RE: [Xen-users] Private Networks between domUs on multiple hosts

To:	"Joe" <cycloned@xxxxxx>, <xen-users@xxxxxxxxxxxxxxxxxxx>
Subject:	RE: [Xen-users] Private Networks between domUs on multiple hosts
From:	Jeff Sturm <jeff.sturm@xxxxxxxxxx>
Date:	Tue, 29 Jun 2010 17:41:48 -0400
Cc:
Delivery-date:	Tue, 29 Jun 2010 14:43:18 -0700
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to:	<AE9FD0C7-D087-49D7-BFD6-D35702ABC664@xxxxxx>
List-help:	<mailto:xen-users-request@lists.xensource.com?subject=help>
List-id:	Xen user discussion <xen-users.lists.xensource.com>
List-post:	<mailto:xen-users@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References:	<AE9FD0C7-D087-49D7-BFD6-D35702ABC664@xxxxxx>
Sender:	xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index:	AcsXwl8yf3D2kpJrQH63uRT38taiSgADgnfg
Thread-topic:	[Xen-users] Private Networks between domUs on multiple hosts

> -----Original Message-----
> From: xen-users-bounces@xxxxxxxxxxxxxxxxxxx [mailto:xen-users-
> bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Joe
> Sent: Tuesday, June 29, 2010 3:35 PM
> To: xen-users@xxxxxxxxxxxxxxxxxxx
> Subject: [Xen-users] Private Networks between domUs on multiple hosts
> 
> I've found xen networking quite hard to get the hang of and would
appreciate some
> pointers in the right direction on how to network domUs into their own
private networks
> across multiple servers. There are, say, 5 guests on one machine and 5
on another but
> I would like to be able to allow them to only 'see' fellow guests
which are linked to their
> virtual network. At the moment all guests can contact each other -
they're on the
> same network.

Xen networking isn't so bad once you understand Linux networking
(bridging).  I like to short-circuit network-script with something like:

(network-script /bin/true)

in xend-config.sxp so I can configure bridges and interfaces on my own.

> I understand this could be achieved with vlans and whilst I've used
these before
> outside of Xen, I'm unsure of how to do so within xen's networking
system. I'm sure
> my query isn't uncommon and so was hoping that someone would know of
an easier
> way in which what I want can be achieved using pure Xen functionality.

On CentOS, I'll paste a few configs that should be enough to get you
started.

In the domU config:

vif = [
        'mac=00:16:3E:5E:A2:5C,bridge=public,
        'mac=00:16:3E:77:64:14,bridge=private'
      ]

(In this example the domU has two interfaces, eth0 is routed to the
public internet, eth1 private amongst domU's.)

In the bridge config:

# cd /etc/sysconfig/network-scripts

# cat ifcfg-private
DEVICE=private
TYPE=Bridge
BOOTPROTO=none
ONBOOT=yes

In the VLAN config:

# cat ifcfg-eth1
DEVICE=eth1
BOOTPROTO=static
ONBOOT=yes

# cat ifcfg-eth1.2001
DEVICE=eth1.2001
BRIDGE=private

Each domU can talk to the other domU's over eth1, and the dom0's bridge
this traffic over VLAN # 2001.  The private bridge does not have an IP
address, so the dom0 is not reachable from the private network--it only
bridges traffic.

-Jeff



_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

WARNING - OLD ARCHIVES

xen-users

RE: [Xen-users] Private Networks between domUs on multiple hosts