|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] Please help with network configuration.
Christian-Josef Schrattenthaler <cjs1976@xxxxxx> wrote: > I have a Debian 8 root server with one network card and 4 external ip > addresses from my provider. I did already the standard network configuration > (eth0, eth0:0, eth0:1 and eth0:2). So far so good. > > Now I want to create the right bridging for Xen and the virtual machines. And > this is the point where I get confused. Should I create one bridge for > everything, or should I create a bridge for every external ip address I have? > I have 4 external ip addresses, and I want to make 4 virtual machines. This > means, that the server and one virtual machine have to share an ip address, > which is not a problem, because the server needs ssh, and the virtual > machines are with Windows. OK, you need to clarify exactly what you have, and what you want. So how are the IPs presented to you ? Do you want the VMs to have a public IP or do you want to use private addressing and NAT ? I *think* you are saying that you want the VMs to have public addresses. So on that basis, this is what I suggest : 1) Drop the sub-interfaces. You do *NOT* configure the public IPs on the host - that prevents them being used by the guests. 2) Create a bridge for the outside world - this may or may not have an IP on it for the host, I'll come back to that. 3) Configure each guest to use one of the public IPs, and connect it's interface to the "outside" bridge 4) Optionally, create a second bridge for "internal" traffic, using RFC1918 private addressing 5) Optionally, configure *one* machine (could be the host, could be one of the VMs) to run NAT between one or more of the public IPs and the private addresses on the internal network. Step 2 is done via /etc/network/interfaces. Don't use any network manager or similar* - and I highly recommend you remove or at the very least completely disable any such beast. Using it will only cause you problems down the line. My personal preference is to rename the physical interfaces (using rules in cat /etc/udev/rules.d/70-persistent-net.rules to something "logical" - eg on my VMs at work I may have pethext, pethbak, pethint and so on for the outside, backend, and internal networks. I then create bridges called (eg) ethext, ethbak, ethint. A typical bridge declaration goes (in this case, for my backend network) like this : auto ethbak iface ethbak inet static bridge_ports pethbak address 10.nn.nn.nnn netmask 255.255.255.0 On my home network, I run a "router appliance" as a guest. It's really just a minimal install of Debian running PPPoE for my internet connection and acting as a simple "2 port firewall". The host itself only has internal network addresses (IPv4 and IPv6). * As you are running Debian 8 (aka Jessie), unless you've gone to some lengths then you'll also be infected with malware (aka SystemD) whose main purpose as far as I can see is to make the system less manageable and less stable (with a bonus of making software less portable). I don't know what effect this has on the preceeding advice (eg configuring network via /etc/network/interfaces) as I don't run Jessie and have no intention of allowing SystemD on any of my systems. _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxx http://lists.xen.org/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |