WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [SPAM] Re: [Xen-users] DomU(s) in different subnets

from [Fajar A. Nugraha] [Permanent Link][Original]
To: Xen User-List <xen-users@xxxxxxxxxxxxxxxxxxx>
Subject: Re: [SPAM] Re: [Xen-users] DomU(s) in different subnets
From: "Fajar A. Nugraha" <fajar@xxxxxxxxx>
Date: Fri, 18 Dec 2009 21:26:16 +0700
Delivery-date: Fri, 18 Dec 2009 06:26:55 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <b269bc570912171407h6ddd3f8dr82ede9dabae70a56@xxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <922558ed-dd43-4647-87c9-34437c83d84f@default> <b269bc570912171407h6ddd3f8dr82ede9dabae70a56@xxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx 
On Fri, Dec 18, 2009 at 5:07 AM, Freddie Cash <fjwcash@xxxxxxxxx> wrote:
> On Thu, Dec 17, 2009 at 1:59 PM, Sachin Goel <SACHIN.GOEL@xxxxxxxxxx> wrote:
>>
>> Isn't it possible that with only one bridge we have the virtual machines
>> in different physical subnets, if the gateway is configured to handle that ?
>
> With only 1 bridge, you only have 1 physical network connection, thus you
> only have 1 physical network.  You can have multiple logical subnets
> configured to use that network (192.168.0.0/24, 192.168.1.0/24,
> 192.168.2.0/24, etc).  But it's only 1 physical subnet.  (Although, I guess
> "subnet" is the wrong terminology here.)

I believe the correct term is "ethernet broadcast domain" instead of
"physical subnet".

With that setup, if you assign a domU to be on 192.168.1.0/24, then it
can simply add an IP address located on 192.168.2.0/24 (or others)
since the traffic will be on the same ethernet broadcast domain. Not
good in terms of security.

IMHO a better approach is to use vlans. That is :
- you have one (or more) uplink interface from dom0 to switch/router,
configured as trunk with multiple allowed vlans. For this example,
lets assume there are 11 vlans, 10 - 20. Each of those vlans are
connected to existing network, with existing gateway. vlan10 is used
by 192.168.0.0/24, vlan11 is used by 192.168.1.0/24, and so on. If you
have more than one interface, you can configure them to use bonding
- you assign one IP for dom0 in one of those vlans (lets assume this
is vlan 10). This will be used for dom0 management.
- you create bridges (lets call this br11 - br20) for other vlans in
dom0 (vlan 11-20), but do NOT assign IP address on dom0 for those
bridges
- assign domUs to one of those bridges as necessary.

In this networking setup, dom0 functions just like a L2 switch. This
is what I use on my setup.
This setup is better because a domU located on 192.168.1.0/24 can't
just use an IP address on 192.168.2.0/24 since they'd be on different
vlans (thus different ethernet broadcast domain)

-- 
Fajar

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-users] FC5 as domU- failed to bring multiple interfaces, Fajar A. Nugraha
Next by Date:  [Xen-devel] Xen.org Community Weekly Update - December 18, 2009, Stephen Spector
Previous by Thread:  [SPAM] Re: [Xen-users] DomU(s) in different subnets, Freddie Cash
Next by Thread:  RE: [Xen-users] DomU(s) in different subnets, Ian Tobin
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy