Xen users - May 2008 - Should I use bridged or routed networking?

I have a physical server with four interfaces. Dom0 will be running
Shorewall to take care of the firewall/routing functions of our network.  A
domU will be running Asterisk for VoIP, and a second domU will serve up a
basic website.  I also intend to eventually bring up another DomU running
SER (a SIP proxy) to assist external VoIP clients who are behind a NAT
gateway.  I am planning on using the four physical interfaces as follows:

 

eth0: Connected to our LAN.

 

eth1: DMZ.  This will primarily contain a Cisco PIX to provide legacy access
to our VPN, which is in the process of being replaced with OpenVPN.  I would
also like to bring up the public web server here. I will likely setup a
static NAT config in Shorewall for this zone.

 

eth2: Internal VoIP network. In the office we have a physically separate LAN
(separate cabling, switch, etc) which will interconnect the VoIP phones and
the (virtualized) Asterisk server. 

 

eth3: Our T1 connection to the Internet.  Our telecom provider is also
providing our voice trunking via SIP handoff, so both voice and data will be
coming in on this interface.

 

Once I get my head wrapped around all of this and get a stable config
working, I''d also like to swap out the dual-port NIC with a quad-port. 
I''d
then add in two additional zones for a backup DSL connection and wifi
access. 

 

I''m very comfortable with Asterisk and moderately experienced with
Shorewall, but still rather new to Xen and am having difficulty visualizing
the proper network config to use.  Bridged? Routed? With a handful of
servers and switches I''m sure I''d manage much better, but
that''s not very
efficient. :-) Anyone have any suggestions?  Thanks!



_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

> I''m very comfortable with Asterisk and moderately experienced with
> Shorewall, but still rather new to Xen and am having difficulty visualizing
> the proper network config to use.  Bridged? Routed? With a handful of
> servers and switches I''m sure I''d manage much better, but
that''s not very
> efficient. :-) Anyone have any suggestions?  Thanks!
these are good reads for a start:

 http://www.shorewall.net/Xen.html
 http://www.shorewall.net/XenMyWay.html

hth!

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

>> I''m very comfortable with Asterisk and moderately experienced
with
>> Shorewall, but still rather new to Xen and am having difficulty
>> visualizing
>> the proper network config to use.  Bridged? Routed? With a handful of
>> servers and switches I''m sure I''d manage much better,
but that''s not
>> very
>> efficient. :-) Anyone have any suggestions?  Thanks!
>
> these are good reads for a start:
>
>  http://www.shorewall.net/Xen.html
>  http://www.shorewall.net/XenMyWay.html
>
> hth!
>
Thanks.  I''ve already spent the entire day yesterday reading those
HOWTOs
(there''s also one more that deals with a routed config).  I was hoping
to
get some feedback specific to my environment since I''ve never set-up a
firewall with six-interfaces--much less one under Xen.  But you''re
right,
perhaps resources more specific to Shorewall might be more helpful for me.


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

>I''m very comfortable with Asterisk and moderately experienced with
Shorewall, but still rather new to Xen and am having difficulty visualizing the
proper network config to use.  Bridged? Routed? With a handful of servers and
switches I''m sure I''d manage much better, but that''s
not >very efficient. :-) Anyone have any suggestions?  Thanks!
Jamie,
I have this setup running similarly, I used a CentOS51 pv guest to run shorewall
and a bridged config. So easy...

Food for thought,
jlc


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users