WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

AW: [Xen-users] multiple nic's with vlan -> bridge or bridge -> vlan

To: "'Javier Guerra'" <javier@xxxxxxxxxxx>, <xen-users@xxxxxxxxxxxxxxxxxxx>, "'Molle Bestefich'" <molle.bestefich@xxxxxxxxx>
Subject: AW: [Xen-users] multiple nic's with vlan -> bridge or bridge -> vlan
From: <thomas.vonsteiger@xxxxxxxxxx>
Date: Fri, 15 Sep 2006 07:47:38 +0200
Delivery-date: Thu, 14 Sep 2006 22:48:52 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <200609140752.51388.javier@xxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AcbX/OddYk+QtQsOSXSFXxzp+FvXXwAiu/QQ
For security eth0 ? vlan's ? bridge's ? domU's it's "maybe" a better
solution. Becose i have problem to run this configuration.
There is for each vlan (mtu 1496) a bridge.
Something is not running for such networkconfigs. I'm not sure about the
traffic between bridge and domU.
Is there 8021q traffic or not ?
Becose 8021q traffic i have to the dom0 vlan's, and from there ?
The other way, bridge-vlan's is working fin with mtu 1496.
With tcpdump inside domU i can sea all available vlan numbers with the
subnet information. It's running but not secure.

Thomas

> -----Ursprüngliche Nachricht-----
> Von: xen-users-bounces@xxxxxxxxxxxxxxxxxxx [mailto:xen-users-
> bounces@xxxxxxxxxxxxxxxxxxx] Im Auftrag von Javier Guerra
> Gesendet: Donnerstag, 14. September 2006 14:53
> An: xen-users@xxxxxxxxxxxxxxxxxxx
> Betreff: Re: [Xen-users] multiple nic's with vlan -> bridge or bridge ->
> vlan
> 
> On Thursday 14 September 2006 4:14 am, Molle Bestefich wrote:
> > thomas.vonsteiger@xxxxxxxxxx wrote:
> > > eth0 ? vlan's ? bridge's ? domU's
> > > eth1 ? vlan's ? bridge's ? domU's
> > >
> > > or
> > >
> > > eth0 - bridge ? vlan's ?domU's
> > > eth1 - bridge ? vlan's ?domU's
> >
> > Assuming from your ASCII drawing that you terminate your VLANs inside
> > the domu's in the second configuration, I'd go with the first
> > configuration from a security point of view.
> 
> apart from termination worries, the second setup usually has problems.
> mainly
> because it's better to put the physical eth's MTU to 1504, but the bridges
> usually choke with MTUs bigger than 1500
> 
> --
> Javier


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

<Prev in Thread] Current Thread [Next in Thread>