Xen users - Mar 2006 - Dummy ethernet device setup

Hello you all out there

Does anybody know the definite guide to create a dummy ethernet device?

So, what I want to have is an ethernet device, without a physical link, or 
so called a dummy device. My goal is to have apache with mod_proxy and 
balancer running on peth0 in dom0. Apache is spreading my connection to 
the backend domU''s, where the webservices are running. The connection 
between the dom''s should go on dom0 over the dummy interface and they
are
all connected over a bridge. Hope the following ascii-art explains it a 
little bit better:


                    ¦¦
-------------------------------------------------------------
|               peth0                   |
|               DOM0                    |
|                                       |
|               tun0 (dummy dev)        |
|                xenbr1                 |
|----------------------------------------------------------     |
|       eth0    |       eth0            |
|       domU    |       domU            |
| _____________|____________________|


I tried with tun to setup the stuff, but I''ve got several problems. I 
search a lot in the internet, but I didn''t find a good documentation.
So
my question is, how to setup cleanly such a dummy device. Any help or link 
to documentation is welcome! Thanks a lot for your help


bye Philipp

==============================================Philipp Jäggi
SNCT Sandweiler
bp 23
L-5230 Sandweiler

mailto: philipp [dot] jaeggi [at] snct [dot] lu

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Hello Patrick

Thanks a lot for this input, but my question goes more in the direction, 
how you should setup your system, so that everything starts up 
automatically. I can''t execute your steps by hand on a productive
server
and to write a shell script, which I let run in rc.local, is from my view 
also not so a clean solution. That''s why my question goes for a
definite
guide to setup such network configurations.

Can I do this steps with ifcfg-xxxx files, how do I create a second bridge 
in a clean way and how do I arrage the assignement of the vif to the 
bridges. All this is just about the setup of dom0.

So, the question is not how to do it, it how to do it clean and propper on 
a Fedora Core 4 system. Thanks a lot for all ideas. If a lot of good 
proposal will come in, I will try to find the time to write such a guide 
and post it to this mailing list. Thanks a lot for all the hints and 
links.


bye Philipp


 



Patrick Wolfe <pwolfe@employease.com> 
03/13/2006 03:29 PM

To
Philipp Jäggi <philipp.jaggi@snct.lu>
cc

Subject
Re: [Xen-users] Dummy ethernet device setup






Just use veth1/vif0.1 as your connection from dom0 to xenbr1:

                 brctl addif vif0.1
                 ip link set veth1 address 00:16:3e:f1:e2:d3 arp on up
                 ip addr add 192.168.1.1/24 dev veth1

to remove it:

                 ip link set veth1 down
                 ip addr flush dev veth1
                 brctl delif vif0.1

On Mon, 2006-03-13 at 10:09 +0100, Philipp Jäggi wrote:
> 
> Hello you all out there 
> 
> Does anybody know the definite guide to create a dummy ethernet
> device? 
> 
> So, what I want to have is an ethernet device, without a physical
> link, or so called a dummy device. My goal is to have apache with
> mod_proxy and balancer running on peth0 in dom0. Apache is spreading
> my connection to the backend domU''s, where the webservices are
> running. The connection between the dom''s should go on dom0 over
the
> dummy interface and they are all connected over a bridge. Hope the
> following ascii-art explains it a little bit better: 
> 
> 
>                     ¦¦ 
> ------------------------------------------------------------- 
> |                peth0                        | 
> |                DOM0                        | 
> |                                         | 
> |                tun0 (dummy dev)        | 
> |                  xenbr1                        | instead of dummy
> |----------------------------------------------------------        | 
> |        eth0        |        eth0                | 
> |        domU        |        domU                | 
> | _____________|____________________| 
> 
> 
> I tried with tun to setup the stuff, but I''ve got several
problems. I
> search a lot in the internet, but I didn''t find a good
documentation.
> So my question is, how to setup cleanly such a dummy device. Any help
> or link to documentation is welcome! Thanks a lot for your help 
> 
> 
> bye Philipp 
> 
> ==============================================> Philipp Jäggi
> SNCT Sandweiler
> bp 23
> L-5230 Sandweiler
> 
> mailto: philipp [dot] jaeggi [at] snct [dot] lu
> _______________________________________________
> Xen-users mailing list
> Xen-users@lists.xensource.com
> http://lists.xensource.com/xen-users
-- 
Patrick Wolfe  (pwolfe@employease.com)





_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Never tried it but could you do it with bridges?

