[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Multiple VMs - one static routable IP address



only have one routable IP address however. I need to service ports: 22, 25, 80, 110, and 443
your going to have problems with 22, 110 and 443. You can potentially do it for port 80, but yuo would have to service the request on the host. THis is going to be the same for all the virtual machines if you have non routable addresses, no real way around it. You could possible try ipv6 - but then your client would have to use ipv6 (both of you can use the ipv4 in ipv6 ability)

Thanks for the reply Alex!

Ports 80 and 443 I'm not terribly worried about. Apache in proxy mode gets around that simple enough. It'd mean an additional install of Apache, but that's not a terribly big deal nor a deal breaker for me.

Well, I'm honestly not familiar enough with ipv6 to know how to do anything differently. I'm no stranger to tcp/ip stacks, but I haven't even dabbed a toe in the ipv6 pool.

How does the S390 hosting guys do this sort of thing? They can't really be using routable IP addresses for everything? I realize this is more a networking question than a VM question, but I figured there would be some sort of soft router type functionality built into the solution (just like there is for the bridging and such) to address the complication of it now being multiple machines. I can't be the only guy who does hosting on a business class DSL line, but with only one routable IP.

Maybe the solution is to spin up a DomU as the firewall and put the apache in proxy mode there, as well as a sendmail MTA router to the 10-net behind it. Ports 22 (sshd) and 110 (ipop3) are easy enough to configure around and just give a different port to every VM. The only real sticking point was port 25 really. My sendmail kung-fu just isn't that strong for a multiple machine environment. Everything I've ever done is with one server, and multiple backup MX's.

I just keep coming back to the original question tho, what do the big VM environments do when they have hundreds or more VM's... are they really using up hundreds of routable IP addresses? Really?

Originally I was planning on putting all my own personal websites and email on Domain-0, as well as an iptables based firewall. Having read more, seems like the recommendation is to keep Domain-0 behind a DomU where the firewall runs. Makes sense, and doesn't seem difficult to do... just a new paradigm for me. I've always only had one server, and it did everything and anything. I love the idea of breaking it all up from a security and manageability standpoint... just not sure what to do about getting all the bits to the right VMs that need to be routed correctly.

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.