Xen users - Jan 2006 - Xen in a routed network environment?

Hello,

I''m used to using Xen in a bridge mode where my dom0 and all domUs
are on the same layer 2 network.  However now I have to set up a
server whose eth0 is on one network and the domUs will be on another
/29.

So, for example, if the eth0 of dom0 is 192.168.1.214/24, then I
have 10.1.1.0/29 (10.1.1.0 -> 10.1.1.7) routed to it for use in
domUs, how would I go about setting that up?

Is there any good documentation I could read on this subject?

Thanks,
Andy


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Am Dienstag, 24. Januar 2006 22:13 schrieb Andy Smith:
> Hello,
>
> I''m used to using Xen in a bridge mode where my dom0 and all domUs
> are on the same layer 2 network.  However now I have to set up a
> server whose eth0 is on one network and the domUs will be on another
> /29.
>
> So, for example, if the eth0 of dom0 is 192.168.1.214/24, then I
> have 10.1.1.0/29 (10.1.1.0 -> 10.1.1.7) routed to it for use in
> domUs, how would I go about setting that up?
As you would configure it for every normal/physical server. Your router has to 
route traffic for this /29 to the same network interface as for the /24 you 
are already using right now. xen (in bridge mode) is just like having more 
then one realserver connected to one of your switchports (by using an 
additional switch/hub or whatever). I would suggest that you bind one ip out 
of the /29 on the router, and one other ip out of the /29 on your domU. The 
domU now only has to be configured to use the ip and the correct netmask + 
your router''s ip (the one from the new /29 net) as default gateway. It 
doesn''t need to know about your already existing /24 network, that
there is a
bridge between the domU and the router or something else.

even your dom0 doesn''t need to be configured at all (at least normaly),
because again of the bridge used. A bridge doesn''t care for any layer3 
related stuff like ip networking... It forwards traffic by arp/mac addreses. 
And as long as you don''t do any blocking on layer2 or layer3 on your
dom0
(for the vifX interfaces or the peth0 interface) you shouldn''t have to
do
anything on your dom0 for a new network. It''s not dom0 related in any,
it''s
just arriving on peth0 and gets forwarded to the correct vif interface 
automaticly.
> Is there any good documentation I could read on this subject?
Don''t know... But probably not too much, because this is not really
someting
xen specific. you should try to look for howto''s and information about 
bridges, routing, layer2/3 stuff and so on...  there is no xen specific stuff 
that you should be aware of (if I am not totally wrong).
> Thanks,
> Andy
--Ralph

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

For the setup you describe you could also use a second nic in dom0 with 
an IP of the new /29 net. All you have to do is set up a second bridge 
for the new subnet manually and to alter your network scripts to make 
the domUs connect to the second bridge.

Making this work depends on the gateway forwarding packets into your 
phyiscal net, but it should be possible without using routing.

Ralph Passgang schrieb:
>Am Dienstag, 24. Januar 2006 22:13 schrieb Andy Smith:
>  
>
>>Hello,
>>
>>I''m used to using Xen in a bridge mode where my dom0 and all
domUs
>>are on the same layer 2 network.  However now I have to set up a
>>server whose eth0 is on one network and the domUs will be on another
>>/29.
>>
>>So, for example, if the eth0 of dom0 is 192.168.1.214/24, then I
>>have 10.1.1.0/29 (10.1.1.0 -> 10.1.1.7) routed to it for use in
>>domUs, how would I go about setting that up?
>>    
>>
>
>As you would configure it for every normal/physical server. Your router has
to
>route traffic for this /29 to the same network interface as for the /24 you 
>are already using right now. xen (in bridge mode) is just like having more 
>then one realserver connected to one of your switchports (by using an 
>additional switch/hub or whatever). I would suggest that you bind one ip out
>of the /29 on the router, and one other ip out of the /29 on your domU. The 
>domU now only has to be configured to use the ip and the correct netmask + 
>your router''s ip (the one from the new /29 net) as default gateway.
It
>doesn''t need to know about your already existing /24 network, that
there is a
>bridge between the domU and the router or something else.
>
>even your dom0 doesn''t need to be configured at all (at least
normaly),
>because again of the bridge used. A bridge doesn''t care for any
layer3
>related stuff like ip networking... It forwards traffic by arp/mac addreses.
>And as long as you don''t do any blocking on layer2 or layer3 on
your dom0
>(for the vifX interfaces or the peth0 interface) you shouldn''t have
to do
>anything on your dom0 for a new network. It''s not dom0 related in
any, it''s
>just arriving on peth0 and gets forwarded to the correct vif interface 
>automaticly.
>
>  
>
>>Is there any good documentation I could read on this subject?
>>    
>>
>
>Don''t know... But probably not too much, because this is not really
someting
>xen specific. you should try to look for howto''s and information
about
>bridges, routing, layer2/3 stuff and so on...  there is no xen specific
stuff
>that you should be aware of (if I am not totally wrong).
>  
>
I would recommend the Linux Advanced Routing and Traffic Control Howto 
you can find at www.lartc.org.

Dirk

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

On Wed, Jan 25, 2006 at 01:25:25AM +0100, Ralph Passgang
wrote:
> Am Dienstag, 24. Januar 2006 22:13 schrieb Andy Smith:
> > Hello,
> >
> > I''m used to using Xen in a bridge mode where my dom0 and all
domUs
> > are on the same layer 2 network.  However now I have to set up a
> > server whose eth0 is on one network and the domUs will be on another
> > /29.
> >
> > So, for example, if the eth0 of dom0 is 192.168.1.214/24, then I
> > have 10.1.1.0/29 (10.1.1.0 -> 10.1.1.7) routed to it for use in
> > domUs, how would I go about setting that up?
> 
> As you would configure it for every normal/physical server. Your router has
to
> route traffic for this /29 to the same network interface as for the /24 you
> are already using right now. xen (in bridge mode) is just like having more 
> then one realserver connected to one of your switchports (by using an 
> additional switch/hub or whatever). I would suggest that you bind one ip
out
> of the /29 on the router, and one other ip out of the /29 on your domU. The
> domU now only has to be configured to use the ip and the correct netmask + 
> your router''s ip (the one from the new /29 net) as default
gateway. It
> doesn''t need to know about your already existing /24 network, that
there is a
> bridge between the domU and the router or something else.
Hi Ralph, thanks for your reply.

The above is what I thought but I can''t seem to get it to work.
Here''s what I have in dom0 immediately after booting with xend
started and one domU running:

$ ip -4 addr
1: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
    inet 217.147.82.214/24 brd 217.147.82.255 scope global eth0
    inet 217.147.93.65/29 brd 217.147.93.255 scope global eth0:1
2: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
    inet 127.0.0.1/8 scope host lo
4: veth0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
    inet 217.147.82.214/24 brd 217.147.82.255 scope global veth0
$ brctl show
bridge name     bridge id               STP enabled     interfaces
xenbr0          8000.feffffffffff       no              vif1.0
$ ip ro
217.147.93.64/29 dev eth0  proto kernel  scope link  src 217.147.93.65
217.147.82.0/24 dev eth0  proto kernel  scope link  src 217.147.82.214
default via 217.147.82.1 dev eth0
$ cat /proc/sys/net/ipv4/ip_forward
1

Externally pinging 217.147.93.65 (the IP alias in dom0) works fine.
Pinging 217.147.93.66 (the domU IP) gets me this:

$ ping 217.147.93.66
PING 217.147.93.66 (217.147.93.66) 56(84) bytes of data.
From 217.147.82.214 icmp_seq=2 Destination Host Unreachable
From 217.147.82.214 icmp_seq=3 Destination Host Unreachable
From 217.147.82.214 icmp_seq=4 Destination Host Unreachable

--- 217.147.93.66 ping statistics ---
5 packets transmitted, 0 received, +3 errors, 100% packet loss, time 4021ms
, pipe 3

The domU of course has no connectivity at all, but its settings are:

# ip -4 addr
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
    inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
    inet 217.147.93.66/29 brd 217.147.93.255 scope global eth0
# ip ro
217.147.93.64/29 dev eth0  proto kernel  scope link  src 217.147.93.66
default via 217.147.93.65 dev eth0

What am I missing?

Thanks,
Andy


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

On Wed, Jan 25, 2006 at 03:11:19PM +0000, Andy Smith
wrote:
> On Wed, Jan 25, 2006 at 01:25:25AM +0100, Ralph Passgang wrote:
> > As you would configure it for every normal/physical server. Your
router has to
> > route traffic for this /29 to the same network interface as for the
/24 you
> > are already using right now. xen (in bridge mode) is just like having
more
> > then one realserver connected to one of your switchports (by using an 
> > additional switch/hub or whatever). I would suggest that you bind one
ip out
> > of the /29 on the router, and one other ip out of the /29 on your
domU. The
> > domU now only has to be configured to use the ip and the correct
netmask +
> > your router''s ip (the one from the new /29 net) as default
gateway. It
> > doesn''t need to know about your already existing /24 network,
that there is a
> > bridge between the domU and the router or something else.
> 
> Hi Ralph, thanks for your reply.
> 
> The above is what I thought but I can''t seem to get it to work.
Right, I have now got it to work by manually adding an IP address
and switching routes around.  Is there something obvious I have
missed that enables this to work by itself after reboot?
> Here''s what I have in dom0 immediately after booting with xend
> started and one domU running:
> 
> $ ip -4 addr
> 1: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
>     inet 217.147.82.214/24 brd 217.147.82.255 scope global eth0
>     inet 217.147.93.65/29 brd 217.147.93.255 scope global eth0:1
> 2: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
>     inet 127.0.0.1/8 scope host lo
> 4: veth0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
>     inet 217.147.82.214/24 brd 217.147.82.255 scope global veth0
> $ brctl show
> bridge name     bridge id               STP enabled     interfaces
> xenbr0          8000.feffffffffff       no              vif1.0
> $ ip ro
> 217.147.93.64/29 dev eth0  proto kernel  scope link  src 217.147.93.65
> 217.147.82.0/24 dev eth0  proto kernel  scope link  src 217.147.82.214
> default via 217.147.82.1 dev eth0
And here''s what I have to do to make it work:

# ip addr add 217.147.93.65 dev xenbr0
# ip route del 217.147.93.64/29
# ip route add 217.147.93.64/29 dev xenbr0

Is there a more elegant way to make this Just Work?

Thanks,
Andy


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users