 

You can add the ip to the xenbr1 with

brctl addbr xenbr1

ifconfig xenbr1 192.168.10.1 netmask 255.255.255.0 up

 

John

 

________________________________

From: xen-users-bounces@lists.xensource.com
[mailto:xen-users-bounces@lists.xensource.com] On Behalf Of "Philipp
Jäggi"
Sent: Monday, March 13, 2006 4:09 AM
To: xen-users@lists.xensource.com
Subject: [Xen-users] Dummy ethernet device setup

 


Hello you all out there 

Does anybody know the definite guide to create a dummy ethernet device? 

So, what I want to have is an ethernet device, without a physical link, or so
called a dummy device. My goal is to have apache with mod_proxy and balancer
running on peth0 in dom0. Apache is spreading my connection to the backend
domU's, where the webservices are running. The connection between the
dom's should go on dom0 over the dummy interface and they are all connected
over a bridge. Hope the following ascii-art explains it a little bit better:


                    
------------------------------------------------------------- 
|                peth0                        | 
|                DOM0                        | 
|                                         | 
|                tun0 (dummy dev)        | 
|                  xenbr1                        | 
|----------------------------------------------------------        | 
|        eth0        |        eth0                | 
|        domU        |        domU                | 
| _____________|____________________| 


I tried with tun to setup the stuff, but I've got several problems. I search
a lot in the internet, but I didn't find a good documentation. So my
question is, how to setup cleanly such a dummy device. Any help or link to
documentation is welcome! Thanks a lot for your help


bye Philipp 

==============================================Philipp J䧧i
SNCT Sandweiler
bp 23
L-5230 Sandweiler

mailto: philipp [dot] jaeggi [at] snct [dot] lu



_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

You can look at this for a bridging guide

 

http://www.linux.com/howtos/BRIDGE-STP-HOWTO/practical-example.shtml

 

Which also has some init scripts.

 

John

 

________________________________

From: xen-users-bounces@lists.xensource.com
[mailto:xen-users-bounces@lists.xensource.com] On Behalf Of "Philipp
Jäggi"
Sent: Monday, March 13, 2006 10:44 AM
To: Patrick Wolfe
Cc: Xen-users@lists.xensource.com
Subject: Re: [Xen-users] Dummy ethernet device setup

 


Hello Patrick 

Thanks a lot for this input, but my question goes more in the direction, how you
should setup your system, so that everything starts up automatically. I
can't execute your steps by hand on a productive server and to write a shell
script, which I let run in rc.local, is from my view also not so a clean
solution. That's why my question goes for a definite guide to setup such
network configurations.

Can I do this steps with ifcfg-xxxx files, how do I create a second bridge in a
clean way and how do I arrage the assignement of the vif to the bridges. All
this is just about the setup of dom0.

So, the question is not how to do it, it how to do it clean and propper on a
Fedora Core 4 system. Thanks a lot for all ideas. If a lot of good proposal will
come in, I will try to find the time to write such a guide and post it to this
mailing list. Thanks a lot for all the hints and links.


bye Philipp 


  



Patrick Wolfe <pwolfe@employease.com> 

03/13/2006 03:29 PM 

To

Philipp J䧧i <philipp.jaggi@snct.lu> 

cc

 

Subject

Re: [Xen-users] Dummy ethernet device setup

 

 

 




Just use veth1/vif0.1 as your connection from dom0 to xenbr1:

                brctl addif vif0.1
                ip link set veth1 address 00:16:3e:f1:e2:d3 arp on up
                ip addr add 192.168.1.1/24 dev veth1

to remove it:

                ip link set veth1 down
                ip addr flush dev veth1
                brctl delif vif0.1

On Mon, 2006-03-13 at 10:09 +0100, Philipp J䧧i wrote:
> 
> Hello you all out there 
> 
> Does anybody know the definite guide to create a dummy ethernet
> device? 
> 
> So, what I want to have is an ethernet device, without a physical
> link, or so called a dummy device. My goal is to have apache with
> mod_proxy and balancer running on peth0 in dom0. Apache is spreading
> my connection to the backend domU's, where the webservices are
> running. The connection between the dom's should go on dom0 over the
> dummy interface and they are all connected over a bridge. Hope the
> following ascii-art explains it a little bit better: 
> 
> 
>                     
> ------------------------------------------------------------- 
> |                peth0                        | 
> |                DOM0                        | 
> |                                         | 
> |                tun0 (dummy dev)        | 
> |                  xenbr1                        | instead of dummy
> |----------------------------------------------------------        | 
> |        eth0        |        eth0                | 
> |        domU        |        domU                | 
> | _____________|____________________| 
> 
> 
> I tried with tun to setup the stuff, but I've got several problems. I
> search a lot in the internet, but I didn't find a good documentation.
> So my question is, how to setup cleanly such a dummy device. Any help
> or link to documentation is welcome! Thanks a lot for your help 
> 
> 
> bye Philipp 
> 
> ==============================================> Philipp J䧧i
> SNCT Sandweiler
> bp 23
> L-5230 Sandweiler
> 
> mailto: philipp [dot] jaeggi [at] snct [dot] lu
> _______________________________________________
> Xen-users mailing list
> Xen-users@lists.xensource.com
> http://lists.xensource.com/xen-users
-- 
Patrick Wolfe  (pwolfe@employease.com)





_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Philipp,

as far as I understand it a dummy device does not transport packets, but 
accepts them and sends them to /dev/null.

