Xen users - Sep 2006 - Dom-U config: whats the role of vif - IP

Hello,

in the example configuration-files I always read, that I''ve to add an
IP-Adress if I don''t have a DHCPd running. I''m running in
bridge-mode. For
example:

vif = [''ip=192.168.5.99'']

But I don''t want to configure the IP-Adress in an config-file on Dom-0;
the Admin of the Dom-U should do that with Dom-U''s ifconfig (or
Debian''s
/etc/network/interfaces). I started several Dom-Us with

vif = ['''']

and it seems, that they run quite fine with a locally configured
interface. And further on, if I change the above vif =
[''ip=192.168.5.99'']
to any other IP, the Dom-U ist still reachable under its locally
configured IP (and not under the new one in der config-file) after
rebooting the Dom-U.

So what''s the sense of the above parameter?

cu cp


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Christoph Purrucker wrote:
> Hello,
> 
> in the example configuration-files I always read, that I''ve to add
an
> IP-Adress if I don''t have a DHCPd running. I''m running in
bridge-mode. For
> example:
> 
> vif = [''ip=192.168.5.99'']
> 
> But I don''t want to configure the IP-Adress in an config-file on
Dom-0;
> the Admin of the Dom-U should do that with Dom-U''s ifconfig (or
Debian''s
> /etc/network/interfaces). I started several Dom-Us with
> 
> vif = ['''']
> 
> and it seems, that they run quite fine with a locally configured
> interface. And further on, if I change the above vif =
[''ip=192.168.5.99'']
> to any other IP, the Dom-U ist still reachable under its locally
> configured IP (and not under the new one in der config-file) after
> rebooting the Dom-U.
> 
> So what''s the sense of the above parameter?
> 
I admit, it is quite confusing. vif = [ ''ip=... has nothing to do
whatsoever with configuring your domU network! If you want fixed
ip-addresses for your domU, you have to configure them inside your
domU (exactly as you want). The vif-ip stuff is ONLY used to fine-
tune your firewall-rules (i.e. iptables).
Specify vif = [ ''ip=whatever'' ], start your dom0 and you will
find
the specified ip-address back in your iptables. If you''re not using
iptables, the ip=... has absolutely no effect.

Hope this helps,
Hans.

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

As far as I understand there''re several ways of configuring
DomU''s
networking in Xen. One reason for example to specify the IP in the
configuration file is that then it is possible to enable antispoofing
for IP addresses of your DomUs. This means that when you configure
another IP in your DomUs ifconfig than in your DomU configuration file,
then networking for your DomU won''t work anymore. I never used this
feature, but this is what the documentation says. However, you have to
enable antispoofing explicitly. 
Another reason for configuring networking in the configuration file is
to pass this information as kernel parameters, which is very useful for
i.e. booting from network devices etc.

However, if you don''t need all this, then there''s no problem
with
leaving the IP configuration out of the configuration file (-> vif
['''']) and just use ifconfig in your DomU itself.

Anna

-----Original Message-----
From: xen-users-bounces@lists.xensource.com
[mailto:xen-users-bounces@lists.xensource.com] On Behalf Of Christoph
Purrucker
Sent: Freitag, 22. September 2006 10:52
To: xen-users@lists.xensource.com
Subject: [Xen-users] Dom-U config: whats the role of vif - IP

Hello,

in the example configuration-files I always read, that I''ve to add an
IP-Adress if I don''t have a DHCPd running. I''m running in
bridge-mode.
For
example:

vif = [''ip=192.168.5.99'']

But I don''t want to configure the IP-Adress in an config-file on Dom-0;
the Admin of the Dom-U should do that with Dom-U''s ifconfig (or
Debian''s
/etc/network/interfaces). I started several Dom-Us with

vif = ['''']

and it seems, that they run quite fine with a locally configured
interface. And further on, if I change the above vif
[''ip=192.168.5.99'']
to any other IP, the Dom-U ist still reachable under its locally
configured IP (and not under the new one in der config-file) after
rebooting the Dom-U.

So what''s the sense of the above parameter?

cu cp


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

This is really a big issue for people such as web hosting providers who
will be giving ''untrusted'' root access to dom-u''s to
the general public.

VPS servers are a very popular choice for those who purchase hosting
services with less than honorable intentions. 

Since many do setup their networks for ease of administration (meaning,
whatever dom-u broadcasts an IP on a subnet that knows about it, owns
it) this allows one dom-u to ''hijack'' the IP of another and
use it for
abusive activity, intercept traffic, etc. 

