RE: [Xen-users] Isolated network

["Jonathan Tripathy" <jonnyt@xxxxxxxxxxx>]

 

---

From: Florian Manschwetus [mailto:florianmanschwetus@xxxxxx]
Sent: Fri 04/06/2010 15:53
To: Jonathan Tripathy
Cc: Xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] Isolated network

...
> Hi There,
>
> Sorry, I think I worded my post wrong. What I meant was is there a way
> to make sure that the DomUs can't access the Dom0, i.e. so they are on
> an isolated network. By default in virt-manager, the Dom0 gets attached
> to each bridge created...
>
> Also, what additional features does opensolaris support?
>
> Thanks
>
Depending where and how your guest disks are stored, you would have zfs
for that. At least your dom0 would benefit from zfs (bootenvironments
and frequent snapshotting of all data).
Really easy handling of vlans, bridges and other networking stuff.
(e.g. to configure a nic, you have to plumb it to the system, but you
can use an unplumbed nic for a bridge (what would address your current
question))
No idea so far how well it integrate that all with virt-manager

For udom or smarter dom0 you can use zones.

At all, I would say, you should have a closer look (read a bit at
opensolaris.org) and try it for your own if you are interested.

I have a productive xen running with two osolb134 dom0s with x64-linux,
-windows and -opensolaris as guests.

Florian

-----------------------------------------------------------------------------------------------------------------------

 

My main question is though, is that since all bridge are actually located in the Dom0, what is the best way to stop DomUs from access Dom0? Should I just make a "bridge firewall" at the bridge?

 

Thanks

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users