 Home |
Products |
Support |
Community |
News |
xen-users
Re: [Xen-users] Bridge vs. Route configuration?
| To: | "Eric Windisch" <lists@xxxxxxxxxx> |
|---|---|
| Subject: | Re: [Xen-users] Bridge vs. Route configuration? |
| From: | NAHieu <nahieu@xxxxxxxxx> |
| Date: | Mon, 12 Jun 2006 00:25:01 +0900 |
| Cc: | xen-users@xxxxxxxxxxxxxxxxxxx |
| Delivery-date: | Sun, 11 Jun 2006 08:25:40 -0700 |
| Domainkey-signature: | a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=aQvcjop00HyvVVX5uW1sXKGgXEUJQifY58sEJFyzuhFY+1XKzEGvpIXDRVWvjAJLTahvaKhAWJGVOjBrWEEOX47hPjgA+f9mflxGIv78ojahJoxXxNgbYtQN10r2Vcq5Ox0M/wogabCSrkamUDVq7cIt9aasZ/xTXtDwTVvtAY8= |
| Envelope-to: | www-data@xxxxxxxxxxxxxxxxxx |
| In-reply-to: | <44899815.9040207@xxxxxxxxxx> |
| List-help: | <mailto:xen-users-request@lists.xensource.com?subject=help> |
| List-id: | Xen user discussion <xen-users.lists.xensource.com> |
| List-post: | <mailto:xen-users@lists.xensource.com> |
| List-subscribe: | <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe> |
| List-unsubscribe: | <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe> |
| References: | <5d7aca950606081202i13d8dadep577a394055764194@xxxxxxxxxxxxxx> <44899815.9040207@xxxxxxxxxx> |
| Sender: | xen-users-bounces@xxxxxxxxxxxxxxxxxxx |
I got few explains on the pros and cons of bridge and route method.Thank you for all the helps. So generally I understand that on of the major differences between these approaches is that Bridge method works at layer 2, while Route method works at layer 3 (OSI). Another question is: if I want to make a firewall to protect DomUs, then: - Any tools readily vailable for Bridge config? - Any tools readily available for Route config? Any pointer to documentation/example would be appreciated. Many thanks. H - On 6/10/06, Eric Windisch <lists@xxxxxxxxxx> wrote: > In Xen, by default the domains are configured to use bridge (with > network-bridge script). But there is network-route, and this option > also allows us to connect domains. > > But I don't see what is the advantage of Route config over Bridge. In > which case we should use Route method instead? Bridging is perfectly fine in many cases, but when you have untrusted DomU, routing can be preferable. Routing establishes a healthy level of distrust to your network stack. - Do trust dom01 to not assign itself IPs assigned to dom02 ? - Do I want a firewall between dom01 and dom02 ? - Do I want dom01's web access sent to a transparent proxy, but not dom02's web access? These are questions that can be solved by routing. Finally, I should note that bridges aren't completely lost in terms of security, ebtables is far from useless, but it isn't as flexible as routing. -- Eric Windisch _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | [Xen-users] Demo laptop with 2Gb of ram, john maclean |
|---|---|
| Next by Date: | [Xen-users] [Xen‑users] Error: Not an HVM capable platform, we stop creating!, Jose Betancourt |
| Previous by Thread: | Re: [Xen-users] Bridge vs. Route configuration?, Eric Windisch |
| Next by Thread: | Re: [Xen-users] Bridge vs. Route configuration?, Emiliano Gabrielli (aka AlberT) |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
