[Xen-users] multiple bridges on non-addressed interfaces

To:	xen-users <xen-users@xxxxxxxxxxxxxxxxxxx>
Subject:	[Xen-users] multiple bridges on non-addressed interfaces
From:	Steve Wray <steve.wray@xxxxxxxxx>
Date:	Mon, 23 Feb 2009 13:23:33 +1300
Delivery-date:	Sun, 22 Feb 2009 16:24:37 -0800
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxxx
List-help:	<mailto:xen-users-request@lists.xensource.com?subject=help>
List-id:	Xen user discussion <xen-users.lists.xensource.com>
List-post:	<mailto:xen-users@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender:	xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent:	Thunderbird 2.0.0.19 (Macintosh/20081209)

Hi there,

I'm researching our upgrade path from Debian Etch to Debian Lenny and thenewer version of Xen which that brings to the table.


There have been some networking issues which I've been unable to resolve.

Example:

I have two servers each server has four NICs.

One NIC should be for the exclusive use of dom0 and is not used in any domU.

The rest of the NICs should be bridged to the domUs and should not have IPaddresses assigned in dom0.

At least one (bridged) interface per server is on our internet front end.We don't want to waste address space on the dom0s plus we don't want thesecurity exposure of dom0 having an interface directly on the internet.Therefore in the past I have not allocated these interfaces IP addresses.

In earlier versions of Xen I had this working fine, under Debian Etch, byusing configurations in /etc/network/interfaces such as:


auto eth3
iface eth3 inet manual
up /etc/xen/scripts/network-bridge start vifnum=3 bridge=xenbr3 netdev=eth3

in the newer version of Xen this is simpler and we have:

up /etc/xen/scripts/network-bridge start netdev=eth3

Lovely. And with the updated format of the network-bridge script brctl showreveals the correct assignment of bridges.

However, this only actually *works* (for the domUs) if the interface isassigned an address in dom0.


Ie:

auto eth2
iface eth2 inet static
  address 172.16.2.253
  netmask 255.255.255.0
  up /etc/xen/scripts/network-bridge start netdev=eth2

works while this:

auto eth2
iface eth2 inet manual
  up /etc/xen/scripts/network-bridge start netdev=eth2

does not.

I'm not sure if what is going wrong here is a problem with my understandingof Xen or Debian Lenny networking...

--

Please remember that an email is just like a postcard; it is notconfidential nor private nor secure and can be read by many other peoplethan the intended recipient. A postcard can be read by anyone at the mailsorting office and expecting what is written on it to be private and secretis not realistic. Please hold no higher expectation of email.

If you need to send confidential information in an email you need to useencryption. PGP is Pretty good for this.


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

WARNING - OLD ARCHIVES

xen-users

[Xen-users] multiple bridges on non-addressed interfaces