Xen devel - Jun 2009 - [PATCH]Change default network schema in network-bridge

hi,

the default network-bridge renames network interfaces and often confuse people.

this patch changes the network-bridge schema to:

# start:
# Creates the bridge
# Copies the IP and MAC addresses from netdev to bridge
# Enslaves netdev to bridge
#
# stop:
# Removes netdev from the bridge
# Transfers addresses, routes from bridge to netdev
# Deletes bridge

No rename will be performed.  Eg.

# brctl show
bridge name     bridge id               STP enabled     interfaces
xenbr0          8000.000e0cd85dfe       no              eth0

IP/route will be transfered to xenbr0 at start.

I also add a extra script network-bridges to perform on all ethernet cards.
and network-dummy if user doesn''t want to xend to manage dom0
networking.

This patch obsolete my last patch, titled: [PATCH]Fix network-bridge ifup
problem.

CC to Daniel for comments.

Signed-off-by: Zhigang Wang <zhigang.x.wang@oracle.com>

thanks,

zhigang






_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

On Tue, Jun 23, 2009 at 01:07:24PM +0800, Zhigang Wang
wrote:
> hi,
> 
> the default network-bridge renames network interfaces and often confuse
people.
> 
> this patch changes the network-bridge schema to:
> 
> # start:
> # Creates the bridge
> # Copies the IP and MAC addresses from netdev to bridge
> # Enslaves netdev to bridge
> #
> # stop:
> # Removes netdev from the bridge
> # Transfers addresses, routes from bridge to netdev
> # Deletes bridge
> 
> No rename will be performed.  Eg.
> 
> # brctl show
> bridge name     bridge id               STP enabled     interfaces
> xenbr0          8000.000e0cd85dfe       no              eth0
> 
> IP/route will be transfered to xenbr0 at start.
> 
> I also add a extra script network-bridges to perform on all ethernet cards.
> and network-dummy if user doesn''t want to xend to manage dom0
networking.
> 
> This patch obsolete my last patch, titled: [PATCH]Fix network-bridge ifup
problem.
> 
> CC to Daniel for comments.


I agree with your thought that it makes more sense to just leave the 
original device name alone, and not rename anything. The reason it
currently does renaming is that this was closer to the previous version
of network-bridge using netloop, and so made upgrades slightly easier
for existing Xen users. 

I don''t really have a strong opinion on whether network-bridge should 
now
be changed again to not do renaming of eth0. These days my recommendation
is for people to set ''(network-script /bin/true)'' and then
just use their
OS distributions network scripts to add a bridge device.  The end result 
is the same, but this has the advantage that the  network is setup correctly
right from start, rather than having to modify it on the fly when apps may 
already have started using the network. We''ve got docs for Fedora/RHEL/
Debian/Ubuntu here

http://wiki.libvirt.org/page/Networking#Bridged_networking_.28aka_.22shared_physical_device.22.29

Regards,
Daniel
-- 
|: Red Hat, Engineering, London   -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org  -o-  http://virt-manager.org  -o-  http://ovirt.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-  F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Daniel P. Berrange wrote:
> On Tue, Jun 23, 2009 at 01:07:24PM +0800, Zhigang Wang wrote:
>> hi,
>>
>> the default network-bridge renames network interfaces and often confuse
people.
>>
>> this patch changes the network-bridge schema to:
>>
>> # start:
>> # Creates the bridge
>> # Copies the IP and MAC addresses from netdev to bridge
>> # Enslaves netdev to bridge
>> #
>> # stop:
>> # Removes netdev from the bridge
>> # Transfers addresses, routes from bridge to netdev
>> # Deletes bridge
>>
>> No rename will be performed.  Eg.
>>
>> # brctl show
>> bridge name     bridge id               STP enabled     interfaces
>> xenbr0          8000.000e0cd85dfe       no              eth0
>>
>> IP/route will be transfered to xenbr0 at start.
>>
>> I also add a extra script network-bridges to perform on all ethernet
cards.
>> and network-dummy if user doesn''t want to xend to manage dom0
networking.
>>
>> This patch obsolete my last patch, titled: [PATCH]Fix network-bridge
ifup problem.
>>
>> CC to Daniel for comments.
> 
> 
> 
> I agree with your thought that it makes more sense to just leave the 
> original device name alone, and not rename anything. The reason it
> currently does renaming is that this was closer to the previous version
> of network-bridge using netloop, and so made upgrades slightly easier
> for existing Xen users. 
> 
> I don''t really have a strong opinion on whether network-bridge
should  now
> be changed again to not do renaming of eth0. These days my recommendation
> is for people to set ''(network-script /bin/true)'' and
then just use their
> OS distributions network scripts to add a bridge device.  The end result 
> is the same, but this has the advantage that the  network is setup
correctly
> right from start, rather than having to modify it on the fly when apps may 
> already have started using the network. We''ve got docs for
Fedora/RHEL/
> Debian/Ubuntu here
> 
>
http://wiki.libvirt.org/page/Networking#Bridged_networking_.28aka_.22shared_physical_device.22.29
> 
> Regards,
> Daniel
Thanks Dan,

