > BE_VNIC_2: Back end for a "virtual nic"/bridge for DomU to DomU > > > communication (DMZ). > > > > So does this have any connections to the physical network cards at all? > > No. Could I possibly use the "dummy" driver to handle this requirement?Don''t think so. The main problem is that this domain needs to have privileges to access other domains memory (otherwise the backend driver doesn''t work). I don''t know of a way to specify this in a domain config.> > Clock sync can probably only occur from dom0 at the moment. Likewise for > > AGP access (although one user had some success in giving a graphics card > > to a domU, it''s not fully working yet). > > Ok, I can live with that for the moment ... hopefully this will be > addressed in the near future?Nobody working on giving graphics cards to non-0 domains AFAIK. The clock syncing is probably fairly straightforward (if indeed it hasn''t been sorted already) and just needs someone to take the time to tweak it.> > Just stick all the drivers you need into a xen0 kernel, then use that > > kernel in any domain that''s talking to the hardware. You can use a xen0 > > kernel anywhere. > > Wow, so you can run "multiple" dom0 images (one real dom0) - is there > anything I need to add to the .sxp file to differentiate the non-dom0 > domains from the real Dom0?You can use a Xen0 kernel in any domain, including unpriv domains. XenU kernels are just included because they''re smaller (because they don''t included drivers for real hardware).> > Try physdev_dom0_hide - pci_dom0_hide is a bug that got introduced to the > > docs at some point (I think it has now been fixed). > > > > Not as of yesterday with regards to the doc available on your website.Errr, might be fixed in the testing tree :-/ I''ll try to remember to sort this out once and for all when I get home today.> > > 4) It would be preferred to run X in a domain separate from Dom0, but > > > still be accessible for use on the local console without having to > > > install X and a VNC client in DOM0. Is this possible, or am I just > > > dreaming here? > > > > Possible in theory, in practice this doesn''t quite work yet. > > Good to know - I''ll try it anyways and see if I''m lucky one of the lucky > few, or if I have to wait.We''d be interested to get this working but it''s likely to take a bit of time on your side. The guy who trying this out had a second PCI graphics card which he was giving to the domain (along with a USB controller for mouse and keyboard). He just had trouble persuading X to start because of some weirdness with virtual terminals... You''d need a second display device because dom0 will grab the primary on bootup. Cheers, Mark ------------------------------------------------------- This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting Tool for open source databases. Create drag-&-drop reports. Save time by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. Download a FREE copy at http://www.intelliview.com/go/osdn_nl _______________________________________________ Xen-devel mailing list Xen-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/xen-devel
Andrew Warfield
2005-Jan-24 17:17 UTC
Re: [Xen-devel] Re: Back end domains : input desired
> > > So does this have any connections to the physical network cards at all? > > > > No. Could I possibly use the "dummy" driver to handle this requirement? > > Don''t think so. The main problem is that this domain needs to have privileges > to access other domains memory (otherwise the backend driver doesn''t work). > I don''t know of a way to specify this in a domain config.this can currently be achieved (in a really sleazy way) by adding a pci= line in the non-0 domain''s config, and just handing it a device that it doesn''t have drivers for and so won''t touch. this is clearly not the, um, ideal approach to elevating privilege, but it may get you going until the tools catch up. ;) hth, a. ------------------------------------------------------- This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting Tool for open source databases. Create drag-&-drop reports. Save time by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. Download a FREE copy at http://www.intelliview.com/go/osdn_nl _______________________________________________ Xen-devel mailing list Xen-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/xen-devel