Hi! I’m trying to expand a XEN environment. The hardware has two NICs joined together by the bonding driver. All traffic between the switch and the bond0 interface has VLAN tags. At the beginning I had only DomUs in two VLANs which I configured in the following way: - I created dummy vlan interfaces without IP address; - I created bridges with one connection to the dummy vlan interfaces; - the VIFs of the DomUs where configured to attach to the given bridge: With this the DomUs will only see the untagged traffic of their networks. Debian-Example: /etc/network/interfaces: [snip] auto vlan10 iface vlan10 inet manual vlan-raw-device bond0 auto xenbr10 iface xenbr10 inet manual bridge_ports vlan10 bridge_maxwait 0 [snip] Everything worked as planned, but now I have a DomU needing more than three NICs (and I will need another DomU needing 9). I realized that XEN supports only three virtual NICs. What to do now? I tried to create a new bridge directly attached to bond0: auto xenbrefw0 iface xenbrefw0 inet manual bridge_ports bond0 bridge_maxwait 0 and using VLANs within the DomU. But this worked not at all. Trying to ping a host outside the XEN environment but in the same network from this DomU I can see ARP requests going to the target host (sniffing at bond0). The target host is receiving the ARP requests and answered them, but I can’t see the ARP replies at the bond0 interface, so the DomU doesn’t see any answers as well. The question is why? How can I configure this situation correctly? Another problem is that the new DomU directly attached to bond0 would see more networks as it should. How can I restrict this? Could I use ebtables to filter allowed VLANs between bond0 and the xenbrefw0? Any help in this matter is appreciated. Shade and sweet water! Stephan -- | Stephan Seitz E-Mail: Nur-Ab-Sal@gmx.de | | PGP Public Keys: http://fsing.rootsland.net/~stse/pgp.html | _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users