Hi there, I have two dom0 hosts with two network interfaces. One of those interfaces is configured with an IP address and is the ''service entrance'' for maintenance of the host. The other interface is allocated to the Xen bridge and does not have IP addresses assigned to it. The two dom0 hosts are connected on this interface with a crossover cable. This forms a network for the domU virtual machines on each dom0 and some of these domU machines replicate disk via this crossover cable with drbd and also do heartbeat monitoring. So far this is all working perfectly. I would like very much to be able to seperate the two physical hosts and to temporarily place them into different facilities. A really really long crossover cable is out of the question. What I am thinking of is creating a VPN between the two machines however I''m not sure how to do this. I am thinking that if I create a VPN tunnel between the two sites and then connect the bridged interface to the VPN this won''t work. Or will it? Remember that the bridged interface itself doesn''t have an IP address. And I''m not sure how OpenVPN would react to passing packets from the Xen bridges. Can anyone please offer any suggestions as to how to create a tunnel between these two hosts (to simulate the crossover cable)? Thanks! _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
If the connection between the two ending points (in the two facilities) is ralized exlcusively by IEEE 802.1q VLAN capable switches all along the path, then the obvious solution is to create a dedicated VLAN for this purpose. However, read this: http://openvpn.net/index.php/documentation/miscellaneous/ethernet-bridging.html This seems to be the stuff, needed for xen, but doesn''t provide as strong separation as the VLAN. Bye, Tamas 2008. 09. 19, péntek keltezéssel 12.29-kor Steve Wray ezt írta:> Hi there, > > I have two dom0 hosts with two network interfaces. > > One of those interfaces is configured with an IP address and is the > ''service entrance'' for maintenance of the host. > > The other interface is allocated to the Xen bridge and does not have IP > addresses assigned to it. > > The two dom0 hosts are connected on this interface with a crossover > cable. This forms a network for the domU virtual machines on each dom0 > and some of these domU machines replicate disk via this crossover cable > with drbd and also do heartbeat monitoring. > > So far this is all working perfectly. > > I would like very much to be able to seperate the two physical hosts and > to temporarily place them into different facilities. > > A really really long crossover cable is out of the question. > > What I am thinking of is creating a VPN between the two machines however > I''m not sure how to do this. > > I am thinking that if I create a VPN tunnel between the two sites and > then connect the bridged interface to the VPN this won''t work. Or will > it? Remember that the bridged interface itself doesn''t have an IP > address. And I''m not sure how OpenVPN would react to passing packets > from the Xen bridges. > > > Can anyone please offer any suggestions as to how to create a tunnel > between these two hosts (to simulate the crossover cable)? > > Thanks! > > > > > _______________________________________________ > Xen-users mailing list > Xen-users@lists.xensource.com > http://lists.xensource.com/xen-users_______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
On Thursday 18 September 2008, Steve Wray wrote:> I am thinking that if I create a VPN tunnel between the two sites and > then connect the bridged interface to the VPN this won''t work. Or will > it? Remember that the bridged interface itself doesn''t have an IP > address. And I''m not sure how OpenVPN would react to passing packets > from the Xen bridges.yep, OpenVPN works great with bridges. in fact, it''s the usual configuration when doing frame-based tunnelling (as opposed to IP-based). in this case, the tunX iface created by OpenVPN might not have an IP address either, yet it works as expected. -- Javier _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Hi Steve, After read your post, I was very interested on the structure you have realized for this situation. Can you please post more information about it? I mean, explain the details behind your configuration to use crossover cables to "share" and use drbd and heartbeat? We have 03 hosts with powerfull machines and this solution seems to be very useful... Thanks in advance!!! Regards Bruno Bertechini -----Mensagem original----- De: xen-users-bounces@lists.xensource.com [mailto:xen-users-bounces@lists.xensource.com] Em nome de Steve Wray Enviada em: quinta-feira, 18 de setembro de 2008 21:30 Para: xen-users@lists.xensource.com Assunto: [Xen-users] Connecting dom0''s with VPN? Hi there, I have two dom0 hosts with two network interfaces. One of those interfaces is configured with an IP address and is the ''service entrance'' for maintenance of the host. The other interface is allocated to the Xen bridge and does not have IP addresses assigned to it. The two dom0 hosts are connected on this interface with a crossover cable. This forms a network for the domU virtual machines on each dom0 and some of these domU machines replicate disk via this crossover cable with drbd and also do heartbeat monitoring. So far this is all working perfectly. I would like very much to be able to seperate the two physical hosts and to temporarily place them into different facilities. A really really long crossover cable is out of the question. What I am thinking of is creating a VPN between the two machines however I''m not sure how to do this. I am thinking that if I create a VPN tunnel between the two sites and then connect the bridged interface to the VPN this won''t work. Or will it? Remember that the bridged interface itself doesn''t have an IP address. And I''m not sure how OpenVPN would react to passing packets from the Xen bridges. Can anyone please offer any suggestions as to how to create a tunnel between these two hosts (to simulate the crossover cable)? Thanks! _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users