It seems at least the network-dummy script is not needed. 

Keir, if you have interest to change the default network scripts, this is the
new patch.

If not, I''ll just upload the scripts to
http://wiki.xensource.com/xenwiki/XenNetworking

thanks,

zhigang


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Daniel P. Berrange writes ("[Xen-devel] Re: [PATCH]Change default network
schema in network-bridge"):
>  These days my recommendation
> is for people to set ''(network-script /bin/true)'' and
then just use their
> OS distributions network scripts to add a bridge device.
This is definitely the best way of doing things.  I''ve always thought
that the network-script thing was a terrible hack (and it''s flaky
too).

Perhaps we should keep the script, but change the defaults and the
documentation ?
>
http://wiki.libvirt.org/page/Networking#Bridged_networking_.28aka_.22shared_physical_device.22.29
Would you be able to resubmit (some of) that as a .txt file for
inclusion in the xen-unstable tree, or copy it to the Xen wiki ?
I''m not exactly sure of the authorship and copyright status so
I''m
reluctant to just do that myself.

Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

On Wed, Jun 24, 2009 at 03:38:25PM +0100, Ian Jackson
wrote:
> Daniel P. Berrange writes ("[Xen-devel] Re: [PATCH]Change default
network schema in network-bridge"):
> >  These days my recommendation
> > is for people to set ''(network-script /bin/true)''
and then just use their
> > OS distributions network scripts to add a bridge device.
> 
> This is definitely the best way of doing things.  I''ve always
thought
> that the network-script thing was a terrible hack (and it''s flaky
> too).
> 
> Perhaps we should keep the script, but change the defaults and the
> documentation ?
> 
> >
http://wiki.libvirt.org/page/Networking#Bridged_networking_.28aka_.22shared_physical_device.22.29
> 
> Would you be able to resubmit (some of) that as a .txt file for
> inclusion in the xen-unstable tree, or copy it to the Xen wiki ?
> I''m not exactly sure of the authorship and copyright status so
I''m
> reluctant to just do that myself.
I wrote initial content, the remainder is just bug fixes/tweaks too minor
to be copyrightable. Here is a simplified text version that just covers
the bridging setup, without the other libvirt specific bits

  Signed off by: Daniel P. Berrange  <berrange@redhat.com>

Regards,
Daniel

Native OS bridge configuration
=============================
The traditional "network-bridge" script attempts to modify existing
active
network interfaces to enable bridging. For non-trivial network configurations
though this can be error prone, and the temporary disruption to network
connectivity can upset some applications.  This document outlines how to
configure bridging using an OS'' native network configuration files.

Disabling Xen''s network scripts
-------------------------------

The first step is to check XenD''s network bridge is disabled by
editing /etc/xen/xend-config.sxp and changing the line

 (network-script network-bridge)

To be

 (network-script /bin/true)


Fedora/RHEL Bridging
===================
This outlines how to setup bridging using standard network initscripts
present in Fedora or RHEL distros and their derivatives


Disabling NetworkManager
------------------------

As of time of writing (Fedora 11) NetworkManager does not support bridging,
so it is neccessary to disable it, and revert to "classic" network
initscripts

