Re: [Xen-users] Should VMs' IP addresses be on the same subnet as the Dom0 and other boxes on our LAN?

[Simon Hobson <simon@xxxxxxxxxxxxxxxx>]

gregk.xen@xxxxxxxxxxxxx wrote:

>  > Unless your internet connection is
> >  rated in gigabits *and* you use it, then it's not going to be an
> >  issue for your mail server !
> My external-internet connection isn't THAT heavily used.  But I do hope
> to have a FileServer (NFS4 maybe) for my LAN and my VMs serving from my
> Xen box.  I haven't figured out if I should do that at Dom0 or in
> another VM yet.  Anyway, that means the ethernet connection between the
> Xen box and my LAN may be pretty heavily used.
>
> Does THAT make a difference ?
Nope, not really as I'm assuming it's for a home setup. I doubt 
you'll be that bothered if a file takes 12 seconds to copy instead of 
8. If you were *that* worried about performance then you'd almost 
certainly be looking at a dedicated (bare metal) box for the server. 
Don't forget that block device access also goes through Dom0, not 
just the network.
>  > Now, given that you have 5 public IPs available ...
>
> Yeah, I'd thought about that a bit. And, I've got a VLAN-capabable
> switch sitting on my shelf here that I've been staring at wondering what
> to do with.
>
> I put that off for now, trying to KISS at the start of this.
KISS is good.

FYI - my plan would be :
1 VLAN for LAN
1 VLAN for outside (ie modem and PPPoE)
1 VLAN for public wireless
and add an access point that supports multiple SSIDs on separate 
VLANs (which is actually quite common)
Set a switch port to trunked mode, and trunk all those into your 
single NIC on teh host, and configure bridges for each VLAN. Connect 
interface(s) to DomUs as required. If using an external 
firewall/router, you'd need to trunk the relevant ports to that 
instead of/as well as Dom0 - eg Dom0 wouldn't need direct access to 
the modem.
> Right now I'm on ATT DSL, which is PPPoE.  I put the modem in a passive
> bridge mode, and am handling the PPPoE on the Firewall+Router.
Certainly for Linux based devices, you can use the same IP/subnet 
mask on the internal side as the outside with that configuration. 
Then you can NAT your LAN to the gateway IP, and let other devices 
have direct public IPs. Not something I've actually setup myself as 
so far I've either had a single IP or not been using NAT.
--
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users