 Home |
Products |
Support |
Community |
News |
xen-users
[Xen-users] Should VMs' IP addresses be on the same subnet as the Dom0 a
| To: | xen-users@xxxxxxxxxxxxxxxxxxx |
|---|---|
| Subject: | [Xen-users] Should VMs' IP addresses be on the same subnet as the Dom0 and other boxes on our LAN? |
| From: | gregk.xen@xxxxxxxxxxxxx |
| Date: | Sat, 17 Sep 2011 15:40:40 -0700 |
| Delivery-date: | Sat, 17 Sep 2011 15:41:40 -0700 |
| Dkim-signature: | v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=message-id:from:to:mime-version :content-transfer-encoding:content-type:subject:date; s=smtpout; bh=gLNuZqQfa45jcyJ8cmY/eppfG8E=; b=FWSZqsuwlrTR2Ot3t1/Xwejov0JV orwgbGAWDeOhYp91OBt00FxG01oPR56xFSjUKBir7atLfwBoidDk7sDHQnWHqgf3 6SS6TiF4Rd4zoxPsO6Sj7/jONSUMGuT+qkY/S4QkOtf+uaELOZ4ptsge8yjiLE29 tRYTsrfzwRXPLiE= |
| Envelope-to: | www-data@xxxxxxxxxxxxxxxxxxx |
| List-help: | <mailto:xen-users-request@lists.xensource.com?subject=help> |
| List-id: | Xen user discussion <xen-users.lists.xensource.com> |
| List-post: | <mailto:xen-users@lists.xensource.com> |
| List-subscribe: | <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe> |
| List-unsubscribe: | <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe> |
| Sender: | xen-users-bounces@xxxxxxxxxxxxxxxxxxx |
Hi.
I've installed our 1st Virtualized server using Xen. I've managed to
create & populate a VM that's going to be used as our office mail
server.
Everything seems to work ok -- I can send/receive email to/from the
'real world'.
I've read a bunch at the Xen wiki about routing, and bridging, and
security. Wow! Lots of stuff to digest compared to doing stuff in
VirtualBox. But I get this is a different beast, and I think I got a
good idea of what I _can_ do.
I've one question about assigning VM's IP addresses. Basically, what
_should_ I do about assigning VM IP addresses?
What I have right now is pretty basic.
Internet
|
|
| X.X.X.X/29
Firewall+Router: 10.0.0.1
| 10.0.0.1/24
|
|
Ethernet Switch
|
|---- my Desktop: eth0:10.0.0.2
|
|---- Server Dom0: eth0:10.0.0.3
|
|---- VM#1 (Mail Server): bridge:10.0.0.4
Mail sent from the outside to my network gets a NAT redirect to the Mail
Server @ 10.0.0.4.
Works great.
My question is:
For security, or performance, or general Xen, reasons, should I change
that "VM#1 (Mail Server)" IP address to a different subnet. Like
10.100.0.1/24? And do some sort of routing somewhere?
Instead of having mail traffic passthrough 'through' the Dom0 to the VM,
is it better to have a second, real Ethernet card assigned to the VM,
and do this instead:
Internet
|
|
| X.X.X.X/29
Firewall+Router: eth0: 10.0.0.1, 10.100.0.1
| 10.0.0.1/24, 10.100.0.1/24
|
Ethernet Switch
|
|-------------------------------------------------------------|
| |
| |
|---- my Desktop: eth0:10.0.0.2 |
| |
|---- Server Dom0: eth0:10.0.0.3 |
| |
|---- VM#1 (Mail Server): bridge:10.0.0.4 |
| |
|----: 'real' eth1:10.100.0.4 ----|
?
Thanks for your help with any suggestions or any good URLs to read!
Greg
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | [Xen-users] XCP autostart and LVM disabled, Grant McWilliams |
|---|---|
| Next by Date: | Re: [Xen-users] Yet Another PCI passthrough question, James Pifer |
| Previous by Thread: | [Xen-users] XCP autostart and LVM disabled, Grant McWilliams |
| Next by Thread: | Re: [Xen-users] Should VMs' IP addresses be on the same subnet as the Dom0 and other boxes on our LAN?, Simon Hobson |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
