WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] Re: problems with xen installation

To: Fernando Maior <fernando.souto.maior@xxxxxxxxx>
Subject: Re: [Xen-users] Re: problems with xen installation
From: Anand <xen.mails@xxxxxxxxx>
Date: Fri, 30 Dec 2005 22:29:28 +0530
Cc: Xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Fri, 30 Dec 2005 17:04:00 +0000
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=G3p9Epwy6djSctSm18E7pL3MlHcHTmSq4lTVYzeE8C8ERxbEedvLPij/J92IYFfE+HxGWXlgeKNYf97o3C5FYZ5cujPhvfizBMYlmUukURJjA9z29fd7OK3MSPDBrEwAJMQgF2xCEL5ZCK/upKuDFeIQ9ZIrinyDwhrEGfrK2yc=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <6a7b2d540512300742y3b00cd5cma2cac2179fd8a9de@xxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <6a7b2d540512290856m7f0a774h8e132104050891ef@xxxxxxxxxxxxxx> <6a7b2d540512291157s78259528r9a3207dd4172ccfe@xxxxxxxxxxxxxx> <acb757c00512292121q69401768n94c93188b499f453@xxxxxxxxxxxxxx> <6a7b2d540512300223pd6ecaah2bb9c874497eb255@xxxxxxxxxxxxxx> <acb757c00512300430w78bf0b96qde89b2937dc1274b@xxxxxxxxxxxxxx> <20051230134459.GA10278@xxxxxxxxxxxxxx> <acb757c00512300653w68d2cfa3k2760c85b24dec4d9@xxxxxxxxxxxxxx> <20051230151426.GH10278@xxxxxxxxxxxxxx> <acb757c00512300728y41b7135dv743975348eee0385@xxxxxxxxxxxxxx> <6a7b2d540512300742y3b00cd5cma2cac2179fd8a9de@xxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Dear Fernando,

Thanks for the information.

I looked at the vif-bridge file however confused on how to proceed. First as Andy pointed out the foremost point would be to get a constant vifname everytime the domain starts up only then any bandwidth calculation could work.

Looks like i need to get my hands on someone who knows more on this and perhaps help me achieve this since i am unable to work on it much :((

On 12/30/05, Fernando Maior <fernando.souto.maior@xxxxxxxxx> wrote:
On 12/30/05, Anand <xen.mails@xxxxxxxxx> wrote:
> Dear Andy,
>
> Thanks for all the help. I will try it out.
>
>
> On 12/30/05, Andy Smith < andy@xxxxxxxxxxxxxx> wrote:
> >
> > On Fri, Dec 30, 2005 at 08:23:42PM +0530, Anand wrote:
> > >
> > >    Dear Andy,
> > >    Thanks for the reply.
> > >    >As you noted the vif name will change every time a domain is
> > >    >restarted.  In Xen 2.x you can use the vifname config directive to
> > >    >hardcode vif names per domain.  You can also do this in 3.0 if you
> > >    >use a snapshot of -unstable that has this functionality (apologies,
> > >    >I do not know exactly when it was (re)added).
> > >    Thanks, thats indeed excellent news. May i ask is the snapshot stable
> > >    enough to use on the production box (sorry if it sounds a stupid
> > >    question to you). I am using 3.0 stable rpm from xensource on centos
> > >    4.1 right now.
> >
> > I can't advise on this I'm afraid as I'm not using it heavily in
> > production.
> >
> > It works nicely in the latest 2.x which is what I'm running in
> > production.
> >
> > >    >You can measure the bandwidth use of the vif interfaces in dom0,
> > >    >either by parsing /proc/net/devices periodically or by polling SNMP.
> > >    This will give the problem of the vifname changing everytime and
> hence
> > >    loosing track of the vif to whom the bandwidth should be accounted
> to.
> >
> > Yes you do need to use vifname for this to work.
> >
> > >    >Finally you could also use iptables in dom0 and the physdev module
> > >    >to add rules for traffic going in/out particular vifs, and poll its
> > >    >counters to measure bandwidth.
> > >    Is it possible for you to direct me to some examples ? It will really
> > >    help.
> >
> > This too requires static vif names.  Off the top of my head:
> >
> > iptables -N accounting_in
> > iptables -N accounting_out
> >
> > iptables -A FORWARD -m physdev --physdev-out vif+ -j accounting_in
> > iptables -A FORWARD -m physdev --physdev-in  vif+ -j accounting_out
> >
> > iptables -A accounting_in  -m physdev --physdev-out vif-foo+ -j RETURN
> > iptables -A accounting_out -m physdev --physdev-in  vif-foo+ -j RETURN
> >
> > The above iptables commands check all forwarded traffic to see if it
> > came from/to a vif, if they do they are checked to see if they
> > specifically went through an interface name matching "vif-foo*".
> > You can then use
> >
> > iptables -v --list accounting_in
> > iptables -v --list accounting_out
> >
> > to view the packet and byte counters for those tables.
> >
> > Note this matches only IP traffic.  You'll need to use ip6tables to
> > match IPv6.
> >
> > Without static vif names you could add rules to the bridge interface
> > and try to match only things going to or coming from the IP
> > addresses that you have assigned but that seems even more hackish to
> > me..
> >
> >
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.1 (GNU/Linux)
> >
> >
> iD8DBQFDtU7SIJm2TL8VSQsRAtBrAKDW6fAWiPi3DoMD3hG2375VEBoONQCgpTvA
> > poJ7lh1XIbW7dwT/PhuLqh0=
> > =xw9q
> > -----END PGP SIGNATURE-----
> >
> >
> > _______________________________________________
> > Xen-users mailing list
> > Xen-users@xxxxxxxxxxxxxxxxxxx
> > http://lists.xensource.com/xen-users
> >
> >
>
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-users
>
>

Anand,

You can tweak /etc/xen/scripts/vif-bridges in order to include the
iptables {add|delete} rules when the domain is started/shutdown.

--
Bye,
Fernando Maior
LPIC/1(31908)
LinuxCounter(391325)

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
<Prev in Thread] Current Thread [Next in Thread>