| |
|
 |
|
 |
|
|
|
| |
|
|
xen-users
Re: [Xen-users] Ideal(istic) Xen firewall design
> This setup works extremely well for my purposes.
> I have, however, noticed network performance issues when scp'ing from dom0
> to a client in the local 'Green Zone'.
> Rather than the 4MB/s I'd expect (PIIX4 ata33 IDE with software raid), I'm
> only getting 1.4MB/s :( (screen shots here:
> http://marcusbrutus.cust.internode.on.net/Computers/C3-1 )
Oh dear! What CPU setup do you have here?
> I appreciate there's a lot more calculation going on, but still ...
Context switches are likely to be the killer when using driver domains. Tell
me: do you have any numbers for a domU to "real world" setup with a "vanilla"
Xen config? How did that perform?
Cheers,
Mark
> >Mike Tierney schrieb:
> >>>> But it is still tempting to just do away with the seperate firewall vm
> >>>> and
> >>>> do all the firewalling in Dom0!
>
> With this in mind, I might be prepared to change my setup to something like
> this:
>
> OPTION C-v3.2
> =============
> Internet
>
> eth1
>
> ________________________________________|__________________________________
>________
>
> |
> | ________________________________|___________________________
> |_______ |
> |
> | | Firewall
> | | | | (dom1)
> | | |=======|= eth2 DMZ
> | | ____________________________________________________
> | |_____________| | (optional)
> |
> | eth3 eth4 eth5
> | |
> |
> | | ________________ | ______________ |
> | | _______________ |
> | |
> | | | Proxy Server | | | Web Server | | |
> | | | iPaq Server | | (domU1) | | |
> | | | (domU2) | | | (dom2) |========|=
> | | | USB Host #1 ______________| |
> | | | |____________| | |_____________| |
> | | | (for BT Dongle)
> | |
> | | / | / | /
> | | | ( and cradle ) /
> | | | / _______________ | /
> | | | / |/ | Mail Server |
> | | |/ |
> | |
> | | | | (domU3) | |
> | | | | |
> | | | | _____________| |
> | | | | |
> | | |
> | | | / |
> | | | | /
> | | | |
> | | | | /
> | | | |
> | | | |
> |
> | xen-br0 br1 br1
> | |
> |
> | | ! !
> | | |
> | | _________________________________________________
> | |____________ |
> |
> | \ |
> | | |
>
> Local eth0 =|============+| dom0
> | |
>
> |_____________|_______________________________________________
> |____________|_______|
>
> However, as the bandwidth throughput issue would still remain for all the
> other domains, I'm not sure if there's a real benefit.
> I have a burner in this machine, with the hopes of using it for domain
> filesystem backups in the future.
>
> Can I assume that this performance would be improved dramatically using a
> MP machine (or HT) ?
>
> Are there other ways of improving this performance?
>
> Appreciate your advice.
>
> Marcus.
>
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-users
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
|
|
| |
|
Home