[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Xen-users] Private Networks between domUs on multiple hosts

  • To: "Joe" <cycloned@xxxxxx>, <xen-users@xxxxxxxxxxxxxxxxxxx>
  • From: Jeff Sturm <jeff.sturm@xxxxxxxxxx>
  • Date: Tue, 29 Jun 2010 17:41:48 -0400
  • Cc:
  • Delivery-date: Tue, 29 Jun 2010 14:43:18 -0700
  • List-id: Xen user discussion <xen-users.lists.xensource.com>
  • Thread-index: AcsXwl8yf3D2kpJrQH63uRT38taiSgADgnfg
  • Thread-topic: [Xen-users] Private Networks between domUs on multiple hosts
> -----Original Message-----
> From: xen-users-bounces@xxxxxxxxxxxxxxxxxxx [mailto:xen-users-
> bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Joe
> Sent: Tuesday, June 29, 2010 3:35 PM
> To: xen-users@xxxxxxxxxxxxxxxxxxx
> Subject: [Xen-users] Private Networks between domUs on multiple hosts
> 
> I've found xen networking quite hard to get the hang of and would
appreciate some
> pointers in the right direction on how to network domUs into their own
private networks
> across multiple servers. There are, say, 5 guests on one machine and 5
on another but
> I would like to be able to allow them to only 'see' fellow guests
which are linked to their
> virtual network. At the moment all guests can contact each other -
they're on the
> same network.

Xen networking isn't so bad once you understand Linux networking
(bridging).  I like to short-circuit network-script with something like:

(network-script /bin/true)

in xend-config.sxp so I can configure bridges and interfaces on my own.

> I understand this could be achieved with vlans and whilst I've used
these before
> outside of Xen, I'm unsure of how to do so within xen's networking
system. I'm sure
> my query isn't uncommon and so was hoping that someone would know of
an easier
> way in which what I want can be achieved using pure Xen functionality.

On CentOS, I'll paste a few configs that should be enough to get you
started.

In the domU config:

vif = [
        'mac=00:16:3E:5E:A2:5C,bridge=public,
        'mac=00:16:3E:77:64:14,bridge=private'
      ]

(In this example the domU has two interfaces, eth0 is routed to the
public internet, eth1 private amongst domU's.)

In the bridge config:

# cd /etc/sysconfig/network-scripts

# cat ifcfg-private
DEVICE=private
TYPE=Bridge
BOOTPROTO=none
ONBOOT=yes

In the VLAN config:

# cat ifcfg-eth1
DEVICE=eth1
BOOTPROTO=static
ONBOOT=yes

# cat ifcfg-eth1.2001
DEVICE=eth1.2001
BRIDGE=private

Each domU can talk to the other domU's over eth1, and the dom0's bridge
this traffic over VLAN # 2001.  The private bridge does not have an IP
address, so the dom0 is not reachable from the private network--it only
bridges traffic.

-Jeff



_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.