Xen users - Mar 2006 - Xen on multiple public IP''s

Hiya list,

I am new to XEN and have been pulling out my hair trying to figure this
out. I have 25+ dedicated public IP''s and a very nice server. I have
always been a security nut running openbsd as my primary server operating
system, until I found XEN. I love XEN thus far and it''s stability, but
I
can''t seem to get this working properly.

I want each separate dom to have a public IP. I have read the docs,
followed the tutorial here:

http://www.debian-administration.org/articles/360

I can''t seem to get networking functioning properly on it. Do I want
bridge or route? Any help would be appreciated. If you need any particular
info, please let me know.

thanks.
mrkris

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

On 3/20/06, mrkris@mrkris.com <mrkris@mrkris.com>
wrote:
> Hiya list,
>
> I am new to XEN and have been pulling out my hair trying to figure this
> out. I have 25+ dedicated public IP''s and a very nice server. I
have
> always been a security nut running openbsd as my primary server operating
> system, until I found XEN. I love XEN thus far and it''s stability,
but I
> can''t seem to get this working properly.
>
> I want each separate dom to have a public IP. I have read the docs,
> followed the tutorial here:
>
> http://www.debian-administration.org/articles/360
>
> I can''t seem to get networking functioning properly on it. Do I
want
> bridge or route? Any help would be appreciated. If you need any particular
> info, please let me know.
>
> thanks.
> mrkris
You would just need to run in bridge mode with each domU having an IP
in the public range.  I would personally setup a firewall that mapped
public IPs to nat-ed addresses, but that''s just me.

In your Xen scripts for each domU, are you giving them a public IP like this:

# Network
ip = "192.168.1.97"   # Pretend this is public
netmask = "255.255.255.0"
gateway = "192.168.1.1"


Are the domU machines being given IPs that are part of the same subnet
as dom0? You will need to do this for bridged networking to work out
of the box.

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

> On 3/20/06, mrkris@mrkris.com <mrkris@mrkris.com> wrote:
>> Hiya list,
>>
>> I am new to XEN and have been pulling out my hair trying to figure this
>> out. I have 25+ dedicated public IP''s and a very nice server.
I have
>> always been a security nut running openbsd as my primary server
>> operating
>> system, until I found XEN. I love XEN thus far and it''s
stability, but I
>> can''t seem to get this working properly.
>>
>> I want each separate dom to have a public IP. I have read the docs,
>> followed the tutorial here:
>>
>> http://www.debian-administration.org/articles/360
>>
>> I can''t seem to get networking functioning properly on it. Do
I want
>> bridge or route? Any help would be appreciated. If you need any
>> particular
>> info, please let me know.
>>
>> thanks.
>> mrkris
>
> You would just need to run in bridge mode with each domU having an IP
> in the public range.  I would personally setup a firewall that mapped
> public IPs to nat-ed addresses, but that''s just me.
>
> In your Xen scripts for each domU, are you giving them a public IP like
> this:
>
> # Network
> ip = "192.168.1.97"   # Pretend this is public
> netmask = "255.255.255.0"
> gateway = "192.168.1.1"
>
>
> Are the domU machines being given IPs that are part of the same subnet
> as dom0? You will need to do this for bridged networking to work out
> of the box.
>
I am using Steve from steve.org.uk''s xen scripts to generate the doms.
I
do assign them a public ip with the appropriate ip, netmask and gateway.
Every IP on the system is sequential. x.x.x.230 is the system. If I read
the docs correctly, then x.x.x.231 would be the bridge ip, then x.x.x.232+
would be assigned to each dom, then each dom would have their gateway set
as x.x.x.231.

In the xend-config script I am going to want to use:

(network-script network-bridge)
(vif-bridge xenbr0)
(vif-script vif-bridge)

This correct?

Thanks,
mrkris




_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

On 3/21/06, mrkris@mrkris.com <mrkris@mrkris.com>
wrote:
> I can''t seem to get networking functioning properly on it. Do I
want
> bridge or route? Any help would be appreciated. If you need any particular
> info, please let me know.
Bridge.

I have this functional with two Xen debian machines in a colo. Both
running bridges and share IPs in the same subnet across various domUs
on each machine.

The default setup should work.  I find it better to set the IPs in the
domUs using the standard method /etc/network/interfaces.

Using ifconfig is also a good have to test things.

If you continue to have trouble you might start by send though various
output. ifconfig -a from both the dom0/host0 and a domU.

--
Nicholas Lee
http://stateless.geek.nz
gpg 8072 4F86 EDCD 4FC1 18EF  5BDD 07B0 9597 6D58 D70C

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

On 3/20/06, mrkris@mrkris.com <mrkris@mrkris.com>
wrote:
> > On 3/20/06, mrkris@mrkris.com <mrkris@mrkris.com> wrote:
> >> Hiya list,
> >>
> >> I am new to XEN and have been pulling out my hair trying to figure
this
> >> out. I have 25+ dedicated public IP''s and a very nice
server. I have
> >> always been a security nut running openbsd as my primary server
> >> operating
> >> system, until I found XEN. I love XEN thus far and it''s
stability, but I
> >> can''t seem to get this working properly.
> >>
> >> I want each separate dom to have a public IP. I have read the
docs,
> >> followed the tutorial here:
> >>
> >> http://www.debian-administration.org/articles/360
> >>
> >> I can''t seem to get networking functioning properly on
it. Do I want
> >> bridge or route? Any help would be appreciated. If you need any
> >> particular
> >> info, please let me know.
> >>
> >> thanks.
> >> mrkris
> >
> > You would just need to run in bridge mode with each domU having an IP
> > in the public range.  I would personally setup a firewall that mapped
> > public IPs to nat-ed addresses, but that''s just me.
> >
> > In your Xen scripts for each domU, are you giving them a public IP
like
> > this:
> >
> > # Network
> > ip = "192.168.1.97"   # Pretend this is public
> > netmask = "255.255.255.0"
> > gateway = "192.168.1.1"
> >
> >
> > Are the domU machines being given IPs that are part of the same subnet
> > as dom0? You will need to do this for bridged networking to work out
> > of the box.
> >
>
> I am using Steve from steve.org.uk''s xen scripts to generate the
doms. I
> do assign them a public ip with the appropriate ip, netmask and gateway.
> Every IP on the system is sequential. x.x.x.230 is the system. If I read
> the docs correctly, then x.x.x.231 would be the bridge ip, then x.x.x.232+
> would be assigned to each dom, then each dom would have their gateway set
> as x.x.x.231.
>
> In the xend-config script I am going to want to use:
>
> (network-script network-bridge)
> (vif-bridge xenbr0)
> (vif-script vif-bridge)
>
> This correct?
>
> Thanks,
> mrkris
Well I want to stress that I''m not saying your config is wrong.  I
haven''t setup Xen to work in that way.

My networking is setup the default way using the xen scripts from
source.  So my bridge has no IP, eth0 is has an IP on the local
subnet, all vif are added to the bridge, and my domU domains use the
LAN gateway not the bridge to route their traffic.

I originally had a setup similar to yours, but I always had problems
with things coming up automatically.  So I scrapped it and started
over from the source and I''ve had zero problems since.  I
haven''t
messed with my networking yet because I have been too busy, but
hopefully soon I will have a little more advanced setup.

I haven''t looked at Steve''s scripts, but my guess from my own
experience is that using the bridge as your gateway with it having an
IP is messing things up. Have you tried the default xen network
scripts? It sounds like they''ll do exactly what you want.

Sorry I can''t be of more help.

_Eric

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

On Mon, Mar 20, 2006 at 01:52:15PM -0500, mrkris@mrkris.com wrote:
> >> http://www.debian-administration.org/articles/360
  OK that was mine and it works for me...
> I am using Steve from steve.org.uk''s xen scripts to generate the
doms. I
> do assign them a public ip with the appropriate ip, netmask and gateway.
> Every IP on the system is sequential. x.x.x.230 is the system. If I read
> the docs correctly, then x.x.x.231 would be the bridge ip, then x.x.x.232+
> would be assigned to each dom, then each dom would have their gateway set
> as x.x.x.231.
  What does ifconfig on the host show?
> In the xend-config script I am going to want to use:
> 
> (network-script network-bridge)
> (vif-bridge xenbr0)
> (vif-script vif-bridge)
  I think I''d suggest using :

(network-script network-route)
(vif-script     vif-route)

  Since the IPs are public they''ll be added to your bridge and should
 be generally accessible.

  One gotcha that I missed was needing to have the public IPs listed
 in the Xen configuration files for the images, something I did
 mention briefly at the foot of the tutorial.

Steve
-- 
http://www.steve.org.uk/

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Nicholas Lee wrote:
> I have this functional with two Xen debian machines in a colo. Both
> running bridges and share IPs in the same subnet across various domUs
> on each machine.
Are there going to be any issues if the dom0 has an IP on one subnet and the
domUs have been assigned IPs on a different subnet?

Tim

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

On Wed, May 24, 2006 at 04:54:36PM +1000, Tim Sharpe
wrote:
> Nicholas Lee wrote:
> > I have this functional with two Xen debian machines in a colo. Both
> > running bridges and share IPs in the same subnet across various domUs
> > on each machine.
> 
> Are there going to be any issues if the dom0 has an IP on one subnet and
the
> domUs have been assigned IPs on a different subnet?
If they''re bridged, then there will be no more issues than having
multiple
machines on different subnets sharing a switch -- in other words, none.

- Matt

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users