Xen users - Nov 2008 - How to get eth0 & eth1 fox XEN domU''s?

Hi all,

How is it possible to get a eth0 & eth1 for a XEN domU? The reason I
ask, is that we need to monitor the bandwidth every XEN VPS uses, but
I don''t want to count local bandwidth between VPS''s, and
between the
VPS & backup server.

So, if all internet traffic gets routed on eth0, and IP rather
196.34.x.x & internal traffic on eth1 & 192.168.10.x - how would I do
that?

Currently when I look @ a domU, I have eth0, eth0:1 & eth0:2
(192.168.10.63) setup, but they all pass through the same interface
vifwise0 on the dom0 side,


vifwise0  Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF
          inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
          UP BROADCAST RUNNING NOARP  MTU:1500  Metric:1
          RX packets:1961043 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2521537 errors:0 dropped:4218 overruns:0 carrier:0
          collisions:0 txqueuelen:32
          RX bytes:4195421597 (3.9 GiB)  TX bytes:1075982597 (1.0 GiB)


So, from the 3.9BG traffice transmitted, we don''t know what is local
&
what is internet traffic. I''d like to completely segment the traffic,
how can I do that?

-- 

Kind Regards
Rudi Ahlers

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Hi Rudi,

Am Donnerstag, den 27.11.2008, 14:24 +0200 schrieb Rudi
Ahlers:
> Hi all,
> 
> How is it possible to get a eth0 & eth1 for a XEN domU?
jap,
>  The reason I
> ask, is that we need to monitor the bandwidth every XEN VPS uses, but
> I don''t want to count local bandwidth between VPS''s, and
between the
> VPS & backup server.
ok
> 
> So, if all internet traffic gets routed on eth0, and IP rather
> 196.34.x.x & internal traffic on eth1 & 192.168.10.x - how would I
do
> that?
fire up 2 bridges:
- xen-internal   (192.168.10.0)
- xen-external   (public IPs)

With this you can do separated traffic-accounting for internal and
external traffic.
> 
> Currently when I look @ a domU, I have eth0, eth0:1 & eth0:2
> (192.168.10.63) setup, but they all pass through the same interface
> vifwise0 on the dom0 side,
> 
> 
> vifwise0  Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF
>           inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
>           UP BROADCAST RUNNING NOARP  MTU:1500  Metric:1
>           RX packets:1961043 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:2521537 errors:0 dropped:4218 overruns:0 carrier:0
>           collisions:0 txqueuelen:32
>           RX bytes:4195421597 (3.9 GiB)  TX bytes:1075982597 (1.0 GiB)
> 
> 
> So, from the 3.9BG traffice transmitted, we don''t know what is
local &
> what is internet traffic. I''d like to completely segment the
traffic,
because theres no separation and every traffic is transmitted over this
bridge.
> how can I do that?
Im using traffic-accounting with iptables....


hth,

Thomas


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

On Thu, Nov 27, 2008 at 5:48 PM, Thomas Halinka <lists@thohal.de>
wrote:
> Hi Rudi,
>
> Am Donnerstag, den 27.11.2008, 14:24 +0200 schrieb Rudi Ahlers:
>> Hi all,
>>
>> How is it possible to get a eth0 & eth1 for a XEN domU?
>
> jap,
>
>>  The reason I
>> ask, is that we need to monitor the bandwidth every XEN VPS uses, but
>> I don''t want to count local bandwidth between VPS''s,
and between the
>> VPS & backup server.
>
> ok
>
>>
>> So, if all internet traffic gets routed on eth0, and IP rather
>> 196.34.x.x & internal traffic on eth1 & 192.168.10.x - how
would I do
>> that?
>
> fire up 2 bridges:
> - xen-internal   (192.168.10.0)
> - xen-external   (public IPs)
>
Can you please explain this to me in lay-man''s terms? How do I do this
on the dom0?
> With this you can do separated traffic-accounting for internal and
> external traffic.
>
>>
>> Currently when I look @ a domU, I have eth0, eth0:1 & eth0:2
>> (192.168.10.63) setup, but they all pass through the same interface
>> vifwise0 on the dom0 side,
>>
>>
>> vifwise0  Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF
>>           inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
>>           UP BROADCAST RUNNING NOARP  MTU:1500  Metric:1
>>           RX packets:1961043 errors:0 dropped:0 overruns:0 frame:0
>>           TX packets:2521537 errors:0 dropped:4218 overruns:0 carrier:0
>>           collisions:0 txqueuelen:32
>>           RX bytes:4195421597 (3.9 GiB)  TX bytes:1075982597 (1.0 GiB)
>>
>>
>> So, from the 3.9BG traffice transmitted, we don''t know what is
local &
>> what is internet traffic. I''d like to completely segment the
traffic,
>
> because theres no separation and every traffic is transmitted over this
> bridge.
>
>> how can I do that?
>
> Im using traffic-accounting with iptables....
How exactly do you do this?
>
>
> hth,
>
> Thomas
>
>


-- 

Kind Regards
Rudi Ahlers

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Am Freitag, den 28.11.2008, 00:53 +0200 schrieb Rudi
Ahlers:
> On Thu, Nov 27, 2008 at 5:48 PM, Thomas Halinka <lists@thohal.de>
wrote:
> > Hi Rudi,
> >
> > Am Donnerstag, den 27.11.2008, 14:24 +0200 schrieb Rudi Ahlers:
> >> Hi all,
> >>
> >> How is it possible to get a eth0 & eth1 for a XEN domU?
> >
> > jap,
> >
> >>  The reason I
> >> ask, is that we need to monitor the bandwidth every XEN VPS uses,
but
> >> I don''t want to count local bandwidth between
VPS''s, and between the
> >> VPS & backup server.
> >
> > ok
> >
> >>
> >> So, if all internet traffic gets routed on eth0, and IP rather
> >> 196.34.x.x & internal traffic on eth1 & 192.168.10.x - how
would I do
> >> that?
> >
> > fire up 2 bridges:
> > - xen-internal   (192.168.10.0)
> > - xen-external   (public IPs)
> >
> 
> Can you please explain this to me in lay-man''s terms? How do I do
this
> on the dom0?
Supposing you have 2 Nics: eth0 and eth1

eth0 = internet/router/outer-world
eth1 = lan /private-net

in dom0:
cat /etc/network/interfaces 
# /etc/network/interfaces - network interfaces configuration

# loopback interface

auto lo
iface lo inet loopback

# ethernet interface

auto eth0
auto eth1

auto external
iface external inet static
        address 192.34.x.x
	netmask 255.255.255.0
        bridge_ports eth0
        bridge_fd 0
        bridge_hello 2
        bridge_maxage 12
        bridge_stp off

auto internal
iface internal inet static
        address 192.168.10.x
	netmask 255.255.255.0
        bridge_ports eth1
        bridge_fd 0
        bridge_hello 2
        bridge_maxage 12
        bridge_stp off


domu.cfg:
vif         [
''ip=196.34.x.x,mac=00:16:3E:1B:D8:8D,bridge=external'',''ip=192.168.10.3,mac=00:16:3E:1B:D8:84,bridge=internal''
]


eth1 is not really needed, you also can use dummy-devices too.
> 
> > With this you can do separated traffic-accounting for internal and
> > external traffic.
> >
> >>
> >> Currently when I look @ a domU, I have eth0, eth0:1 & eth0:2
> >> (192.168.10.63) setup, but they all pass through the same
interface
> >> vifwise0 on the dom0 side,
> >>
> >>
> >> vifwise0  Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF
> >>           inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
> >>           UP BROADCAST RUNNING NOARP  MTU:1500  Metric:1
> >>           RX packets:1961043 errors:0 dropped:0 overruns:0 frame:0
> >>           TX packets:2521537 errors:0 dropped:4218 overruns:0
carrier:0
> >>           collisions:0 txqueuelen:32
> >>           RX bytes:4195421597 (3.9 GiB)  TX bytes:1075982597 (1.0
GiB)
> >>
> >>
> >> So, from the 3.9BG traffice transmitted, we don''t know
what is local &
> >> what is internet traffic. I''d like to completely segment
the traffic,
> >
> > because theres no separation and every traffic is transmitted over
this
> > bridge.
> >
> >> how can I do that?
> >
> > Im using traffic-accounting with iptables....
> 
> How exactly do you do this?
counting the packets which are transferred over the external-bridge ;)

since my external bridge is the gateway for the hosts this was not a
huge problem....
> >
> >
> > hth,
> >
> > Thomas

Thomas


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

On Fri, Nov 28, 2008 at 1:29 AM, Thomas Halinka <lists@thohal.de>
wrote:
> Am Freitag, den 28.11.2008, 00:53 +0200 schrieb Rudi Ahlers:
>> On Thu, Nov 27, 2008 at 5:48 PM, Thomas Halinka <lists@thohal.de>
wrote:
>> > Hi Rudi,
>> >
>> > Am Donnerstag, den 27.11.2008, 14:24 +0200 schrieb Rudi Ahlers:
>> >> Hi all,
>> >>
>> >> How is it possible to get a eth0 & eth1 for a XEN domU?
>> >
>> > jap,
>> >
>> >>  The reason I
>> >> ask, is that we need to monitor the bandwidth every XEN VPS
uses, but
>> >> I don''t want to count local bandwidth between
VPS''s, and between the
>> >> VPS & backup server.
>> >
>> > ok
>> >
>> >>
>> >> So, if all internet traffic gets routed on eth0, and IP rather
>> >> 196.34.x.x & internal traffic on eth1 & 192.168.10.x -
how would I do
>> >> that?
>> >
>> > fire up 2 bridges:
>> > - xen-internal   (192.168.10.0)
>> > - xen-external   (public IPs)
>> >
>>
>> Can you please explain this to me in lay-man''s terms? How do I
do this
>> on the dom0?
>
> Supposing you have 2 Nics: eth0 and eth1
>
> eth0 = internet/router/outer-world
> eth1 = lan /private-net
>
> in dom0:
> cat /etc/network/interfaces
> # /etc/network/interfaces - network interfaces configuration
>
> # loopback interface
>
> auto lo
> iface lo inet loopback
>
> # ethernet interface
>
> auto eth0
> auto eth1
>
> auto external
> iface external inet static
>        address 192.34.x.x
>        netmask 255.255.255.0
>        bridge_ports eth0
>        bridge_fd 0
>        bridge_hello 2
>        bridge_maxage 12
>        bridge_stp off
>
> auto internal
> iface internal inet static
>        address 192.168.10.x
>        netmask 255.255.255.0
>        bridge_ports eth1
>        bridge_fd 0
>        bridge_hello 2
>        bridge_maxage 12
>        bridge_stp off
>
>
> domu.cfg:
> vif         > [
''ip=196.34.x.x,mac=00:16:3E:1B:D8:8D,bridge=external'',''ip=192.168.10.3,mac=00:16:3E:1B:D8:84,bridge=internal''
]
>
>
> eth1 is not really needed, you also can use dummy-devices too.
>
>>
>> > With this you can do separated traffic-accounting for internal and
>> > external traffic.
>> >
>> >>
>> >> Currently when I look @ a domU, I have eth0, eth0:1 &
eth0:2
>> >> (192.168.10.63) setup, but they all pass through the same
interface
>> >> vifwise0 on the dom0 side,
>> >>
>> >>
>> >> vifwise0  Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF
>> >>           inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
>> >>           UP BROADCAST RUNNING NOARP  MTU:1500  Metric:1
>> >>           RX packets:1961043 errors:0 dropped:0 overruns:0
frame:0
>> >>           TX packets:2521537 errors:0 dropped:4218 overruns:0
carrier:0
>> >>           collisions:0 txqueuelen:32
>> >>           RX bytes:4195421597 (3.9 GiB)  TX bytes:1075982597
(1.0 GiB)
>> >>
>> >>
>> >> So, from the 3.9BG traffice transmitted, we don''t
know what is local &
>> >> what is internet traffic. I''d like to completely
segment the traffic,
>> >
>> > because theres no separation and every traffic is transmitted over
this
>> > bridge.
>> >
>> >> how can I do that?
>> >
>> > Im using traffic-accounting with iptables....
>>
>> How exactly do you do this?
>
> counting the packets which are transferred over the external-bridge ;)
>
> since my external bridge is the gateway for the hosts this was not a
> huge problem....
>
>> >
>> >
>> > hth,
>> >
>> > Thomas
>
>
> Thomas
>
>


Hi Thomas,

You kinda lost me a bit on this one. I use CentOS, so the config files
look a bit different. Let''s stick to the more generic interface names.
So, if I have eth0 & eth1, how do I tell XEN to use those?

-- 

Kind Regards
Rudi Ahlers

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Hi Rudi,
> Hi Thomas,
> 
> You kinda lost me a bit on this one. I use CentOS, so the config files
> look a bit different. 
yap - on rh/centos these files resist
in /etc/sysconfig/network-scripts/ifcfg-xyz

> Let''s stick to the more generic interface names.
> So, if I have eth0 & eth1, how do I tell XEN to use those?
But I think the easiest way is to use a custom-network-script. e.g.

# vim /etc/xen/script/network-2bridges
------------------
#!/bin/sh
dir=$(dirname "$0")
"$dir/network-bridge" "$@" vifnum=0 netdev=eth0 bridge=eth0
"$dir/network-bridge" "$@" vifnum=1 netdev=eth1 bridge=eth1
--------------------

chmod +x /etc/xen/script/network-2bridges

edit /etc/xen/xend-config.sxp
---------
(network-script network-2bridges)
--------
and restart xen.

then you can use these bridges in xen-domu-config, e.g.
.....
vif         = [ ''mac=00:16:3E:A0:C5:13,bridge=eth0'',
''mac
=00:16:3E:2F:1F:A6,bridge=eth1'' ]


hth,

Thomas



_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users