If you have only ''trusted'' root users on your dom-u''s
and don''t run
insecure public services from them, its pretty safe to just leave things
easy and do your networking at the dom-u end.

Depending on the quality of the network feeding your bridges (if using
them), you may find it handy to specify a mac address in both the xen
configuration and dom-u network init scripts.

So there really isn''t a right or wrong answer.. other than be sure
allowing dom-u''s to bring up their own IP''s fits your security
model :)

HTH,
-Tim

On Fri, 2006-09-22 at 11:52 +0200, Christoph Purrucker
wrote:
> Hello,
> 
> in the example configuration-files I always read, that I''ve to add
an
> IP-Adress if I don''t have a DHCPd running. I''m running in
bridge-mode. For
> example:
> 
> vif = [''ip=192.168.5.99'']
> 
> But I don''t want to configure the IP-Adress in an config-file on
Dom-0;
> the Admin of the Dom-U should do that with Dom-U''s ifconfig (or
Debian''s
> /etc/network/interfaces). I started several Dom-Us with
> 
> vif = ['''']
> 
> and it seems, that they run quite fine with a locally configured
> interface. And further on, if I change the above vif =
[''ip=192.168.5.99'']
> to any other IP, the Dom-U ist still reachable under its locally
> configured IP (and not under the new one in der config-file) after
> rebooting the Dom-U.
> 
> So what''s the sense of the above parameter?
> 
> cu cp
> 
> 
> _______________________________________________
> Xen-users mailing list
> Xen-users@lists.xensource.com
> http://lists.xensource.com/xen-users
> 
> 

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

I forgot to mention, this is only useful when used in conjunction with
antispoof, or something else (custom shorewall setups / etc) running on
dom-0 that are smart enough to handle it.

No "magic" happens within Xen itself to prevent this just because the
variables are specified. 

I need to start paying attention to list netiquette and stop assuming
everyone knows I''m alluding to a utility that I didn''t bother
to mention
in my reply (shorewall / iptables). Sorry about the double reply and
quotes :)

-Tim

On Mon, 2006-09-25 at 00:52 +0800, Tim Post wrote:
> This is really a big issue for people such as web hosting providers who
> will be giving ''untrusted'' root access to
dom-u''s to the general public.
> 
> VPS servers are a very popular choice for those who purchase hosting
> services with less than honorable intentions. 
> 
> Since many do setup their networks for ease of administration (meaning,
> whatever dom-u broadcasts an IP on a subnet that knows about it, owns
> it) this allows one dom-u to ''hijack'' the IP of another
and use it for
> abusive activity, intercept traffic, etc. 
> 
> If you have only ''trusted'' root users on your
dom-u''s and don''t run
> insecure public services from them, its pretty safe to just leave things
> easy and do your networking at the dom-u end.
> 
> Depending on the quality of the network feeding your bridges (if using
> them), you may find it handy to specify a mac address in both the xen
> configuration and dom-u network init scripts.
> 
> So there really isn''t a right or wrong answer.. other than be sure
> allowing dom-u''s to bring up their own IP''s fits your
security model :)
> 
> HTH,
> -Tim
> 
> On Fri, 2006-09-22 at 11:52 +0200, Christoph Purrucker wrote:
> > Hello,
> > 
> > in the example configuration-files I always read, that I''ve
to add an
> > IP-Adress if I don''t have a DHCPd running. I''m
running in bridge-mode. For
> > example:
> > 
> > vif = [''ip=192.168.5.99'']
> > 
> > But I don''t want to configure the IP-Adress in an config-file
on Dom-0;
> > the Admin of the Dom-U should do that with Dom-U''s ifconfig
(or Debian''s
> > /etc/network/interfaces). I started several Dom-Us with
> > 
> > vif = ['''']
> > 
> > and it seems, that they run quite fine with a locally configured
> > interface. And further on, if I change the above vif =
[''ip=192.168.5.99'']
> > to any other IP, the Dom-U ist still reachable under its locally
> > configured IP (and not under the new one in der config-file) after
> > rebooting the Dom-U.
> > 
> > So what''s the sense of the above parameter?
> > 
> > cu cp
> > 
> > 
> > _______________________________________________
> > Xen-users mailing list
> > Xen-users@lists.xensource.com
> > http://lists.xensource.com/xen-users
> > 
> > 
> 
> 
> _______________________________________________
> Xen-users mailing list
> Xen-users@lists.xensource.com
> http://lists.xensource.com/xen-users
> 
> 

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users