Xen users - Oct 2005 - Question regarding xen, physicals NIC''s and VLANs

Hi guys,

I have been given an interesting project by my work place that requires 
us to do some virualistation with  a few funky caveats and I''m trying
to
find out if xen can fit into the requirments.

Essentially we''ll have one machine with 5 physicals NIC''s. The
first
will be used as the managment link for the host OS.

The other 4 we want to bind to seperate copies of  guest OS running on 
the machine. Here''s where it gets interesting. Each of the guest
OS''s
will have the same IP, however each one will plug into a switch port 
allocated to different VLANs.

What I''m trying to find out is if this is possible with xen. Basically
I
want to lock off each of the 4 physical nics to each guest OS and ensure 
that they only talk to their appropiate vlan

What I''m not sure of is how the host OS handles the network connections
with xen and wether it will be able to handle this setup.

I have not played a lot with xen but so far it''s fitting a majority of 
our requirements.

I will be using fedora core 4 for both the host and guest OS''s at this 
point.

Any help with this question would be appreciated.

Cheers

Daniel McNamara
Code Fish Sys Admin

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Hi Daniel,

Daniel McNamara wrote:
> Hi guys,
> 
> I have been given an interesting project by my work place that requires
> us to do some virualistation with  a few funky caveats and I''m
trying to
> find out if xen can fit into the requirments.
> 
> Essentially we''ll have one machine with 5 physicals
NIC''s. The first
> will be used as the managment link for the host OS.
The standard xen scripts for bridging or routing should handle this fine.
> The other 4 we want to bind to seperate copies of  guest OS running on
> the machine. Here''s where it gets interesting. Each of the guest
OS''s
> will have the same IP, however each one will plug into a switch port
> allocated to different VLANs.
> 
> What I''m trying to find out is if this is possible with xen.
Basically I
> want to lock off each of the 4 physical nics to each guest OS and ensure
> that they only talk to their appropiate vlan
> 
> What I''m not sure of is how the host OS handles the network
connections
> with xen and wether it will be able to handle this setup.
Using Xen stable (2.0.7) you can hide the remaining 4 nics from dom0 and
allocate each nic to a separate domU. dom0 will be ignorant of both the
nic and it''s network settings. I don''t believe the Xen
unstable (3.0) has
this ability yet, so staying with stable would be your best bet.

A diagram of the setup you suggest might look like this:

     eth1      eth2      eth3      eth4
______|_________|_________|_________|______
| ____|____ ____|____ ____|____ ____|____ |
| | domU1 | | domU2 | | domU3 | | domU4 | |
| |_______| |_______| |_______| |_______| |
|     |         |         |         |     |
|      \_________\       /_________/      |
|                 xen-br0                 |
|   _________________|_________________   |
|   |                                 |   |
|   |             dom0                |===|= eth0
|   |_________________________________|   |
|_________________________________________|
               Host Machine

To hide nics 1-4 from dom0 you need to find out their respective PCI
ID''s
eg.
# lspci | grep Ethernet
0000:00:0a.0 Ethernet controller: ...
0000:00:0b.0 Ethernet controller: ...
0000:00:0c.0 Ethernet controller: ...
0000:00:0d.0 Ethernet controller: ...
0000:00:0e.0 Ethernet controller: ...
and then include that ID in your grub config:
# grep hide /boot/grub/menu.lst
kernel          /xen-2.0.7.gz root=/dev/ram0 ro dom0_mem=81920
physdev_dom0_hide=(00:0b.0)(00:0c.0)(00:0d.0)(00:0e.0)

To use a specific nic for a domU, it''s Xen config file needs a line
like:
# grep pci /etc/xen/Firewall
pci = [''00,0b,0'']
You also need to ensure that the kernel for the domU is privelliged,
and has the drivers for the nic. Using a dom0 kernel would suffice.

To manage the domU''s from dom0 you will also want the domUs to each
have
access to a virtual interface, either bridged or routed to eth0.
So a domU''s config should then also include something like (for
bridged)
nics=1
vif = [ ''mac=aa:00:00:25:40:01, bridge=xen-br0'' ]
Alternatively, you could just use a Xen console, however it''s not
nearly
as functional as a ssh session IMHO. (OK, it doesn''t look pretty:))

More information can be found in the Xen users manual.
> I have not played a lot with xen but so far it''s fitting a
majority of
> our requirements.
> 
> I will be using fedora core 4 for both the host and guest OS''s at
this
> point.
I believe there are numerous posts on this list about setting up Xen on FC4.
> Any help with this question would be appreciated.
> 
> Cheers
> 
> Daniel McNamara
> Code Fish Sys Admin
> 
Hope that helps.

Regards,

Marcus.

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users