Xen devel - Jan 2008 - [PATCH] get dhcp working for network-nat

Has anybody successfully used the network-nat script, with or without
dhcp?  The existing documentation around this is fairly poor, so if
you’ve seen it “just work” (or with only some minor tweaks),
please reply.  I’m not much of a networking expert so I hope my
time on this wasn’t wasted.

Assuming not (and supported by google search), perhaps network-nat has
been broken for a long time?  It certainly has not received much love
recently and many mailing list queries about it have gone unanswered.

That said, here's my situation:

Due to limited IP availability in my office, I wanted to configure a
setup where dom0 works like an inexpensive home router (e.g. Linksys,
Dlink,Belkin), which does NAT and DHCP for multiple attached (or
wireless) machines.  So I need dom0 to both provide network address
translation and to serve dhcp addresses to any VM's launched on it.

It appears that this should work.  Or maybe once upon a time it did
work.  But I had to muck around with it quite a bit and spin a patch
to get it work with 3.1 bits.  And since the key files haven't been
changed in over a year, though untested as of yet, I think the same
patch and process is necessary on xen-unstable.

Also, this is tested on a RHEL5-based dom0.  I don't know much about
dhcp implementations on other distros and haven't tried this recipe
on other distros, so your mileage may vary but please do provide
feedback if this patch will fail on your favorite distro.

Here's the process I used:
1) Install the dhcp package using your distro's tools
2) Modify /etc/dhcpd.conf to look like this:
	ddns-update-style interim;
	deny client-updates;
	authoratitive;
	option domain-name-servers dnsip1 dnsip2;
	option ntp-servers ntpip1 ntpip2 ntpip3;
	default-lease-time 14400;
	max-lease-time 172800;
	subnet 10.0.0.0 netmask 255.0.0.0 {}
   where dnsip1 etc are of course all real IPv4 addresses.
   The ntp-servers line can be removed if desired.
3) Apply the attached patch.  The patch applies to
   xen-3.1-testing.hg and you will need to apply
   it to the same files in /etc/xen/scripts.
4) Modify /etc/xen/xend-config.sxp
   - comment the line (network-script network-bridge)
   - comment the line (vif-script vif-bridge)
   - uncomment (network-script network-nat)
   - uncomment (vif-script vif-nat)
5) Modify /etc/xen/scripts/network-nat
   - change dhcp=${dhcp:-no} from no to yes
6) Modify /etc/xen/scripts/vif-nat
   - change dhcp=${dhcp:-no} from no to yes
7) Restart xend (probably "service xend restart")
8) Launch a domain for which the primary interface
   is configured for dhcp (pv and pvhvm tested so
   far; don't know if hvm works yet)
   - change name= in your config file to something
     useful first as this will be the machine name
     given to it by dhcp
9) Try out networking in your VM!

This patch could use some tweaking... the code to add
and remove vif’s from /etc/sysconfig/dhcpd needs some
work.  But I thought it would be good to get others
trying this version out.  If the patch doesn’t work
on your distro, this is a good place to tweak.

Finally, I’m not sure if nat without dhcp is used much.
I’d like to propose that the default for dhcp (see steps
5 and 6) be changed from no to yes.

Thanks for any feedback!
Dan

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

I fixed up the previous patch to resolve a couple of problems and
make a couple of things more automatic. The patch now works on
RHEL5, SLES10, and Ubuntu7.04, and applies to xen-unstable.  With
this patch, it is now (relatively) easy to use dom0 as a DHCP
server for all domU's running on the machine.

Please apply.

Signed-off-by: Dan Magenheimer <dan.magenheimer@oracle.com>

Thanks,
Dan

P.S. Here's the manual steps required to to get it to work.

