I''ve found xen networking quite hard to get the hang of and would appreciate some pointers in the right direction on how to network domUs into their own private networks across multiple servers. There are, say, 5 guests on one machine and 5 on another but I would like to be able to allow them to only ''see'' fellow guests which are linked to their virtual network. At the moment all guests can contact each other - they''re on the same network. I understand this could be achieved with vlans and whilst I''ve used these before outside of Xen, I''m unsure of how to do so within xen''s networking system. I''m sure my query isn''t uncommon and so was hoping that someone would know of an easier way in which what I want can be achieved using pure Xen functionality. _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Jonathan Dye
2010-Jun-29 19:51 UTC
Re: [Xen-users] Private Networks between domUs on multiple hosts
ive not done it with xen, but i''ve had similar thoughts: - if you''re running xVM or xen on a solaris dom0 try crossbow - configure a tagged vlan interface on the hypervisor, and presentto the domU (i.e. eth0.1). then set the MTU down accordingly ----- Original Message ----- From: "Joe" <cycloned@me.com> To: xen-users@lists.xensource.com Sent: Tuesday, June 29, 2010 1:35:16 PM Subject: [Xen-users] Private Networks between domUs on multiple hosts I''ve found xen networking quite hard to get the hang of and would appreciate some pointers in the right direction on how to network domUs into their own private networks across multiple servers. There are, say, 5 guests on one machine and 5 on another but I would like to be able to allow them to only ''see'' fellow guests which are linked to their virtual network. At the moment all guests can contact each other - they''re on the same network. I understand this could be achieved with vlans and whilst I''ve used these before outside of Xen, I''m unsure of how to do so within xen''s networking system. I''m sure my query isn''t uncommon and so was hoping that someone would know of an easier way in which what I want can be achieved using pure Xen functionality. _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Jeff Sturm
2010-Jun-29 21:41 UTC
RE: [Xen-users] Private Networks between domUs on multiple hosts
> -----Original Message----- > From: xen-users-bounces@lists.xensource.com [mailto:xen-users- > bounces@lists.xensource.com] On Behalf Of Joe > Sent: Tuesday, June 29, 2010 3:35 PM > To: xen-users@lists.xensource.com > Subject: [Xen-users] Private Networks between domUs on multiple hosts > > I''ve found xen networking quite hard to get the hang of and wouldappreciate some> pointers in the right direction on how to network domUs into their ownprivate networks> across multiple servers. There are, say, 5 guests on one machine and 5on another but> I would like to be able to allow them to only ''see'' fellow guestswhich are linked to their> virtual network. At the moment all guests can contact each other -they''re on the> same network.Xen networking isn''t so bad once you understand Linux networking (bridging). I like to short-circuit network-script with something like: (network-script /bin/true) in xend-config.sxp so I can configure bridges and interfaces on my own.> I understand this could be achieved with vlans and whilst I''ve usedthese before> outside of Xen, I''m unsure of how to do so within xen''s networkingsystem. I''m sure> my query isn''t uncommon and so was hoping that someone would know ofan easier> way in which what I want can be achieved using pure Xen functionality.On CentOS, I''ll paste a few configs that should be enough to get you started. In the domU config: vif = [ ''mac=00:16:3E:5E:A2:5C,bridge=public, ''mac=00:16:3E:77:64:14,bridge=private'' ] (In this example the domU has two interfaces, eth0 is routed to the public internet, eth1 private amongst domU''s.) In the bridge config: # cd /etc/sysconfig/network-scripts # cat ifcfg-private DEVICE=private TYPE=Bridge BOOTPROTO=none ONBOOT=yes In the VLAN config: # cat ifcfg-eth1 DEVICE=eth1 BOOTPROTO=static ONBOOT=yes # cat ifcfg-eth1.2001 DEVICE=eth1.2001 BRIDGE=private Each domU can talk to the other domU''s over eth1, and the dom0''s bridge this traffic over VLAN # 2001. The private bridge does not have an IP address, so the dom0 is not reachable from the private network--it only bridges traffic. -Jeff _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users