| |
|
 |
|
 |
|
|
|
| |
|
|
xen-users
Re: [Xen-users] Multiple VMs - one static routable IP address
only have one routable IP address however. I need to service ports: 22,
25, 80, 110, and 443
your going to have problems with 22, 110 and 443. You can potentially do
it for port 80, but yuo would have to service the request on the host.
THis is going to be the same for all the virtual machines if you have non
routable addresses, no real way around it. You could possible try ipv6 -
but then your client would have to use ipv6 (both of you can use the ipv4
in ipv6 ability)
Thanks for the reply Alex!
Ports 80 and 443 I'm not terribly worried about. Apache in proxy mode
gets around that simple enough. It'd mean an additional install of
Apache, but that's not a terribly big deal nor a deal breaker for me.
Well, I'm honestly not familiar enough with ipv6 to know how to do
anything differently. I'm no stranger to tcp/ip stacks, but I haven't
even dabbed a toe in the ipv6 pool.
How does the S390 hosting guys do this sort of thing? They can't really
be using routable IP addresses for everything? I realize this is more a
networking question than a VM question, but I figured there would be some
sort of soft router type functionality built into the solution (just like
there is for the bridging and such) to address the complication of it now
being multiple machines. I can't be the only guy who does hosting on a
business class DSL line, but with only one routable IP.
Maybe the solution is to spin up a DomU as the firewall and put the apache
in proxy mode there, as well as a sendmail MTA router to the 10-net behind
it. Ports 22 (sshd) and 110 (ipop3) are easy enough to configure around
and just give a different port to every VM. The only real sticking point
was port 25 really. My sendmail kung-fu just isn't that strong for a
multiple machine environment. Everything I've ever done is with one
server, and multiple backup MX's.
I just keep coming back to the original question tho, what do the big VM
environments do when they have hundreds or more VM's... are they really
using up hundreds of routable IP addresses? Really?
Originally I was planning on putting all my own personal websites and
email on Domain-0, as well as an iptables based firewall. Having read
more, seems like the recommendation is to keep Domain-0 behind a DomU
where the firewall runs. Makes sense, and doesn't seem difficult to do...
just a new paradigm for me. I've always only had one server, and it did
everything and anything. I love the idea of breaking it all up from a
security and manageability standpoint... just not sure what to do about
getting all the bits to the right VMs that need to be routed correctly.
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
|
|
| |
|
Home