[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] iptables and ipvsadm in domU
On Tue, 2007-05-01 at 16:33 -0700, Fong Vang wrote: > The documentation for Xen mentions that iptables in dom0 may affect > domUs. If iptables and ipvsadm is heavily used in a domU, how does > this impact dom0? > > In my particular case, I want both dom0 and ONE domU (FW_domu) to be > visible to the external network (eth1). There will be several other > domU's that will be behind FW_domU). > > as far as the domUs are concerned, this is the layout. > > FW_domU > | > LB_domU > | > +-----+--+--------+ > | | | > domU1 domU2 domU3 I would combine the FW and LB. If this is just http/https load balancing try pound first, http://apsis.ch/pound/ . You will end up with far less moving parts that can break. Since this is all on one physical server, anyway, there isn't much sense in breaking them up. I'm not saying what you sketched won't work though. With only 3 nodes you shouldn't run into too much spaghetti. Odd breakage happens more when you have more nodes, and more NATing around the LB directly to the guests. Were you going to use a popular FW helper like Shorewall, or put something together yourself? Did you figure on using two bridges? > what's the best way to set this up. LB_domU runs LVS (ipvsadm). Is > this configuration even supported in Xen. Sure, as long as there is modular support for everything you want to do (and corresponding modules to load) on the dom-u for iptables, its no different than anything else for most purposes. Good luck :) --Tim _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |