Hi, I am new to the Xen Networking and how it works. I have a very basic question about it, over which I am confused since last few days :( Is it possible to configure various virtual machines(domU(s)) running on the same xen hypervisor(dom0) such that they exist in different subnets? Any pointers will be very helpful !! Thanks, Sachin. _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
On Thu, 2009-12-17 at 13:10 -0800, Sachin Goel wrote:> Hi,hi,> Is it possible to configure various virtual machines(domU(s)) running on the same xen hypervisor(dom0) such that they exist in different subnets?sure.> Any pointers will be very helpful !!you might want to start here: http://wiki.xensource.com/xenwiki/HowTos hth, tom. -- Thomas "Duke" Hager duke@sigsegv.at GPG: 1024D/D27F858C http://www.sigsegv.at/gpg/duke.gpg ================================================================"Never Underestimate the Power of Stupid People in Large Groups." _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
On Thu, Dec 17, 2009 at 1:10 PM, Sachin Goel <SACHIN.GOEL@oracle.com> wrote:> I am new to the Xen Networking and how it works. I have a very basic > question about it, over which I am confused since last few days :( > > Is it possible to configure various virtual machines(domU(s)) running on > the same xen hypervisor(dom0) such that they exist in different subnets? > > Any pointers will be very helpful !! > > If you want multiple physical subnets, just create multiple bridges, andconnect each one to a different switch. Then assign each DomU to a separate bridge. If you want multiple logical subnets, just assign them all to the same bridge, but set the guest IPs as needed. Bridges work at the ethernet level, below the IP, so there''s nothing special needed. -- Freddie Cash fjwcash@gmail.com _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Hi, Thanks everybody for your replies. Freddie, Isn''t it possible that with only one bridge we have the virtual machines in different physical subnets, if the gateway is configured to handle that ? Thanks, Sachin. ----- Original Message ----- From: fjwcash@gmail.com To: xen-users@lists.xensource.com Sent: Friday, December 18, 2009 3:11:50 AM GMT +05:30 Chennai, Kolkata, Mumbai, New Delhi Subject: Re: [Xen-users] DomU(s) in different subnets On Thu, Dec 17, 2009 at 1:10 PM, Sachin Goel < SACHIN.GOEL@oracle.com > wrote: I am new to the Xen Networking and how it works. I have a very basic question about it, over which I am confused since last few days :( Is it possible to configure various virtual machines(domU(s)) running on the same xen hypervisor(dom0) such that they exist in different subnets? Any pointers will be very helpful !! If you want multiple physical subnets, just create multiple bridges, and connect each one to a different switch. Then assign each DomU to a separate bridge. If you want multiple logical subnets, just assign them all to the same bridge, but set the guest IPs as needed. Bridges work at the ethernet level, below the IP, so there''s nothing special needed. -- Freddie Cash fjwcash@gmail.com _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
On Thu, Dec 17, 2009 at 1:59 PM, Sachin Goel <SACHIN.GOEL@oracle.com> wrote:> Isn''t it possible that with only one bridge we have the virtual machines in > different physical subnets, if the gateway is configured to handle that ? >With only 1 bridge, you only have 1 physical network connection, thus you only have 1 physical network. You can have multiple logical subnets configured to use that network (192.168.0.0/24, 192.168.1.0/24, 192.168.2.0/24, etc). But it''s only 1 physical subnet. (Although, I guess "subnet" is the wrong terminology here.) -- Freddie Cash fjwcash@gmail.com _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Yes you, We do it and it works fine From: xen-users-bounces@lists.xensource.com [mailto:xen-users-bounces@lists.xensource.com] On Behalf Of Sachin Goel Sent: 17 December 2009 22:00 To: fjwcash@gmail.com Cc: xen-users@lists.xensource.com Subject: Re: [Xen-users] DomU(s) in different subnets Hi, Thanks everybody for your replies. Freddie, Isn't it possible that with only one bridge we have the virtual machines in different physical subnets, if the gateway is configured to handle that ? Thanks, Sachin. ----- Original Message ----- From: fjwcash@gmail.com To: xen-users@lists.xensource.com Sent: Friday, December 18, 2009 3:11:50 AM GMT +05:30 Chennai, Kolkata, Mumbai, New Delhi Subject: Re: [Xen-users] DomU(s) in different subnets On Thu, Dec 17, 2009 at 1:10 PM, Sachin Goel <SACHIN.GOEL@oracle.com> wrote: I am new to the Xen Networking and how it works. I have a very basic question about it, over which I am confused since last few days :( Is it possible to configure various virtual machines(domU(s)) running on the same xen hypervisor(dom0) such that they exist in different subnets? Any pointers will be very helpful !! If you want multiple physical subnets, just create multiple bridges, and connect each one to a different switch. Then assign each DomU to a separate bridge. If you want multiple logical subnets, just assign them all to the same bridge, but set the guest IPs as needed. Bridges work at the ethernet level, below the IP, so there's nothing special needed. -- Freddie Cash fjwcash@gmail.com _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Fajar A. Nugraha
2009-Dec-18 14:26 UTC
Re: [SPAM] Re: [Xen-users] DomU(s) in different subnets
On Fri, Dec 18, 2009 at 5:07 AM, Freddie Cash <fjwcash@gmail.com> wrote:> On Thu, Dec 17, 2009 at 1:59 PM, Sachin Goel <SACHIN.GOEL@oracle.com> wrote: >> >> Isn''t it possible that with only one bridge we have the virtual machines >> in different physical subnets, if the gateway is configured to handle that ? > > With only 1 bridge, you only have 1 physical network connection, thus you > only have 1 physical network. You can have multiple logical subnets > configured to use that network (192.168.0.0/24, 192.168.1.0/24, > 192.168.2.0/24, etc). But it''s only 1 physical subnet. (Although, I guess > "subnet" is the wrong terminology here.)I believe the correct term is "ethernet broadcast domain" instead of "physical subnet". With that setup, if you assign a domU to be on 192.168.1.0/24, then it can simply add an IP address located on 192.168.2.0/24 (or others) since the traffic will be on the same ethernet broadcast domain. Not good in terms of security. IMHO a better approach is to use vlans. That is : - you have one (or more) uplink interface from dom0 to switch/router, configured as trunk with multiple allowed vlans. For this example, lets assume there are 11 vlans, 10 - 20. Each of those vlans are connected to existing network, with existing gateway. vlan10 is used by 192.168.0.0/24, vlan11 is used by 192.168.1.0/24, and so on. If you have more than one interface, you can configure them to use bonding - you assign one IP for dom0 in one of those vlans (lets assume this is vlan 10). This will be used for dom0 management. - you create bridges (lets call this br11 - br20) for other vlans in dom0 (vlan 11-20), but do NOT assign IP address on dom0 for those bridges - assign domUs to one of those bridges as necessary. In this networking setup, dom0 functions just like a L2 switch. This is what I use on my setup. This setup is better because a domU located on 192.168.1.0/24 can''t just use an IP address on 192.168.2.0/24 since they''d be on different vlans (thus different ethernet broadcast domain) -- Fajar _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users