|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] AW: [Xen-users] multiple nic's with vlan -> bridge or bridge -> vlan
For security eth0 ? vlan's ? bridge's ? domU's it's "maybe" a better solution. Becose i have problem to run this configuration. There is for each vlan (mtu 1496) a bridge. Something is not running for such networkconfigs. I'm not sure about the traffic between bridge and domU. Is there 8021q traffic or not ? Becose 8021q traffic i have to the dom0 vlan's, and from there ? The other way, bridge-vlan's is working fin with mtu 1496. With tcpdump inside domU i can sea all available vlan numbers with the subnet information. It's running but not secure. Thomas > -----Ursprüngliche Nachricht----- > Von: xen-users-bounces@xxxxxxxxxxxxxxxxxxx [mailto:xen-users- > bounces@xxxxxxxxxxxxxxxxxxx] Im Auftrag von Javier Guerra > Gesendet: Donnerstag, 14. September 2006 14:53 > An: xen-users@xxxxxxxxxxxxxxxxxxx > Betreff: Re: [Xen-users] multiple nic's with vlan -> bridge or bridge -> > vlan > > On Thursday 14 September 2006 4:14 am, Molle Bestefich wrote: > > thomas.vonsteiger@xxxxxxxxxx wrote: > > > eth0 ? vlan's ? bridge's ? domU's > > > eth1 ? vlan's ? bridge's ? domU's > > > > > > or > > > > > > eth0 - bridge ? vlan's ?domU's > > > eth1 - bridge ? vlan's ?domU's > > > > Assuming from your ASCII drawing that you terminate your VLANs inside > > the domu's in the second configuration, I'd go with the first > > configuration from a security point of view. > > apart from termination worries, the second setup usually has problems. > mainly > because it's better to put the physical eth's MTU to 1504, but the bridges > usually choke with MTUs bigger than 1500 > > -- > Javier _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |