[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Multiple VMs - one static routable IP address

To: Alex Samad <alex@xxxxxxxxxxxx>
From: cyber@xxxxxxxxx
Date: Thu, 17 May 2007 22:24:24 -0500 (CDT)
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Fri, 18 May 2007 09:34:13 -0700
List-id: Xen user discussion <xen-users.lists.xensource.com>

only have one routable IP address however. I need to service ports: 22,25, 80, 110, and 443
your going to have problems with 22, 110 and 443. You can potentially doit for port 80, but yuo would have to service the request on the host.THis is going to be the same for all the virtual machines if you have nonroutable addresses, no real way around it. You could possible try ipv6 -but then your client would have to use ipv6 (both of you can use the ipv4in ipv6 ability)

Thanks for the reply Alex!

Ports 80 and 443 I'm not terribly worried about. Apache in proxy modegets around that simple enough. It'd mean an additional install ofApache, but that's not a terribly big deal nor a deal breaker for me.

Well, I'm honestly not familiar enough with ipv6 to know how to doanything differently. I'm no stranger to tcp/ip stacks, but I haven'teven dabbed a toe in the ipv6 pool.

How does the S390 hosting guys do this sort of thing? They can't reallybe using routable IP addresses for everything? I realize this is more anetworking question than a VM question, but I figured there would be somesort of soft router type functionality built into the solution (just likethere is for the bridging and such) to address the complication of it nowbeing multiple machines. I can't be the only guy who does hosting on abusiness class DSL line, but with only one routable IP.

Maybe the solution is to spin up a DomU as the firewall and put the apachein proxy mode there, as well as a sendmail MTA router to the 10-net behindit. Ports 22 (sshd) and 110 (ipop3) are easy enough to configure aroundand just give a different port to every VM. The only real sticking pointwas port 25 really. My sendmail kung-fu just isn't that strong for amultiple machine environment. Everything I've ever done is with oneserver, and multiple backup MX's.

I just keep coming back to the original question tho, what do the big VMenvironments do when they have hundreds or more VM's... are they reallyusing up hundreds of routable IP addresses? Really?

Originally I was planning on putting all my own personal websites andemail on Domain-0, as well as an iptables based firewall. Having readmore, seems like the recommendation is to keep Domain-0 behind a DomUwhere the firewall runs. Makes sense, and doesn't seem difficult to do...just a new paradigm for me. I've always only had one server, and it dideverything and anything. I love the idea of breaking it all up from asecurity and manageability standpoint... just not sure what to do aboutgetting all the bits to the right VMs that need to be routed correctly.

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

Follow-Ups:
- Re: [Xen-users] Multiple VMs - one static routable IP address
  - From: Andy Smith
- Re: [Xen-users] Multiple VMs - one static routable IP address
  - From: Alex Samad

References:
- [Xen-users] Multiple VMs - one static routable IP address
  - From: xensource
- Re: [Xen-users] Multiple VMs - one static routable IP address
  - From: Alex Samad

Prev by Date: [Xen-users] Multiple IP networking with multiple ethernet cards
Next by Date: Re: [Xen-users] Keyboard change
Previous by thread: Re: [Xen-users] Multiple VMs - one static routable IP address
Next by thread: Re: [Xen-users] Multiple VMs - one static routable IP address
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.