WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

[Xen-users] Xen and Private Networking

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] Xen and Private Networking
From: John Lenz <jlenz2@xxxxxxxxxxxxx>
Date: Fri, 29 Sep 2006 00:52:29 -0500
Delivery-date: Thu, 28 Sep 2006 22:53:43 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Thunderbird 1.5.0.7 (X11/20060922)
Hey, I just wrote (well, modified network-bridge) a script to set up
private networking.  Not sure if anyone else is interested, but it would
be nice if this was added into xen.

It is very similar to network-bridge, except it doesn't add peth0 onto
the bridge.  That is, a bridge is set up and all the vifs get added.  In
dom0, we just configure veth0 with an ip address and add vif0.0 to the
bridge.

It works great using network-private and vif-bridge, you get a private
network so the domUs and dom0 can communicate with each other, but with
no one else (well, depends on config in dom0...).

Also, this could replace both network-nat and network-route.  After
using network-private, it is just a standard 2-card router setup with
eth0 outside and veth0 inside.  Shorewall or ipmasq or raw iptables
commands, or any standard tool can easily be set up.  No need to do all
that kind of stuff from inside the xen scripts.

John
#!/bin/sh
#============================================================================
# Xend calls a network script when it starts.
# The script name to use is defined in /etc/xen/xend-config.sxp
# in the network-script field.
#
# This script creates a bridge (default xenbr${vifnum}) and adds a virtual
# device veth${vifnum} to it.  It uses a private network address on
# the virtual device (default 192.168.0.1/24).
# 
# Usage:
#
# network-private (start|stop|status) {VAR=VAL}*
#
# Vars:
#
# vifnum     Virtual device number to use (default 0). Numbers >=8
#            require the netback driver to have nloopbacks set to a
#            higher value than its default of 8.
# bridge     The bridge to use (default xenbr${vifnum}).
# addr       Local address to assign (default 192.168.0.1/24)
# mac        The mac address to assign to veth${vifnum} (default
#            random mac)
#
# Internal Vars:
# vif0="vif0.${vifnum}"
# vdev="veth${vifnum}"
#
# start:
# Creates the bridge
# Configures vdev
# Adds vdev to bridge
#
# stop:
# Removes vdev from bridge
# Stops vdev
# Deletes bridge
#
# status:
# Print addresses, interfaces, routes
#
#============================================================================


dir=$(dirname "$0")
. "$dir/xen-script-common.sh"
. "$dir/xen-network-common.sh"

findCommand "$@"
evalVariables "$@"

vifnum=${vifnum:-0}
bridge=${bridge:-xenbr${vifnum}}
addr=${addr:-192.168.0.1/24}
mac=${mac:-$(awk 'BEGIN { printf "00:16:3e:%02x:%02x:%02x", int(rand()*127), 
int(rand()*255), int(rand()*255); }')}

vdev="veth${vifnum}"
vif0="vif0.${vifnum}"

##
# link_exists interface
#
# Returns 0 if the interface named exists (whether up or down), 1 otherwise.
#
link_exists()
{
    if ip link show "$1" >/dev/null 2>/dev/null
    then
        return 0
    else
        return 1
    fi
}

# Usage: show_status dev bridge
# Print ifconfig and routes.
show_status () {
    local dev=$1
    local bridge=$2
    
    echo '============================================================'
    ip addr show ${dev}
    ip addr show ${bridge}
    echo ' '
    brctl show ${bridge}
    echo ' '
    ip route list
    echo ' '
    route -n
    echo '============================================================'
}

op_start () {
    if [ "${bridge}" = "null" ] ; then
        return
    fi

    if ! link_exists "$vdev"; then
            echo "
Link $vdev is missing.
This may be because you have reached the limit of the number of interfaces
that the loopback driver supports.  If the loopback driver is a module, you
may raise this limit by passing it as a parameter (nloopbacks=<N>); if the
driver is compiled statically into the kernel, then you may set the parameter
using loopback.nloopbacks=<N> on the domain 0 kernel command line.
" >&2
            exit 1
    fi

    create_bridge ${bridge}

    setup_bridge_port ${vif0}

    ip link set ${bridge} up
    add_to_bridge  ${bridge} ${vif0}

    ip addr flush $vdev
    ip addr add $addr dev $vdev
    ip link set dev $vdev address $mac arp on
    ip link set dev $vdev up
}

op_stop () {
    if [ "${bridge}" = "null" ]; then
        return
    fi
    if ! link_exists "$bridge"; then
        return
    fi

    brctl delif ${bridge} ${vif0}
    ip link set ${bridge} down
    brctl delbr ${bridge}

    ip link set $vdev down
}

case "$command" in
    start)
        op_start
        ;;
    
    stop)
        op_stop
        ;;

    status)
        show_status ${netdev} ${bridge}
        ;;

    *)
        echo "Unknown command: $command" >&2
        echo 'Valid commands are: start, stop, status' >&2
        exit 1
esac
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-users] Xen and Private Networking, John Lenz <=