Xen users - Nov 2008 - One physical NIC and multiple bridges

Hi all!

    There are several docs teaching how to configure multiple bridges
for Xen when you have multiple NICs.
    Well, I want to simulate a environment with 4 machines, but only 2
must have internet access (through physical NIC on dom0), and others can
comunicate with each other. So, I need to make some additional bridges
UNrelated to my physical NIC on dom0.

    I tried to create it manually using:
       brctl addbr br1
    then, in domU 1 config:
       vif = ... bridge=br1 ...
    then, in domU 2 config:
       vif = ... bridge=br1 ...

    When domU 1 and 2 boots up, it is attached to this bridge, as hoped,
but cant ping another domU connected to the same bridge.
    A simple map of my domUs:

               domUs
----------------------------------------
|               isp1_server----|---physical_NIC
|                        |             |
| client-----lan_server     |
|                        |             |
|               isp2_server----|---physical_NIC
|________________________|

    Im I forgetting something? If you has a better approach to setup it,
please tell me.




    Tom Lobato


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

What does your network setup script look like in /etc/xen/scripts?

As far as I know, a bridge has to be tied to a device on the host, but
that physical device doesn''t need to be real.  My host has four
bridges on it, three of which are bound to real ethernet devices, the
fourth is bound only to a dummy ethernet device.

here''s my network setup script, it lives in /etc/xen/scripts and gets
auto-executed when xend starts up.

# cat my-network-script
#!/bin/sh
dir=$(dirname "$0")
"$dir/network-bridge" "$@" vifnum=0 netdev=eth0
bridge=xenbr0
"$dir/network-bridge" "$@" vifnum=1 netdev=eth1
bridge=xenbr1
"$dir/network-bridge" "$@" vifnum=2 netdev=eth3
bridge=xenbr2
"$dir/network-bridge" "$@" vifnum=3 netdev=dummy1
bridge=xenbr3

bridge3 is my 100% virtual network, which exists only in the memory on
the host and not on my physical network.  It''s connected to my
phyiscal network via a firewall DomU which only allows certain traffic
to cross over.

I hope this helps!

-Gordon

On Sat, Nov 15, 2008 at 8:41 AM, Tom Lobato <tomlobato@gmail.com>
wrote:
>
>    Hi all!
>
>    There are several docs teaching how to configure multiple bridges
> for Xen when you have multiple NICs.
>    Well, I want to simulate a environment with 4 machines, but only 2
> must have internet access (through physical NIC on dom0), and others can
> comunicate with each other. So, I need to make some additional bridges
> UNrelated to my physical NIC on dom0.
>
>    I tried to create it manually using:
>       brctl addbr br1
>    then, in domU 1 config:
>       vif = ... bridge=br1 ...
>    then, in domU 2 config:
>       vif = ... bridge=br1 ...
>
>    When domU 1 and 2 boots up, it is attached to this bridge, as hoped,
> but cant ping another domU connected to the same bridge.
>    A simple map of my domUs:
>
>               domUs
> ----------------------------------------
> |               isp1_server----|---physical_NIC
> |                        |             |
> | client-----lan_server     |
> |                        |             |
> |               isp2_server----|---physical_NIC
> |________________________|
>
>    Im I forgetting something? If you has a better approach to setup it,
> please tell me.
>
>
>
>
>    Tom Lobato
>
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@lists.xensource.com
> http://lists.xensource.com/xen-users
>
_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

I followed this guide http://wiki.xensource.com/xenwiki/XenNetworkingExamples.

One of the caveats that was making it not working for me is that in Xen 3.2, the
default bridge name is the name of the physical network card. E.g if you
physical network card is eth0, then your bridge name is eth0. (see
http://wiki.xensource.com/xenwiki/XenNetworking#head-708d4c55f42b5e2b866c06e1ae69530e8c748799)
and compare 3.1 and 3.2 networking, especially bridge name.

Once I realized that the bridge name is my physical NIC name instead of xenbr0
or xenbr1, I was able to get them to work perfectly fine. The VMs that only has
Dummy0 bridge (the one with local IP) is then NAT so that they can still access
internet (for updates, installing packages, etc).

There''s only 1 more caveat that I''m yet to solve: that is,
I''m loosing source IP on the VMs. E.g. on my HTTP VM, when I access
from remote, on Apache''s access log, it is logged as connection from my
Dom0 IP address instead of the real source IP address. It happen for all
connections, not just HTTP.

Hope this helps.

MSN
> Date: Sat, 15 Nov 2008 09:28:34 -0500
> From: gordonthree@gmail.com
> To: xen-users@lists.xensource.com
> Subject: Re: [Xen-users] One physical NIC and multiple bridges
> 
> What does your network setup script look like in /etc/xen/scripts?
> 
> As far as I know, a bridge has to be tied to a device on the host, but
> that physical device doesn''t need to be real.  My host has four
> bridges on it, three of which are bound to real ethernet devices, the
> fourth is bound only to a dummy ethernet device.
> 
> here''s my network setup script, it lives in /etc/xen/scripts and
gets
> auto-executed when xend starts up.
> 
> # cat my-network-script
> #!/bin/sh
> dir=$(dirname "$0")
> "$dir/network-bridge" "$@" vifnum=0 netdev=eth0
bridge=xenbr0
> "$dir/network-bridge" "$@" vifnum=1 netdev=eth1
bridge=xenbr1
> "$dir/network-bridge" "$@" vifnum=2 netdev=eth3
bridge=xenbr2
> "$dir/network-bridge" "$@" vifnum=3 netdev=dummy1
bridge=xenbr3
> 
> bridge3 is my 100% virtual network, which exists only in the memory on
> the host and not on my physical network.  It''s connected to my
> phyiscal network via a firewall DomU which only allows certain traffic
> to cross over.
> 
> I hope this helps!
> 
> -Gordon
> 
> On Sat, Nov 15, 2008 at 8:41 AM, Tom Lobato <tomlobato@gmail.com>
wrote:
> >
> >    Hi all!
> >
> >    There are several docs teaching how to configure multiple bridges
> > for Xen when you have multiple NICs.
> >    Well, I want to simulate a environment with 4 machines, but only 2
> > must have internet access (through physical NIC on dom0), and others
can
> > comunicate with each other. So, I need to make some additional bridges
> > UNrelated to my physical NIC on dom0.
> >
> >    I tried to create it manually using:
> >       brctl addbr br1
> >    then, in domU 1 config:
> >       vif = ... bridge=br1 ...
> >    then, in domU 2 config:
> >       vif = ... bridge=br1 ...
> >
> >    When domU 1 and 2 boots up, it is attached to this bridge, as
hoped,
> > but cant ping another domU connected to the same bridge.
> >    A simple map of my domUs:
> >
> >               domUs
> > ----------------------------------------
> > |               isp1_server----|---physical_NIC
> > |                        |             |
> > | client-----lan_server     |
> > |                        |             |
> > |               isp2_server----|---physical_NIC
> > |________________________|
> >
> >    Im I forgetting something? If you has a better approach to setup
it,
> > please tell me.
> >
> >
> >
> >
> >    Tom Lobato
> >
> >
> > _______________________________________________
> > Xen-users mailing list
> > Xen-users@lists.xensource.com
> > http://lists.xensource.com/xen-users
> >
> 
> _______________________________________________
> Xen-users mailing list
> Xen-users@lists.xensource.com
> http://lists.xensource.com/xen-users

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Gordon McLellan escreveu:
> What does your network setup script look like in /etc/xen/scripts?
>
> As far as I know, a bridge has to be tied to a device on the host, but
> that physical device doesn''t need to be real.  My host has four
> bridges on it, three of which are bound to real ethernet devices, the
> fourth is bound only to a dummy ethernet device.
>
> here''s my network setup script, it lives in /etc/xen/scripts and
gets
> auto-executed when xend starts up.
>
> # cat my-network-script
> #!/bin/sh
> dir=$(dirname "$0")
> "$dir/network-bridge" "$@" vifnum=0 netdev=eth0
bridge=xenbr0
> "$dir/network-bridge" "$@" vifnum=1 netdev=eth1
bridge=xenbr1
> "$dir/network-bridge" "$@" vifnum=2 netdev=eth3
bridge=xenbr2
> "$dir/network-bridge" "$@" vifnum=3 netdev=dummy1
bridge=xenbr3
>
> bridge3 is my 100% virtual network, which exists only in the memory on
> the host and not on my physical network.  It''s connected to my
> phyiscal network via a firewall DomU which only allows certain traffic
> to cross over.
>
> I hope this helps!
>   
thank you very much,
sure it helps me :)

Before I tried to use custom my-network-script, but was not sure
how to configure it for this setup. With your working config I can try
again.

I will try it and post results.


Tom Lobato


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Maresa Nirwan escreveu:

  I followed this guide
http://wiki.xensource.com/xenwiki/XenNetworkingExamples.

One of the caveats that was making it not working for me is that in Xen
3.2, the default bridge name is the name of the physical network card.
E.g if you physical network card is eth0, then your bridge name is
eth0. (see
http://wiki.xensource.com/xenwiki/XenNetworking#head-708d4c55f42b5e2b866c06e1ae69530e8c748799)
and compare 3.1 and 3.2 networking, especially bridge name.

Once I realized that the bridge name is my physical NIC name instead of
xenbr0 or xenbr1, I was able to get them to work perfectly fine. The
VMs that only has Dummy0 bridge (the one with local IP) is then NAT so
that they can still access internet (for updates, installing packages,
etc).

There''s only 1 more caveat that I''m yet to solve: that is,
I''m loosing
source IP on the VMs. E.g. on my HTTP VM, when I access from remote, on
Apache''s access log, it is logged as connection from my Dom0 IP address
instead of the real source IP address. It happen for all connections,
not just HTTP.

Hope this helps.

MSN

Great!

you and Gordon helped me a lot.

Since I had to use multiple dummy interfaces, I found how to make it in
2.6 kernel (using option numdummies=3 for dummy module).

So, now Im running the exact scenario that I wanted:

4 domUs, 4 bridges (3 of that attached to dummy interfaces on dum0).

Thank you all very much!

Tom Lobato


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users