1) Install the dhcp package on dom0 using your distro's tools
2) Modify /etc/dhcpd.conf to look like this:
	ddns-update-style interim;
	deny client-updates;
	authoritative;
	option domain-name-servers dnsip1 dnsip2;
	option ntp-servers ntpip1 ntpip2 ntpip3;
	default-lease-time 14400;
	max-lease-time 172800;
   where dnsip1 etc are of course all real IPv4 addresses.
   The ntp-servers line can be removed if desired.  A subnet
   line for 10.0.0.0/8 is added automagically by the tools.
3) Modify /etc/xen/xend-config.sxp
   - comment the line (network-script network-bridge)
   - comment the line (vif-script vif-bridge)
   - uncomment (network-script network-nat)
   - uncomment (vif-script vif-nat)
4) Reboot or restart xend
5) Launch a domain for which the primary interface
   is configured for dhcp
   - change name= in your config file to something
     useful first as this will be the machine name
     given to it by dhcp
6) Try out networking in your VM!
> -----Original Message-----
> From: Dan Magenheimer [mailto:dan.magenheimer@oracle.com]
> Sent: Wednesday, January 16, 2008 3:49 PM
> To: 'xen-devel@lists.xensource.com'
> Subject: [PATCH] get dhcp working for network-nat
> 
> 
> Has anybody successfully used the network-nat script, with or without
> dhcp?  The existing documentation around this is fairly poor, so if
> you’ve seen it “just work” (or with only some minor tweaks),
> please reply.  I’m not much of a networking expert so I hope my
> time on this wasn’t wasted.
> 
> Assuming not (and supported by google search), perhaps network-nat has
> been broken for a long time?  It certainly has not received much love
> recently and many mailing list queries about it have gone unanswered.
> 
> That said, here's my situation:
> 
> Due to limited IP availability in my office, I wanted to configure a
> setup where dom0 works like an inexpensive home router (e.g. Linksys,
> Dlink,Belkin), which does NAT and DHCP for multiple attached (or
> wireless) machines.  So I need dom0 to both provide network address
> translation and to serve dhcp addresses to any VM's launched on it.
> 
> It appears that this should work.  Or maybe once upon a time it did
> work.  But I had to muck around with it quite a bit and spin a patch
> to get it work with 3.1 bits.  And since the key files haven't been
> changed in over a year, though untested as of yet, I think the same
> patch and process is necessary on xen-unstable.
> 
> Also, this is tested on a RHEL5-based dom0.  I don't know much about
> dhcp implementations on other distros and haven't tried this recipe
> on other distros, so your mileage may vary but please do provide
> feedback if this patch will fail on your favorite distro.
> 
> Here's the process I used:
> 1) Install the dhcp package using your distro's tools
> 2) Modify /etc/dhcpd.conf to look like this:
> 	ddns-update-style interim;
> 	deny client-updates;
> 	authoratitive;
> 	option domain-name-servers dnsip1 dnsip2;
> 	option ntp-servers ntpip1 ntpip2 ntpip3;
> 	default-lease-time 14400;
> 	max-lease-time 172800;
> 	subnet 10.0.0.0 netmask 255.0.0.0 {}
>    where dnsip1 etc are of course all real IPv4 addresses.
>    The ntp-servers line can be removed if desired.
> 3) Apply the attached patch.  The patch applies to
>    xen-3.1-testing.hg and you will need to apply
>    it to the same files in /etc/xen/scripts.
> 4) Modify /etc/xen/xend-config.sxp
>    - comment the line (network-script network-bridge)
>    - comment the line (vif-script vif-bridge)
>    - uncomment (network-script network-nat)
>    - uncomment (vif-script vif-nat)
> 5) Modify /etc/xen/scripts/network-nat
>    - change dhcp=${dhcp:-no} from no to yes
> 6) Modify /etc/xen/scripts/vif-nat
>    - change dhcp=${dhcp:-no} from no to yes
> 7) Restart xend (probably "service xend restart")
> 8) Launch a domain for which the primary interface
>    is configured for dhcp (pv and pvhvm tested so
>    far; don't know if hvm works yet)
>    - change name= in your config file to something
>      useful first as this will be the machine name
>      given to it by dhcp
> 9) Try out networking in your VM!
> 
> This patch could use some tweaking... the code to add
> and remove vif’s from /etc/sysconfig/dhcpd needs some
> work.  But I thought it would be good to get others
> trying this version out.  If the patch doesn’t work
> on your distro, this is a good place to tweak.
> 
> Finally, I’m not sure if nat without dhcp is used much.
> I’d like to propose that the default for dhcp (see steps
> 5 and 6) be changed from no to yes.
> 
> Thanks for any feedback!
> Dan
> 
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

I just noticed a small bug in this that could cause some problems,
but am not sure how to fix it.  It seems that when a domain
is "xm destroy'ed" the cleanup method dhcp_remove_entry() is
invoked, but this doesn't happen when a domain exits (or
reboots) on its own accord.  This is especially noticeable for
domains that have "on_reboot=restart"... the DHCPDARGS= line
in /etc/sysconfig/dhcpd (Redhat-ish systems) grows fairly long.