 # chkconfig NetworkManager off
 # chkconfig network on
 # service NetworkManager stop
 # service network start

NB, as an alternative to turning off NetworkManager, you can also add a line
"NM_CONTROLLED=no" to the ifcfg-XXX scripts below

Creating network initscripts
----------------------------

In the /etc/sysconfig/network-scripts directory it is necccessary to create
2 config files. The first (ifcfg-eth0) defines your physical network interface,
and says that it will be part of a bridge:

# cat > ifcfg-eth0 <<EOF
DEVICE=eth0
HWADDR=00:16:76:D6:C9:45
ONBOOT=yes
BRIDGE=br0
EOF

Obviously change the HWADDR to match your actual NIC''s address. You may
also
wish to configure the device''s MTU here using e.g. MTU=9000.

The second config file (ifcfg-br0) defines the bridge device:

# cat > ifcfg-br0 <<EOF
DEVICE=br0
TYPE=Bridge
BOOTPROTO=dhcp
ONBOOT=yes
DELAY=0
EOF

WARNING: The line TYPE=Bridge is case-sensitive - it must have uppercase
''B'' and lower case ''ridge''

After changing this restart networking (or better still reboot)

 # service network restart


The final step is to configure iptables to allow all traffic to be
forwarded across the bridge

# echo "-I FORWARD -m physdev --physdev-is-bridged -j ACCEPT" >
/etc/sysconfig/iptables-forward-bridged
# lokkit --custom-rules=ipv4:filter:/etc/sysconfig/iptables-forward-bridged
# service libvirtd reload

Alternatively, you can prevent bridged traffic getting pushed through
the host''s iptables rules completely. In /etc/sysctl.conf add

 # cat >> /etc/sysctl.conf <<EOF
 net.bridge.bridge-nf-call-ip6tables = 0
 net.bridge.bridge-nf-call-iptables = 0
 net.bridge.bridge-nf-call-arptables = 0
 EOF
 # sysctl -p /etc/sysctl.conf

You should now have a "shared physical device", to which guests can be
attached and have full LAN access

 # brctl show
 bridge name     bridge id               STP enabled     interfaces
 br0             8000.000e0cb30550       no              eth0



Debian/Ubuntu Bridging
======================
This outlines how to setup bridging using standard network interface config
files
on Debian / Ubuntu distributions and their derivatives

Disabling NetworkManager
------------------------

Stop network manager

 sudo /etc/dbus-1/event.d/26NetworkManagerDispatcher stop
 sudo /etc/dbus-1/event.d/25NetworkManager stop

Create two files with only the word ''exit'' in them. These
files are:

 /etc/default/NetworkManager
 /etc/default/NetworkManagerDispatcher


Altering the interface config
-----------------------------

First take down the interface you wish to bridge

 ifdown eth0

Edit /etc/network/interfaces and find the config for the physical
interface, which looks something like

 allow-hotplug eth0
 iface eth0 inet static
        address 192.168.2.4
        netmask 255.255.255.0
        network 192.168.2.0
        broadcast 192.168.2.255
        gateway 192.168.2.2

Remove the ''allow-hotplug eth0'' line, replacing it with
''auto br0'',
and change the next line with iface name to ''br0'', so it now
starts
with

 auto br0
 iface br0 inet static

And then define the interface as being a bridge and specify its ports

       bridge_ports eth0
       bridge_stp off
       bridge_maxwait 5

The complete config should now look like

 auto br0
 iface br0 inet static
         address 192.168.2.4
         netmask 255.255.255.0
         network 192.168.2.0
         broadcast 192.168.2.255
         gateway 192.168.2.2
         bridge_ports eth0
         bridge_stp off
         bridge_maxwait 5

The interface can now be started with

 ifup br0

Finally add the ''/etc/sysctl.conf'' settings

net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0

And then load the settings with

 sysctl -p /etc/sysctl.conf


You should now have a "shared physical device", to which guests
can be attached and have full LAN access

 # brctl show
 bridge name     bridge id               STP enabled     interfaces
 br0             8000.000e0cb30550       no              eth0


Other operating systems / distributions
======================================
[...send patches to this file with instructions....]




-- 
|: Red Hat, Engineering, London   -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org  -o-  http://virt-manager.org  -o-  http://ovirt.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-  F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel