Xen users - Mar 2009 - Server with 2 NICS; connect domU to outside & vlan

Hi *

First of all, let me say that I  have almost no knowledge about how 
networks works. I must fill this gap soon.
So, don''t feel obliged to completely answer my question(s). I only 
expect some tips/clues to start with.

What I have:
1) A dom0 server with 2 NIC cards (eth0, eth1), running centOS52 xen 3.2.
2) A switch to a VLAN with several physical machines (already up and 
running).

What I need:
1) A domU with a static IP and also connected to the VLAN.

My plan:
1) use dom0 eth0 to connect to the outside world; domU will use it also 
to connect to the outside (this is the default anyway).
2) use dom0 eth1 to connect domU to the switch connected to the VLAN.

Do not know if this makes much sense, it makes to me at least,.

My progress:
Till now, all my created domU''s (each with a static IP) were connecting
to the web through xenbr0. The second NIC on dom0 was not being used at 
all. The xen config file pointed to xenbr0, and I only had to change 
inside the domU the network configurations (/etc/sysconfig/network and 
/etc/sysconfig/network-scripts-eth0). An ifconfig on the host shows me 
the following network components (deleted not so important stuff):

[root@dom0 ~]# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:E0:81:4D:30:D0
          inet addr:132.212.155.68  Bcast:132.212.155.255  
Mask:255.255.255.0
          inet6 addr: fe80::2e0:81ff:fe4d:30d0/64 Scope:Link
         
lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
         
peth0     Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF
          inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
         
vif0.0    Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF
          inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
         
virbr0    Link encap:Ethernet  HWaddr 00:00:00:00:00:00
          inet addr:192.168.122.1  Bcast:192.168.122.255  Mask:255.255.255.0
          inet6 addr: fe80::200:ff:fe00:0/64 Scope:Link
         
xenbr0    Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF



If I activate the 2nd dom0 NIC and connect it to the switch of the VLAN, 
after a dom0 reboot I have:

[root@dom0 ~]# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:E0:81:4D:30:D0
          inet addr:132.212.155.68  Bcast:132.212.155.255  
Mask:255.255.255.0
          inet6 addr: fe80::2e0:81ff:fe4d:30d0/64 Scope:Link
         
eth0      Link encap:Ethernet  HWaddr 00:E0:81:4D:30:D1
          inet addr:10.0.0.49  Bcast:10.0.0.255  Mask:255.255.255.0
         
lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
         
peth1     Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF
    
vif0.1    Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF
         
virbr0    Link encap:Ethernet  HWaddr 00:00:00:00:00:00
          inet addr:192.168.122.1  Bcast:192.168.122.255  Mask:255.255.255.0
          inet6 addr: fe80::200:ff:fe00:0/64 Scope:Link
         
xenbr1    Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF
         

So it seems that the dom0 is well configured, both to the outside world 
and to the VLAN. Though I thought 2 xen bridges should appear ... one 
for each NIC card?

I booted a domU (after changing in the xen cfg file xenbr0 to xenbr1) 
created is this machine (when the eth1 was still inactivated) and I had 
problems because Kudzu detected a change in the network configuration. 
So probably, I should create the domU when both dom0 NIC cards are 
active, right?

How can I accomplish my 2 goals above on "My plans" section?
Any insights for me to start playing?

Sorry for such long e-mail, and thanks for your reading.
Cheers,
N.






-- 
=============================================Nuno Ricardo Santos Loureiro da
Silva Ferreira

NMR Spectroscopy Research Group
Bijvoet Center for Biomolecular Research
Utrecht University
Bloembergen gebouw
Padualaan 8, 3584 CH Utrecht
The Netherlands

P: +31.(0)30.253 9932
F: +31.(0)30.253 2652
E: n.l.ferreira@uu.nl
W: http://nmr.chem.uu.nl
=============================================

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

I mistake, while copying, pasting and editing. The second eth0 entry in 
the following part is obviously eth1.
Cheers,
N.
> If I activate the 2nd dom0 NIC and connect it to the switch of the 
> VLAN, after a dom0 reboot I have:
>
> [root@dom0 ~]# ifconfig
> eth0      Link encap:Ethernet  HWaddr 00:E0:81:4D:30:D0
>          inet addr:132.212.155.68  Bcast:132.212.155.255  
> Mask:255.255.255.0
>          inet6 addr: fe80::2e0:81ff:fe4d:30d0/64 Scope:Link
>         eth0      Link encap:Ethernet  HWaddr 00:E0:81:4D:30:D1
>          inet addr:10.0.0.49  Bcast:10.0.0.255  Mask:255.255.255.0
>         lo        Link encap:Local Loopback
>          inet addr:127.0.0.1  Mask:255.0.0.0
>          inet6 addr: ::1/128 Scope:Host
>         peth1     Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF
>    vif0.1    Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF
>         virbr0    Link encap:Ethernet  HWaddr 00:00:00:00:00:00
>          inet addr:192.168.122.1  Bcast:192.168.122.255  
> Mask:255.255.255.0
>          inet6 addr: fe80::200:ff:fe00:0/64 Scope:Link
>         xenbr1    Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF

-- 
=============================================Nuno Ricardo Santos Loureiro da
Silva Ferreira

NMR Spectroscopy Research Group
Bijvoet Center for Biomolecular Research
Utrecht University
Bloembergen gebouw
Padualaan 8, 3584 CH Utrecht
The Netherlands

P: +31.(0)30.253 9932
F: +31.(0)30.253 2652
E: n.l.ferreira@uu.nl
W: http://nmr.chem.uu.nl
=============================================

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Hey all,

Here is a pic to "better" show my questions. I did not depicted the
bridges inside dom0, since I''m still learning what they are ...

+------------------+
| dom0             |
|                  |
| +-------+        | eth0
| |       |------->+--------WWW
| | domU  |        |
| |       |        |        +--------+
| |       |------->+--------| switch |-- VPN
| +-------+        | eth1   +--------+
+------------------+

Any suggestions about xen config files on how to implement this? Again, I do not
know if this is the better way of doing it.
My goal is to have a domU with a static IP but also able to communicate with a
virtual private network, to improve performance communication.

Cheers,
Nuno

P.S. CentOS52 by default brings xen 3.1.2 (xm info).

=============================================Nuno Ricardo Santos Loureiro da
Silva Ferreira

NMR Spectroscopy Research Group
Bijvoet Center for Biomolecular Research
Utrecht University
Bloembergen gebouw
Padualaan 8, 3584 CH Utrecht
The Netherlands

P: +31.(0)30.253 9932
F: +31.(0)30.253 2652
E: n.l.ferreira@uu.nl
W: http://nmr.chem.uu.nl
=============================================


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Hi Ferreira,

Am Montag, den 30.03.2009, 14:43 +0200 schrieb Ferreira, N. L.
(Nuno):
> Hi *
> 
> First of all, let me say that I have almost no knowledge about how 
> networks works. I must fill this gap soon.
> So, don''t feel obliged to completely answer my question(s). I only
> expect some tips/clues to start with.
> 
> What I have:
> 1) A dom0 server with 2 NIC cards (eth0, eth1), running centOS52 xen
> 3.2.
> 2) A switch to a VLAN with several physical machines (already up and 
> running).
> 
> What I need:
> 1) A domU with a static IP and also connected to the VLAN.
you need to write your own networking-script to use 2 bridges.

# vim /etc/xen/scripts/network-2nics

#!/bin/bash
/etc/xen/scripts/network-bridge $1 netdev=eth0 bridge=xenbr0 vifnum=0
/etc/xen/scripts/network-bridge $1 netdev=eth1 bridge=xenbr1 vifnum=1

# chmod a+x /etc/xen/scripts/network-2nics

edit xend-confix.sxp

and finally restart xend.

To use 2 bridges/NICs into your guests, just use something like:

vif         = [
''ip=xxx.yyy.zzz.228,mac=00:01:ad:13:04:05,bridge=xenbr0'',''ip=10.0.57.228,mac=00:16:3E:3C:B3:FC,bridge=xenbr1''
]
> My plan:
> 1) use dom0 eth0 to connect to the outside world; domU will use it also 
> to connect to the outside (this is the default anyway).
> 2) use dom0 eth1 to connect domU to the switch connected to the VLAN.
> 
> Do not know if this makes much sense, it makes to me at least,.
So:

- do you want to NATting in dom0? ---> use network-nat ;)
- Or do you want a router in domU ---> follow the above
:-)
> 
> My progress:
> Till now, all my created domU''s (each with a static IP) were
connecting
> to the web through xenbr0. The second NIC on dom0 was not being used at 
> all. The xen config file pointed to xenbr0, and I only had to change 
> inside the domU the network configurations (/etc/sysconfig/network and 
> /etc/sysconfig/network-scripts-eth0). An ifconfig on the host shows me 
> the following network components (deleted not so important stuff):
> 
> [root@dom0 ~]# ifconfig
> eth0      Link encap:Ethernet  HWaddr 00:E0:81:4D:30:D0
....  it''s not a good idea to post your public-ips :-)
> xenbr1    Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF
>          
> 
> So it seems that the dom0 is well configured, both to the outside world 
> and to the VLAN. Though I thought 2 xen bridges should appear ... one 
> for each NIC card?
yap, but the standard-network-script wont do this 4 you.
> 
> I booted a domU (after changing in the xen cfg file xenbr0 to xenbr1) 
> created is this machine (when the eth1 was still inactivated) and I had 
> problems because Kudzu detected a change in the network configuration. 
> So probably, I should create the domU when both dom0 NIC cards are 
> active, right?
yap. if i understand you right, you wand to use a domU as router?

So you need _a_ domU with 2 nics (connected to internal _and_ external
bridge), whcich does the job for you.
> 
> How can I accomplish my 2 goals above on "My plans" section?
> Any insights for me to start playing?
> 
> Sorry for such long e-mail, and thanks for your reading.
> Cheers,
> N.
hth,

Thomas


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Hey Thomas


-----Original Message-----
From: Thomas Halinka [mailto:lists@thohal.de]
Sent: Mon 30-Mar-09 10:44 PM
To: Ferreira, N.L.
Cc: xen-users
Subject: Re: [Xen-users] Server with 2 NICS; connect domU to outside & vlan
 
> 
> What I have:
> 1) A dom0 server with 2 NIC cards (eth0, eth1), running centOS52 xen
> 3.2.
> 2) A switch to a VLAN with several physical machines (already up and 
> running).
> 
> What I need:
> 1) A domU with a static IP and also connected to the VLAN.
|you need to write your own networking-script to use 2 bridges.
|
|# vim /etc/xen/scripts/network-2nics
|
|#!/bin/bash
|/etc/xen/scripts/network-bridge $1 netdev=eth0 bridge=xenbr0 vifnum=0
|/etc/xen/scripts/network-bridge $1 netdev=eth1 bridge=xenbr1 vifnum=1
|
|# chmod a+x /etc/xen/scripts/network-2nics
|
|edit xend-confix.sxp
|
|and finally restart xend.
|
|To use 2 bridges/NICs into your guests, just use something like:
|
|vif         = [
|''ip=xxx.yyy.zzz.228,mac=00:01:ad:13:04:05,bridge=xenbr0'',''ip=10.0.57.228,mac=00:16:3E:3C:B3:FC,bridge=xenbr1''
|]

So if I understood correctly, this creates 2 bridges, one per dom0 NIC.
Then, domU interacts with these two bridges, giving the right IP''s and
MAC addresses.

About the xend-confix.sxp edition (next lines), are they correct?:

[... snipped ...]
#(network-script network-bridge)
(network-script ''network-2nics'')
[... snipped ...]


> My plan:
> 1) use dom0 eth0 to connect to the outside world; domU will use it also 
> to connect to the outside (this is the default anyway).
> 2) use dom0 eth1 to connect domU to the switch connected to the VLAN.
> 
> Do not know if this makes much sense, it makes to me at least,.
|So:
|
|- do you want to NATting in dom0? ---> use network-nat ;)
|- Or do you want a router in domU ---> follow the above :-)
|

Can''t comment on that. Only trying to put 2 NICs working such that a
domU can use them. And at the same time, learning a lot but having to put effort
on this task.
> 
> My progress:
> [root@dom0 ~]# ifconfig
> eth0      Link encap:Ethernet  HWaddr 00:E0:81:4D:30:D0
|
|....  it''s not a good idea to post your public-ips :-)
|

Thanks for the tip.
Those were not my public ips. Scrambled them, maintaining only the logic.
xxx.xxx.... would be more appropriated nevertheless.
> xenbr1    Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF
>          
> 
> So it seems that the dom0 is well configured, both to the outside world 
> and to the VLAN. Though I thought 2 xen bridges should appear ... one 
> for each NIC card?
|
|yap, but the standard-network-script wont do this 4 you.
|

Got it. Already answered by you a few lines above
> 
> I booted a domU (after changing in the xen cfg file xenbr0 to xenbr1) 
> created is this machine (when the eth1 was still inactivated) and I had 
> problems because Kudzu detected a change in the network configuration. 
> So probably, I should create the domU when both dom0 NIC cards are 
> active, right?
|
|yap. if i understand you right, you wand to use a domU as router?
|
|So you need _a_ domU with 2 nics (connected to internal _and_ external
|bridge), whcich does the job for you.
|

Again, I feel a bit dumb here. Have to read more about bridges, routers,
NAT''s and so on.
But yes, the goal is to have domU with 2 NICS. So I thought that if dom0 has 2
physical NICS, I could use both for network performance, and to pin dom0 eth0 to
the corresponding one at the domU, and the same for the 2nd NIC.

Going from the wet-lab to this in-silico IT crazy world, is per se an odyssey.

Thanks for your time.
Nuno



_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users