As far as I can tell, this is just a minor annoyance but I thought
I would report it for posterity or in case anyone else sees
this turn into a real problem.
> -----Original Message-----
> From: xen-devel-bounces@lists.xensource.com
> [mailto:xen-devel-bounces@lists.xensource.com]On Behalf Of Dan
> Magenheimer
> Sent: Wednesday, January 23, 2008 4:29 PM
> To: xen-devel@lists.xensource.com
> Subject: [Xen-devel] [PATCH] get dhcp working for network-nat (Take 2)
> 
> 
> I fixed up the previous patch to resolve a couple of problems and
> make a couple of things more automatic. The patch now works on
> RHEL5, SLES10, and Ubuntu7.04, and applies to xen-unstable.  With
> this patch, it is now (relatively) easy to use dom0 as a DHCP
> server for all domU's running on the machine.
> 
> Please apply.
> 
> Signed-off-by: Dan Magenheimer <dan.magenheimer@oracle.com>
> 
> Thanks,
> Dan
> 
> P.S. Here's the manual steps required to to get it to work.
> 
> 1) Install the dhcp package on dom0 using your distro's tools
> 2) Modify /etc/dhcpd.conf to look like this:
> 	ddns-update-style interim;
> 	deny client-updates;
> 	authoritative;
> 	option domain-name-servers dnsip1 dnsip2;
> 	option ntp-servers ntpip1 ntpip2 ntpip3;
> 	default-lease-time 14400;
> 	max-lease-time 172800;
>    where dnsip1 etc are of course all real IPv4 addresses.
>    The ntp-servers line can be removed if desired.  A subnet
>    line for 10.0.0.0/8 is added automagically by the tools.
> 3) Modify /etc/xen/xend-config.sxp
>    - comment the line (network-script network-bridge)
>    - comment the line (vif-script vif-bridge)
>    - uncomment (network-script network-nat)
>    - uncomment (vif-script vif-nat)
> 4) Reboot or restart xend
> 5) Launch a domain for which the primary interface
>    is configured for dhcp
>    - change name= in your config file to something
>      useful first as this will be the machine name
>      given to it by dhcp
> 6) Try out networking in your VM!
> 
> > -----Original Message-----
> > From: Dan Magenheimer [mailto:dan.magenheimer@oracle.com]
> > Sent: Wednesday, January 16, 2008 3:49 PM
> > To: 'xen-devel@lists.xensource.com'
> > Subject: [PATCH] get dhcp working for network-nat
> > 
> > 
> > Has anybody successfully used the network-nat script, with 
> or without
> > dhcp?  The existing documentation around this is fairly poor, so if
> > you’ve seen it “just work” (or with only some minor tweaks),
> > please reply.  I’m not much of a networking expert so I hope my
> > time on this wasn’t wasted.
> > 
> > Assuming not (and supported by google search), perhaps 
> network-nat has
> > been broken for a long time?  It certainly has not received 
> much love
> > recently and many mailing list queries about it have gone 
> unanswered.
> > 
> > That said, here's my situation:
> > 
> > Due to limited IP availability in my office, I wanted to configure a
> > setup where dom0 works like an inexpensive home router 
> (e.g. Linksys,
> > Dlink,Belkin), which does NAT and DHCP for multiple attached (or
> > wireless) machines.  So I need dom0 to both provide network address
> > translation and to serve dhcp addresses to any VM's launched on
it.
> > 
> > It appears that this should work.  Or maybe once upon a time it did
> > work.  But I had to muck around with it quite a bit and spin a patch
> > to get it work with 3.1 bits.  And since the key files haven't
been
> > changed in over a year, though untested as of yet, I think the same
> > patch and process is necessary on xen-unstable.
> > 
> > Also, this is tested on a RHEL5-based dom0.  I don't know much
about
> > dhcp implementations on other distros and haven't tried this
recipe
> > on other distros, so your mileage may vary but please do provide
> > feedback if this patch will fail on your favorite distro.
> > 
> > Here's the process I used:
> > 1) Install the dhcp package using your distro's tools
> > 2) Modify /etc/dhcpd.conf to look like this:
> > 	ddns-update-style interim;
> > 	deny client-updates;
> > 	authoratitive;
> > 	option domain-name-servers dnsip1 dnsip2;
> > 	option ntp-servers ntpip1 ntpip2 ntpip3;
> > 	default-lease-time 14400;
> > 	max-lease-time 172800;
> > 	subnet 10.0.0.0 netmask 255.0.0.0 {}
> >    where dnsip1 etc are of course all real IPv4 addresses.
> >    The ntp-servers line can be removed if desired.
> > 3) Apply the attached patch.  The patch applies to
> >    xen-3.1-testing.hg and you will need to apply
> >    it to the same files in /etc/xen/scripts.
> > 4) Modify /etc/xen/xend-config.sxp
> >    - comment the line (network-script network-bridge)
> >    - comment the line (vif-script vif-bridge)
> >    - uncomment (network-script network-nat)
> >    - uncomment (vif-script vif-nat)
> > 5) Modify /etc/xen/scripts/network-nat
> >    - change dhcp=${dhcp:-no} from no to yes
> > 6) Modify /etc/xen/scripts/vif-nat
> >    - change dhcp=${dhcp:-no} from no to yes
> > 7) Restart xend (probably "service xend restart")
> > 8) Launch a domain for which the primary interface
> >    is configured for dhcp (pv and pvhvm tested so
> >    far; don't know if hvm works yet)
> >    - change name= in your config file to something
> >      useful first as this will be the machine name
> >      given to it by dhcp
> > 9) Try out networking in your VM!
> > 
> > This patch could use some tweaking... the code to add
> > and remove vif’s from /etc/sysconfig/dhcpd needs some
> > work.  But I thought it would be good to get others
> > trying this version out.  If the patch doesn’t work
> > on your distro, this is a good place to tweak.
> > 
> > Finally, I’m not sure if nat without dhcp is used much.
> > I’d like to propose that the default for dhcp (see steps
> > 5 and 6) be changed from no to yes.
> > 
> > Thanks for any feedback!
> > Dan
> > 
> 
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel