[Xen-users] Re: VLAN script

To:	"Martin Hierling" <martin.hierling@xxxxxxxxx>
Subject:	[Xen-users] Re: VLAN script
From:	"Molle Bestefich" <molle.bestefich@xxxxxxxxx>
Date:	Fri, 7 Jul 2006 18:14:00 +0200
Cc:	xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date:	Fri, 07 Jul 2006 09:15:36 -0700
Domainkey-signature:	a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=XFhPe8I60AkSlg5Bpk6pGqsjDWVjBXOunzKn9yiqyxUvzna0xLXMHTYjEhuYwmGKb4g6i0v9vpR1NX2XVi9S2igPkJG3xwhPB2R/zVm7tQsSuBD69LdQ3AZd+Lcj71PceAEBieFLlmr5/fe8BUW3KHR3IxCdfr0UratbuBRVm8U=
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxx
In-reply-to:	<20060707152827.GA9276@xxxxxxxxxxxx>
List-help:	<mailto:xen-users-request@lists.xensource.com?subject=help>
List-id:	Xen user discussion <xen-users.lists.xensource.com>
List-post:	<mailto:xen-users@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References:	<62b0912f0606120913r983e9cbp3f8a77de28ee7c68@xxxxxxxxxxxxxx> <20060707152827.GA9276@xxxxxxxxxxxx>
Sender:	xen-users-bounces@xxxxxxxxxxxxxxxxxxx

Martin Hierling wrote:

Are you willing to share your vif-vlan script?


Sure.

prevents me from writing it all new because your script rocks.


Hardly :-).

Before I go out and gather the scripts, let me try and outline the
concept.  Some of the scripts are rather Gentoo-specific anyway, so if
you're just looking for inspiration, this might do it.

In xend-config.sxp, I've got:
===========================
(network-script network-manual)
(vif-script 'vif-vlan')
===========================

"network-manual" does absolutely nothing, since I've set up the VLAN
bridges etc. in dom0 using the tools that my distro (Gentoo) provides.
Doing things this way prevents various breakage compared to letting
the Xen scripts do it.

The dom0 distro scripts sets up the VLAN bridges, basically by
creating them and adding one VLAN interface from the trunk to each
bridge.  For example, xenbr200 is created for VLAN with id 200, and
eth1.200 is added to that bridge.

"vif-vlan" figures out which VLAN bridge a particular domU belongs
too.  I've started numbering the VLANs at 200, and I'm giving each
domU a /29 subnet.  Bridges are named after the VLAN id.  So if a domU
has an IP address of x.y.z.2, it belongs to "xenbr200".  If it has
x.y.z.10, it belongs to "xenbr208".  vif-vlan takes care of adding the
vifX.0 interface to the correct VLAN bridge.

Inside each domU, I've modified the network init script to take just
the IP address from the kernel command line (which in turn comes from
the domU config file) and figure out which /29 subnet this is, what
the broadcast address is, and what the default gateway (hardcoded to
second IP in subnet, eg. x.y.z.1 for the first subnet) address is.

And that's basically it.  I wired my firewall's VLAN trunk interface
to the Xen box's VLAN trunk interface (eth1) too, of course.  And I
did a bit of preparatory work too, by creating a slew of VLAN
interfaces in my firewall and create a slew of VLAN interfaces and
bridges on the Xen box.

Whenever I want to create a new domU, I just have to assign it an IP
address within an unused VLAN, and the scripts take care of the rest
on the Xen box.  Then punch a few holes in the firewall, and we're
set.

(If you still think the scripts would be useful, let me know.)

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

WARNING - OLD ARCHIVES

xen-users

[Xen-users] Re: VLAN script