xe vm-migrate is forced to use management network only for live migration but now since XAPI works on 0.0.0.0 can we have network as a parameter to it so that we could decide on fastest available way ? VM RAM is getting bigger day by day
:)
That reminds me of another reason for making this change
J This is indeed possible in 1.6, but you have to use the storage-motion style of vm-migrate. Try
specifying “remote-master”, “ remote-username”, and “remote-password” as the local master’s details (yes, I know…), and also specify “remote-network” as the UUID of the network you want to send the migration data over.
On many of our hosts, we need to use routed network for the guests. These guests have their gateway as host which is exposed to internet.
Since adding a routed gateway is done by the admins on the fly (which sometimes require alteration to iptables ), it is a threat to rely on iptables to be always correct and intact for management.
Our management tools talk to XAPI on 80 (rrd) & 443(mgmt) which I felt safe as no guest could sniff it even if being in promiscuous mode. Guest carry internet traffic as well as DOS attack which cant be trusted.
May be you can shed some light on it.
I am not sure if I understand you correctly, but I don’t think you actually need a second IP address in dom0 for this use case. Can you dedicate a NIC to guest
traffic only, and not put a dom0 IP address on it (ip-configuration-mode = none)? This way, dom0 just acts as a layer-2 switch, and you can use an external gateway for routing.
Cheers,
Rob
