Hey, I just wrote (well, modified network-bridge) a script to set up
private networking. Not sure if anyone else is interested, but it would
be nice if this was added into xen.
It is very similar to network-bridge, except it doesn't add peth0 onto
the bridge. That is, a bridge is set up and all the vifs get added. In
dom0, we just configure veth0 with an ip address and add vif0.0 to the
bridge.
It works great using network-private and vif-bridge, you get a private
network so the domUs and dom0 can communicate with each other, but with
no one else (well, depends on config in dom0...).
Also, this could replace both network-nat and network-route. After
using network-private, it is just a standard 2-card router setup with
eth0 outside and veth0 inside. Shorewall or ipmasq or raw iptables
commands, or any standard tool can easily be set up. No need to do all
that kind of stuff from inside the xen scripts.
John
#!/bin/sh
#============================================================================
# Xend calls a network script when it starts.
# The script name to use is defined in /etc/xen/xend-config.sxp
# in the network-script field.
#
# This script creates a bridge (default xenbr${vifnum}) and adds a virtual
# device veth${vifnum} to it. It uses a private network address on
# the virtual device (default 192.168.0.1/24).
#
# Usage:
#
# network-private (start|stop|status) {VAR=VAL}*
#
# Vars:
#
# vifnum Virtual device number to use (default 0). Numbers >=8
# require the netback driver to have nloopbacks set to a
# higher value than its default of 8.
# bridge The bridge to use (default xenbr${vifnum}).
# addr Local address to assign (default 192.168.0.1/24)
# mac The mac address to assign to veth${vifnum} (default
# random mac)
#
# Internal Vars:
# vif0="vif0.${vifnum}"
# vdev="veth${vifnum}"
#
# start:
# Creates the bridge
# Configures vdev
# Adds vdev to bridge
#
# stop:
# Removes vdev from bridge
# Stops vdev
# Deletes bridge
#
# status:
# Print addresses, interfaces, routes
#
#============================================================================
dir=$(dirname "$0")
. "$dir/xen-script-common.sh"
. "$dir/xen-network-common.sh"
findCommand "$@"
evalVariables "$@"
vifnum=${vifnum:-0}
bridge=${bridge:-xenbr${vifnum}}
addr=${addr:-192.168.0.1/24}
mac=${mac:-$(awk 'BEGIN { printf "00:16:3e:%02x:%02x:%02x", int(rand()*127),
int(rand()*255), int(rand()*255); }')}
vdev="veth${vifnum}"
vif0="vif0.${vifnum}"
##
# link_exists interface
#
# Returns 0 if the interface named exists (whether up or down), 1 otherwise.
#
link_exists()
{
if ip link show "$1" >/dev/null 2>/dev/null
then
return 0
else
return 1
fi
}
# Usage: show_status dev bridge
# Print ifconfig and routes.
show_status () {
local dev=$1
local bridge=$2
echo '============================================================'
ip addr show ${dev}
ip addr show ${bridge}
echo ' '
brctl show ${bridge}
echo ' '
ip route list
echo ' '
route -n
echo '============================================================'
}
op_start () {
if [ "${bridge}" = "null" ] ; then
return
fi
if ! link_exists "$vdev"; then
echo "
Link $vdev is missing.
This may be because you have reached the limit of the number of interfaces
that the loopback driver supports. If the loopback driver is a module, you
may raise this limit by passing it as a parameter (nloopbacks=<N>); if the
driver is compiled statically into the kernel, then you may set the parameter
using loopback.nloopbacks=<N> on the domain 0 kernel command line.
" >&2
exit 1
fi
create_bridge ${bridge}
setup_bridge_port ${vif0}
ip link set ${bridge} up
add_to_bridge ${bridge} ${vif0}
ip addr flush $vdev
ip addr add $addr dev $vdev
ip link set dev $vdev address $mac arp on
ip link set dev $vdev up
}
op_stop () {
if [ "${bridge}" = "null" ]; then
return
fi
if ! link_exists "$bridge"; then
return
fi
brctl delif ${bridge} ${vif0}
ip link set ${bridge} down
brctl delbr ${bridge}
ip link set $vdev down
}
case "$command" in
start)
op_start
;;
stop)
op_stop
;;
status)
show_status ${netdev} ${bridge}
;;
*)
echo "Unknown command: $command" >&2
echo 'Valid commands are: start, stop, status' >&2
exit 1
esac
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|