Your setup very much looks like the standard setup: Your dom0 and domUs 
are connected to a bridge, and Apache (with the IP of dom0) acts as a 
proxy for the domUs. In the place of the dummy xen automatically sets up 
a vif.

Is there any special reason why you want a dummy device in your setup?

Dirk

Philipp Jäggi schrieb:
>Hello you all out there
>
>Does anybody know the definite guide to create a dummy ethernet device?
>
>So, what I want to have is an ethernet device, without a physical link, or 
>so called a dummy device. My goal is to have apache with mod_proxy and 
>balancer running on peth0 in dom0. Apache is spreading my connection to 
>the backend domU''s, where the webservices are running. The
connection
>between the dom''s should go on dom0 over the dummy interface and
they are
>all connected over a bridge. Hope the following ascii-art explains it a 
>little bit better:
>
>
>                    ¦¦
>-------------------------------------------------------------
>|               peth0                   |
>|               DOM0                    |
>|                                       |
>|               tun0 (dummy dev)        |
>|                xenbr1                 |
>|----------------------------------------------------------     |
>|       eth0    |       eth0            |
>|       domU    |       domU            |
>| _____________|____________________|
>
>
>I tried with tun to setup the stuff, but I''ve got several problems.
I
>search a lot in the internet, but I didn''t find a good
documentation. So
>my question is, how to setup cleanly such a dummy device. Any help or link 
>to documentation is welcome! Thanks a lot for your help
>
>
>bye Philipp
>
>==============================================>Philipp Jäggi
>SNCT Sandweiler
>bp 23
>L-5230 Sandweiler
>
>mailto: philipp [dot] jaeggi [at] snct [dot] lu
>  
>
>------------------------------------------------------------------------
>
>_______________________________________________
>Xen-users mailing list
>Xen-users@lists.xensource.com
>http://lists.xensource.com/xen-users
>

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Hello Philipp,

Philipp Jäggi schrieb:
>So, my question is about how to setup cleanly the bridges, the veth2. I 
>don''t want to create a shell script that makes all the necessary
steps as
>I perform it in the shell. So where do I specify the bridge configuration, 
>  
>
You can setup a bridge in /etc/network/interfaces (or wherever your 
interfaces are described in your distro) like any other interface.

I have used that on my home firewall, e.g.:
> auto xen-br0
> iface xen-br0 inet static
>         address 192.168.137.254
> #       hwaddress ether 00:00:00:78:bd:01
>         netmask 255.255.255.0
>         network 192.168.137.0
>         broadcast 192.168.137.255
>         pre-up brctl addbr xen-br0
>         post-down brctl delbr xen-br0
Only assigning the MAC address to the bridge seems not to work, 
everything else does. Of course you have to disable the 
bridge-setup-script xen uses when starting. I did not bother to find out 
if xen can be forced not to start a networking script at all, so I 
simply added "exit 0" to the beginning of the bridged networking
script
- that is quick and dirty and works.
>where do I store the veth2 config? 
>
I would write that into the config file for the domX.
>My idea about is at the moment, to 
>create a folder /etc/sysconfig/xen-nework, where I store the bridge 
>information and the ifcfg-veth2. But for this I need a wrapper scripts 
>that start all up cleanly, something like /etc/rc.d/init.d/xen-network. By 
>my problem is, to find the right point in the XEN startup process, where I 
>have to start the network. 
>
That was the reason why I set up the bridge as interface with the base 
system.
>Because Xen itself start also the network for 
>eth0 and eth1. This I would like to take out of the /etc/rc.d/init.d/xend 
>script and paste it into my xen-network script, so that finally everything 
>that belongs to network is started in one block.
>
>I have to do this issues, because in a productive environment with just a 
>couple of people working in the IT and high security requirements, 
>configuration safety is everything. 
>
Let''s say, nowadays security is everything - everywhere.
But nevertheless: you could add the domUs to the bridge connected to the 
physical interface and have a firewall on every domU (I use shorewall 
for that kind of setup). Or have a firewall in dom0 and NAT the traffic 
to the domUs. Or push the physical interface in a domU that is a 
separate firewall of its own.
>That why the whole system will be 
>administrated with the help of cfengine.
>
What is cfengine? What does it help concerning security? I am quite 
interested in these things.
> As a result of this I have to 
>separate and concernat everything in clean blocks of config files and 
>startup scripts. To do this I requested a guide to clean xen network 
>setup, where everything works after the bootsquence... :-)
>
>
>Hope you can still help me...
>  
>
We will see. :-) At least I can try. By the way, if we keep the 
discussion on the list there will be more input from experienced people 
- there are quite some people out there having solved the same problems.

