[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Routed Network with Xen

Rakesh Chawda wrote:


Main Server IP: 1.1.1.5 (eg.)
Gateway for Main IP: 1.1.1.1
Additional IP: 1.1.2.1/28 (Different Subnet)
Gateway for additional IPs: not required, as they are "statically bound to MAC address --stated by DC" 
The additional IPs to be used only on Dom0 to avoid different MAC 
addr. Hence, xen bridge network is out of question. I have added 
these IPs using alias adapters eth0:1, eth0:2, etc.

So, I am using xen routed network scripts, where virbr0 gets 
192.168.122.1 IP, and becomes the gateway for the DomUs. The DomUs 
now have IPs in the range of 192.168.122.0/24.

OK, this setup isn't that dissimilar to one of my customer sites. In 
effect, your "gateway" has one IP address for it's outside interface, 
and you have a subnet routed via that gateway. In your case, they'll 
have put some router in based on MAC address, in my case it's a PPP 
link (ADSL service).

I can think of two techniques you may wish to consider.



First off, take a look at http://shorewall.net/ProxyARP.htm - allow 
some time as I suspect you may struggle to get your head around it. 
Obviously this is written from the perspective of using Shorewall to 
set it all up, but the concepts should be portable.



Secondly (and I think, a lot easier), you should be able to do it 
very simply with a "two interface" setup.
Configure your Dom0 with one ordinary interface connected to your 
ISP's service. This will have the IP 1.1.1.5 and it **NOT** connected 
to a bridge.
Create a bridge, but do not add a physical NIC to it (unless you need 
other internal machines to have access). Give this an IP address of 
1.1.2.1/28.
Now give your DomUs IPs in the rest of the 1.1.2.0/28 subnet (ie 
1.1.2.2 through 1.1.2.14), connect their VIF to the bridge defined in 
the step above, and have them use 1.1.2.1 as their default gateway.

With this setup, Dom0 acts as a router. Inbound packets will arrive 
on it's external NIC, it will route them, and spit them out via the 
bridge - at which point the Xen networking code will pick up the 
packet and pass it to the DomU via it's VIF.
Similarly, outbound packets from the DomU will get stuffed into the 
bridge by the Xen network code, they will then be picked up by Dom0 
and routed to the outside world.
Note that for both inbound and outbound packets, one of the MAC 
addresses (Dest for inbound, source for outbound) will be that of the 
DomU physical NIC.



As a refinement, you can run either of these methods in it's own 
DomU. Use PCI passthrough to pass the physical NIC through to the 
DomU as one NIC, and give it a VIF as a second NIC on your internal 
network (Dom0 bridge). You now have a neatly segregated virtual box 
that can act as router and firewall - without having to bother about 
iptables rules on Dom0. This is the setup I run at home.

--
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users




















    
    		
  




 




    

    	
©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved. 

    Linux Foundation is a registered trademark of The Linux Foundation. 

    Xen Project is a trademark of The Linux Foundation.
		 
    
 








  

    Rackspace
            
        
Lists.xenproject.org is hosted with RackSpace, monitoring our

           servers 24x7x365 and backed by RackSpace's Fanatical Support®.