Xen devel - Apr 2008 - "routed" networking under Xen 3.2.1 / HVM?

Hi all.  Understanding that HVM does not support routed networking in the
sense that we''re accustomed to with paravirtualized guests,
I''m hoping there
is some similar use-case scenario I''ve missed.

I''ve got a requirement which calls for routing a /24 to a Xen box;
various
/29s will be peeled off and handed over to paravirtualized guests.  It would
be nice if I could do the same with HVM guests, so that I would not have to
put a router in front of the Xen box simply to run Switched Virtual
Interfaces for the prefixes assigned to HVM guests.  Keeping in mind that my
last in-depth search on this was a couple of months ago (and I could''ve
been
looking at year-old notes), have there been any recent advancements in this
regard?  Has anyone found a "hack" to use bridged networking in the
scenario
described for the purpose of "routing" (even if it means I''m
limited to the
max number of bridges per system (8 if I recall correctly))?  Is there any
such thing as "host networking" under modern Xen builds, like there is
under
VMWare GSX for example?  Thanks in advance.

-Ray


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Resending this to xen-users as xen-devel yielded no replies (possibly
because of a broken listserv)

---

Hi all.  Understanding that HVM does not support routed networking in the
sense that we''re accustomed to with paravirtualized guests,
I''m hoping there
is some similar use-case scenario I''ve missed.

I''ve got a requirement which calls for routing a /24 to a Xen box;
various
/29s will be peeled off and handed over to paravirtualized guests.  It would
be nice if I could do the same with HVM guests, so that I would not have to
put a router in front of the Xen box simply to run Switched Virtual
Interfaces for the prefixes assigned to HVM guests.  Keeping in mind that my
last in-depth search on this was a couple of months ago (and I could''ve
been
looking at year-old notes), have there been any recent advancements in this
regard?  Has anyone found a "hack" to use bridged networking in the
scenario
described for the purpose of "routing" (even if it means I''m
limited to the
max number of bridges per system (8 if I recall correctly))?  Is there any
such thing as "host networking" under modern Xen builds, like there is
under
VMWare GSX for example?  Thanks in advance.

-Ray


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Hi Ray,

I don''t have a good intuition for what you are trying to do yet.

But when you say host networking, do you mean host-only networking?
If so then you can use dummy devices for that purpose and just bridge
off of them.

Cheers,
Todd


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

On 5/12/08, Todd Deshane <deshantm@gmail.com>
wrote:
>
> Hi Ray,
>
> I don''t have a good intuition for what you are trying to do yet.

I''ve reread my original remarks and I''m not sure how I could
further clarify
them.  But to be (hopefully) blatantly clear, I''m looking for a means
to do
routed networking to an HVM guest.

But when you say host networking, do you mean host-only
networking?
> If so then you can use dummy devices for that purpose and just bridge
> off of them.

Correct - host-only networking.  If HVM supports this consistently then it
should meet my requirement, as I''ve been doing the same with VMWare GSX
without issue.  To that end, I''ve tried ''ifconfig dummy0
192.168.0.1'',
adding a bridge called "testbridge" and adding dummy0 to the bridge. 
Then
under my xen HVM config file, specifying ''bridge=testbridge''. 
According to
what I''ve read, this should be sufficient to network betwen the HVM
guest
and my dom0 but I have no pings.  Right off the bat I noticed that
''ifconfig
dummy0'' says NOARP - not sure if that''s some kind of
limitation to the dummy
interface.  But lack of ARP would certainly keep me from pinging it.  I
didn''t try setting a static ARP at both ends (it wouldn''t work
for my
environment anyway, working ARP is a requirement).  However I did see a post
to xen-users where someone suggested ''brctl addbr xenbr1 ; ifconfig
xenbr1
192.168.0.1''.  This works just fine for "host networking" and
allows me to
route exactly as expected - thanks for the insight!

To that end, a few more questions.  I''m accustomed to running custom
scripts
using the script= tag within the [vif] block - will I run into any pittfalls
if I create/destroy the bridge here?  Or should I create the bridge at
boot-time?  If the latter, is there a recommended means of doing this under
RHEL/CentOS, perhaps with something in /etc/sysconfig/network-scripts?
Also, any idea as to the limit of bridges per system?  I recall reading
somewhere that Xen has bridges labeled xenbr0-xenbr7 or something, although
I''m able to create custom named bridges like "dom12345" - any
insight on
theoretical maximums there?

-Ray


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Ray Barnes <tical.net@gmail.com> wrote:
> Understanding that HVM does not support routed networking in the
> sense that we''re accustomed to with paravirtualized guests,
I''m
> hoping there is some similar use-case scenario I''ve missed.
I made this work with Xen 3.1 and hvm guests.

Probably the easiest way is to hard code the routing you want in 
/etc/xen/qemu-ifup.

The interface is passed in as argument $1 and the bridge name as
argument $2.  Since you aren''t bridging you can use the bridge name to
decide how to configure the interface with a shell case statement.

Eg in your /etc/xen/MYDOMAIN file

vif = [ ''type=ioemu, ip=10.1.2.3, bridge=MYDOMAIN'' ]

Then in /etc/xen/qemu-ifup something like (untested)

------------------------------------------------------------
#!/bin/sh

if=$1
bridge=$2

case "$bridge" in
    MYDOMAIN)
        ifconfig $if 1.2.3.2 netmask 255.255.255.255 up
        route add -host 1.2.3.3 dev $if
        ;;
    MYDOMAIN2)
        #...
        ;;
esac

echo 1 >/proc/sys/net/ipv4/conf/${if}/proxy_arp
echo 1 >/proc/sys/net/ipv4/conf/${if}/rp_filter
------------------------------------------------------------

You need to make the usual changes for routing rather than bridging in
xen also.

I actually did this in a different very much more complicated way
which allowed the original routing scripts to work.  This way should
work and be a lot simpler though!

    
-- 
Nick Craig-Wood <nick@craig-wood.com> -- http://www.craig-wood.com/nick

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Thanks Nick.

To the general population:  I''m bumping into a problem which looks like
a
bug.  Perhaps it''s for lack of knowledge (and _documentation_ of HVM). 
If I
do the following:

brctl addbr bmette31
ifconfig bmette31 1.2.3.249 netmask 255.255.255.248
xm create bmette31

Where "bmette31" has a config file that has a vif entry like: vif = [
''type=ioemu, mac=00:16:3e:00:00:07, bridge=bmette31'']  this
works *just
fine*.  I''m able to route through the host to the HVM domain which is
set to
1.2.3.250.  However, whenever I use a script which is loosely based on a
vif-bridge script that I got from /etc/xen/scripts running Xen 3.2.1
compiled from source, it does not work.  Specifically, I can reach
1.2.3.249from the outside but not
1.2.3.250.  As far as I can tell, the problem is that whenever ''brctl
addbr
bmette31'' is invoked from outside the script, networking between the
host
and the HVM guest works fine, but when invoked from within the script,
networking between the host and the HVM guest does not work.  Note that
while the domain is running (and using the script below), ''brctl
show''
indicates that I have a bridge called bmette31 and that ''ifconfig
bmette31''
shows the right IP.  So just to recap - if I comment out ''brctl addbr
bmette31'' from the script below and run it manually then start the HVM
guest, networking is fine, but if I run that from within the script it does
not work.  Any ideas before I treat this as a bug and post to xen-devel?

-Ray


#!/bin/bash
#
#vif bridge script for HVMs
#invoke like this:
#
#vif = [ ''type=ioemu, mac=00:16:3e:00:00:07, bridge=bmette31,
script=vif-bmette31'' ]

/usr/sbin/brctl addbr bmette31

dir=$(dirname "$0")
. "$dir/vif-common.sh"

bridge=${bridge:-}
bridge=$(xenstore_read_default "$XENBUS_PATH/bridge"
"$bridge")


RET=0
ip link show $bridge 1>/dev/null 2>&1 || RET=1
if [ "$RET" -eq 1 ]
then
#       do_without_error brctl addbr "$bridge"
    fatal "Could not find bridge device $bridge"
fi

case "$command" in
    online)
        setup_bridge_port "$vif"
        add_to_bridge "$bridge" "$vif"
        sleep 2
        ifconfig "$bridge" 38.106.106.249 netmask 255.255.255.248
        ;;

    offline)
        do_without_error ifconfig "$bridge" down
        do_without_error brctl delbr "$bridge"
        ;;
esac


log debug "Successful vif-bridge $command for $vif, bridge $bridge."
if [ "$command" == "online" ]
then
  success
fi



On Tue, May 13, 2008 at 7:18 AM, Nick Craig-Wood <nick@craig-wood.com>
wrote:
> Ray Barnes <tical.net@gmail.com> wrote:
> > Understanding that HVM does not support routed networking in the
> > sense that we''re accustomed to with paravirtualized guests,
I''m
> > hoping there is some similar use-case scenario I''ve missed.
>
> I made this work with Xen 3.1 and hvm guests.
>
> Probably the easiest way is to hard code the routing you want in
> /etc/xen/qemu-ifup.
>
> The interface is passed in as argument $1 and the bridge name as
> argument $2.  Since you aren''t bridging you can use the bridge
name to
> decide how to configure the interface with a shell case statement.
>
> Eg in your /etc/xen/MYDOMAIN file
>
> vif = [ ''type=ioemu, ip=10.1.2.3, bridge=MYDOMAIN'' ]
>
> Then in /etc/xen/qemu-ifup something like (untested)
>
> ------------------------------------------------------------
> #!/bin/sh
>
> if=$1
> bridge=$2
>
> case "$bridge" in
>    MYDOMAIN)
>        ifconfig $if 1.2.3.2 netmask 255.255.255.255 up
>        route add -host 1.2.3.3 dev $if
>        ;;
>    MYDOMAIN2)
>        #...
>        ;;
> esac
>
> echo 1 >/proc/sys/net/ipv4/conf/${if}/proxy_arp
> echo 1 >/proc/sys/net/ipv4/conf/${if}/rp_filter
> ------------------------------------------------------------
>
> You need to make the usual changes for routing rather than bridging in
> xen also.
>
> I actually did this in a different very much more complicated way
> which allowed the original routing scripts to work.  This way should
> work and be a lot simpler though!
>
>
> --
> Nick Craig-Wood <nick@craig-wood.com> --
http://www.craig-wood.com/nick
>

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users