| |
|
 |
|
 |
|
|
|
| |
|
|
xen-users
Re: [Xen-users] A question about bridged networking
Iain Kay wrote:
Apologies in advance if this is a simple question but it is one I
have been pondering and would like to get to the bottom of.
It is simple, and it's not Xen related.
So the scenario is that I have the following kit on a network:
/24 CIDR IP range (WAN)
Layer 3 Cisco Router
Several Layer 2 Managed Switches
Xen dom0 servers connected to one of the managed switches
Xen configured with bridged networking and each VPS setup with the
Cisco as the default gateway.
Assuming that I have 2 VPS on the same Xen dom0 server and I attempt
to send data between the two using their IPs with the default
gateway of the Cisco, can Xen/CentOS automatically intercept the
traffic at the bridge level so that it doesn't have to flow beyond
the xen dom0 kernel?
If so then does it happen automatically?
You do not have to do anything at all, what you describe is the
default for any normal IP network.
When a device wishes to send an IPv4 packet to another device that is
in the same subnet, it will completely ignore the default gateway.
Instead, it will broadcast an ARP (Address Resolution Protocol)
request which effectively says "Who has a.b.c.d, tell a.b.c.e ?" The
other device will receive this packet and respond with an ARP
response "a.b.c.d is at aa:bb:cc:dd:ee:ff". Once the first device
gets this response then it knows the MAC address of the device it
wishes to send the packet to and can no send it - directly.
IPv6 is different, but still a similar procedure.
Sending of unicast packets on the local net is done by simply putting
the correct MAC address in the destination and squirting it out on
the wire. The driver on the other end will get the packet, decode it,
and pass it up the network stack to the relevant program (assuming
there is something listening on the specified port). Other devices
will ignore the packet as the destination MAC address isn't theirs.
The last bit you need to understand is the switches. On a hub based
network every packet goes to every node, in a switched network most
packets only go to the intended node. Each switch keeps a table of
MAC addresses it's seen in packets (in the source MAC field), and the
port the packet arrived on - thus when it needs to send a packet on,
it can lookup in the table and only send the packet to the port the
destination MAC address can be reached through.
Only if there is no current entry in it's table, or the packet is
addressed to the broadcast MAC (ff:ff:ff:ff:ff:ff) will the packet be
sent out on all the switches ports. The bridge in your Xen host is no
different - and you can query it's table with "brctl showmacs".
So, when your two virtual hosts send packets to each other, the
virtual switch software (bridge code) will see that the destination
MAC address in each packet is for a VIF attached to the bridge and
only send it via that port - the packets will not even reach the
ethernet port and go out on the wire, let alone get routed by the
gateway.
Where packets would get routed via the gateway would be if you ran a
shared network - 2 (or more) IP subnets on the same wire. If you
didn't put specific routing in each device, then a device in one
subnet would send packets for a device in another subnet via the
gateway. Ie, packets would go out to the gateway, the gateway would
then shove them back out again on the same interface.
--
Simon Hobson
Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
|
|
| |
|
Home