Dirk
>  
>

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Dear Dirk

As I saw out of your email, you are using debian, or a debian clone. Your 
setup that you propose to me is debian specific and mine is Fedora or 
Redhat specific. That''s why I trying to separate the xen networking
part
in a single block, so that I have finally a platform independent solution, 
or at least a solution which is easy to adapt.
At the moment I am working with Fedora, but the productive environment can 
be on Redhat or Suse (hopefully not Suse). But when we go on with the 
virtualisation process, I have to work with sun solaris. If I do there a 
complete new type of setup it''s not easy for my colleges to work with
my
setup. I myself know surely the differences, but the others ...

The next point is that I use cfengine. Cfengine is a tool for managing 
configuration files. You can use it for every linux distribution, bsd, 
solaris, hpux, aix... But before using cfengine, you have to standardize 
your setup of the servers. For more information check this site 
www.cfengine.org

That why I tried to bring up this discussion about a clean xen network 
setup.

And still the questions are, when to start the xen network, what to take 
out in the xend script, where to store the config files....

Thanks a lot for your inputs, Dirk.


bye Philipp 

==============================================Philipp Jäggi
SNCT Sandweiler
bp 23
L-5230 Sandweiler

mailto: philipp.jaeggi@snct.lu





"Dirk H. Schulz" <dirk.schulz@kinzesberg.de> 
03/14/2006 10:11 AM

To
Philipp Jäggi <philipp.jaggi@snct.lu>, xen-users@lists.xensource.com
cc

Subject
Re: [Xen-users] Dummy ethernet device setup






Hello Philipp,

Philipp Jäggi schrieb:
>So, my question is about how to setup cleanly the bridges, the veth2. I 
>don''t want to create a shell script that makes all the necessary
steps as
>I perform it in the shell. So where do I specify the bridge 
configuration, 
> 
>
You can setup a bridge in /etc/network/interfaces (or wherever your 
interfaces are described in your distro) like any other interface.

I have used that on my home firewall, e.g.:
> auto xen-br0
> iface xen-br0 inet static
>         address 192.168.137.254
> #       hwaddress ether 00:00:00:78:bd:01
>         netmask 255.255.255.0
>         network 192.168.137.0
>         broadcast 192.168.137.255
>         pre-up brctl addbr xen-br0
>         post-down brctl delbr xen-br0
Only assigning the MAC address to the bridge seems not to work, 
everything else does. Of course you have to disable the 
bridge-setup-script xen uses when starting. I did not bother to find out 
if xen can be forced not to start a networking script at all, so I 
simply added "exit 0" to the beginning of the bridged networking
script
- that is quick and dirty and works.
>where do I store the veth2 config? 
>
I would write that into the config file for the domX.
>My idea about is at the moment, to 
>create a folder /etc/sysconfig/xen-nework, where I store the bridge 
>information and the ifcfg-veth2. But for this I need a wrapper scripts 
>that start all up cleanly, something like /etc/rc.d/init.d/xen-network. 
By 
>my problem is, to find the right point in the XEN startup process, where 
I 
>have to start the network. 
>
That was the reason why I set up the bridge as interface with the base 
system.
>Because Xen itself start also the network for 
>eth0 and eth1. This I would like to take out of the /etc/rc.d/init.d/xend 
>script and paste it into my xen-network script, so that finally 
everything 
>that belongs to network is started in one block.
>
>I have to do this issues, because in a productive environment with just a 
>couple of people working in the IT and high security requirements, 
>configuration safety is everything. 
>
Let''s say, nowadays security is everything - everywhere.
But nevertheless: you could add the domUs to the bridge connected to the 
physical interface and have a firewall on every domU (I use shorewall 
for that kind of setup). Or have a firewall in dom0 and NAT the traffic 
to the domUs. Or push the physical interface in a domU that is a 
separate firewall of its own.
>That why the whole system will be 
>administrated with the help of cfengine.
>
What is cfengine? What does it help concerning security? I am quite 
interested in these things.
> As a result of this I have to 
>separate and concernat everything in clean blocks of config files and 
>startup scripts. To do this I requested a guide to clean xen network 
>setup, where everything works after the bootsquence... :-)
>
>
>Hope you can still help me...
> 
>
We will see. :-) At least I can try. By the way, if we keep the 
discussion on the list there will be more input from experienced people 
- there are quite some people out there having solved the same problems.

Dirk
> 
>



_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users