WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] xen-unstable networking

To: Chris Andrews <chris@xxxxxxxxxx>
Subject: Re: [Xen-devel] xen-unstable networking
From: Ian Pratt <Ian.Pratt@xxxxxxxxxxxx>
Date: Sat, 27 Mar 2004 17:10:11 +0000
Cc: xen-devel@xxxxxxxxxxxxxxxxxxxxx, Ian.Pratt@xxxxxxxxxxxx
Delivery-date: Sat, 27 Mar 2004 17:11:57 +0000
Envelope-to: steven.hand@xxxxxxxxxxxx
In-reply-to: Your message of "Sat, 27 Mar 2004 16:02:38 GMT." <2B40B211-8008-11D8-A696-000393B01B94@xxxxxxxxxx>
List-archive: <http://sourceforge.net/mailarchive/forum.php?forum=xen-devel>
List-help: <mailto:xen-devel-request@lists.sourceforge.net?subject=help>
List-id: List for Xen developers <xen-devel.lists.sourceforge.net>
List-post: <mailto:xen-devel@lists.sourceforge.net>
List-subscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=subscribe>
List-unsubscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=unsubscribe>
Sender: xen-devel-admin@xxxxxxxxxxxxxxxxxxxxx
> I'm trying to make Xen's internal network among the domains available 
> to a vpn: the machine is allocated a network in the vpn, 
> 192.168.101.0/24, and domain 0 has an IP tunnel to the vpn server and a 
> single IP address in that network, 192.168.101.254. This network is 
> made visible from the vpn by routing daemons running in domain 0. This 
> much works and domain 0's vpn connectivity is fine.
> 
> The other domains then have addresses in 192.168.101.0/24, e.g. 
> 192.168.101.1 for domain 1, with the address added to the VFR for that 
> domain's vif 0 and the address added as a secondary on the domain's 
> eth0. The domain then has a default route via 192.168.101.254. Domain 0 
> has /proc/sys/net/ipv4/ip_forward set to 1. I can ping between domains, 
> and between domain 0 and other domains using 192.168.101.x addresses.

With this configuration, the packets will go out on the wire
directly as you've told it that the whole 192.168.101.0/24 subnet
is directly accessible from eth0

Try setting the ip addresses for domains >0 to
e.g. 192.168.101.1/32 and then set the default route to go via
gateway 192.168.101.254

I haven't tried this, but it should force all packets to go via
domain 0 rather than out via the LAN. (You could set a gateway
just for 192.168.101.0/24 if you wanted other packets to go on
the LAN directly)

Ian
 
> However, while packets from the vpn are correctly routed to domains 
> other than 0, packets from those domains appear directly on the 
> physical ethernet rather than being routed via domain 0 and down the 
> vpn tunnel. This does seem to to be working as designed in that the 
> domain has access to the physical ethernet for addresses which have 
> been added to its vif, but it would be useful for this situation if the 
> packets could go via domain 0. Is this something which can be done with 
> the current code?


-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel

<Prev in Thread] Current Thread [Next in Thread>