WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] Ideal(istic) Xen firewall design

> This setup works extremely well for my purposes.
> I have, however, noticed network performance issues when scp'ing from dom0
> to a client in the local 'Green Zone'.
> Rather than the 4MB/s I'd expect (PIIX4 ata33 IDE with software raid), I'm
> only getting 1.4MB/s :( (screen shots here:
> http://marcusbrutus.cust.internode.on.net/Computers/C3-1 )

Oh dear!  What CPU setup do you have here?

> I appreciate there's a lot more calculation going on, but still ...

Context switches are likely to be the killer when using driver domains.  Tell 
me: do you have any numbers for a domU to "real world" setup with a "vanilla" 
Xen config?  How did that perform?

Cheers,
Mark

> >Mike Tierney schrieb:
> >>>> But it is still tempting to just do away with the seperate firewall vm
> >>>> and
> >>>> do all the firewalling in Dom0!
>
> With this in mind, I might be prepared to change my setup to something like
> this:
>
>  OPTION C-v3.2
>  =============
>                                                  Internet
>
>                                                    eth1
>             
> ________________________________________|__________________________________
>________
>
>              |      
>              | ________________________________|___________________________
>              |_______       |
>              |
>              |       |                            Firewall                 
>              |       |            |       | (dom1)                         
>              |       |     |=======|= eth2 DMZ
>              |       | ____________________________________________________
>              |       |_____________|       |   (optional)
>              |
>              |        eth3                   eth4                 eth5     
>              |                    |
>              |
>              |          |   ________________   |   ______________   |  
>              |          | _______________        |
>              |          |
>              |          |   | Proxy Server |   |   | Web Server |   |   |
>              |          |   | iPaq Server |        | (domU1)      |   |   |
>              |          |   | (domU2)    |   |   | (dom2)      |========|=
>              |          |   | USB Host #1 ______________|   |  
>              |          |   | |____________|   |   |_____________|        |
>              |          |   | (for BT Dongle)
>              |          |
>              |          |  /                   |  /                 |  /   
>              |          |                    | ( and cradle ) /            
>              |          |        | / _______________  | /                  
>              |          |      | /                     |/  | Mail Server | 
>              |          | |/                         |
>              |          |
>              |          |                      |   | (domU3)     |  |      
>              |          |                      |   |                    |
>              |          |                      |   | _____________|  |     
>              |          |                      |   |                     |
>              |          |                      |
>              |          |                      |  /                 |      
>              |          |                      |                    | /    
>              |          |                      |              |            
>              |          |                      |              | /          
>              |          |                      |         |                 
>              |          |                      |         |
>              |
>              |       xen-br0                  br1                  br1     
>              |                    |
>              |
>              |          |                      !                    !      
>              |          |                    |
>              |          | _________________________________________________
>              |          |____________       |
>              |
>              |           \ |                                               
>              |            |       |
>
>  Local eth0 =|============+|                        dom0                   
>            |       |
>
>              |_____________|_______________________________________________
>              |____________|_______|
>
> However, as the bandwidth throughput issue would still remain for all the
> other domains, I'm not sure if there's a real benefit.
> I have a burner in this machine, with the hopes of using it for domain
> filesystem backups in the future.
>
> Can I assume that this performance would be improved dramatically using a
> MP machine (or HT) ?
>
> Are there other ways of improving this performance?
>
> Appreciate your advice.
>
> Marcus.
>
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-users

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users