WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

RE: [Xen-users] Still confused about bridging (I think)

To: "'Andrew Lyon'" <andrew.lyon@xxxxxxxxx>, "'David Dyer-Bennet'" <dd-b@xxxxxxxx>, <xen-users@xxxxxxxxxxxxxxxxxxx>
Subject: RE: [Xen-users] Still confused about bridging (I think)
From: "Dustin Henning" <Dustin.Henning@xxxxxxxxxxx>
Date: Tue, 23 Sep 2008 11:40:16 -0400
Cc:
Delivery-date: Tue, 23 Sep 2008 08:41:25 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <f4527be0809221558j339b214dpc8305da87693a192@xxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Organization: PRD, Inc.
References: <533556ce1eb1a9622c07fed5a2ed8e1a.squirrel@xxxxxxxxxxxxxxxx> <cfb28c8cfc7a0860124792c2642505d0.squirrel@xxxxxxxxxxxxxxxx> <f4527be0809221558j339b214dpc8305da87693a192@xxxxxxxxxxxxxx>
Reply-to: Dustin.Henning@xxxxxxxxxxx
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AckdBt6y8T1v5ZYZQCGMmB9XrU767wAibhDg
David,
        As pointed out by the link provided by Andrew below, eth0 probably
doesn't need added to your xenbr0 because vif0.0 serves that purpose (no
idea why none of my machines have it, but this would also explain why a
previous thread had another user saying this was unnecessary while I find it
is).  This might also mean that you would want to add vif0.1 to xenbr0
instead of eth1 if you were going to tie the VLANs together (not
recommended, as the VLANs could be done away with completely if unnecessary,
and there would then be no need for eth1 [to keep them on separate bridges]
and no bottleneck between the networks/subnetworks [assuming traffic goes
between them]).

David and Andy,
        I don't use the Xen network-bridge script (see this thread on how to
disable it:
http://lists.xensource.com/archives/html/xen-users/2008-07/msg00111.html),
as I find it easier and more consistent to set up my own networking and let
Xen deal only with the virtual interfaces.  That said, if you are to try
such a configuration, how additional bridges and dom0 virtual interfaces
should be set up would be dependent upon your dom0 OS.

Andy,
        You might re-post your submission to xen-users@xxxxxxxxxxxxxxxxxxx
with a unique subject and not as a reply instead of jumping into the middle
of this thread (I believe this is called hi-jacking, and I am assuming it
was unintentional) with your problem.

        Dustin

-----Original Message-----
From: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
[mailto:xen-users-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Andrew Lyon
Sent: Monday, September 22, 2008 18:59
To: David Dyer-Bennet; xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] Still confused about bridging (I think)

http://wiki.xensource.com/xenwiki/XenNetworking explains that 7 pairs
of "connected virtual ethernet interfaces" are created but I really do
not understand why that is necessary? and on my system I only see 4:

 ip link list | grep vif
2: vif0.0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
4: vif0.1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
6: vif0.2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
8: vif0.3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop

I have one HVM running: 1
8: vif6.0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen
32

And there is one bridge called eth0 which has the physical and vif6.0 in it:

 brctl show
bridge name     bridge id               STP enabled     interfaces
eth0            8000.003048c39d98       no              peth0
                                                        tap0
                                                        vif6.0

I need to create a second bridge with eth1, and a third bridge which
needs to have a virtual interface on the dom0.

I plan to connect several windows hvm's that have been migrated from
hardware to the third bridge so that they can talk to each other and
get internet access through dom0, but they must NOT be able to talk to
the lan on physical eth0 as bringing up duplicate domain controllers
and servers would not be good at all,I guess that is what the
"connected virtual ethernet interfaces" are for but I am unsure about
how to create the 2 extra bridges, once the 3rd bridge is there I
guess I need to configure a ip on the dom0 virtual interface that is
connected to the bridge and setup some iptables rules to allow
internet but block access to the local lan.

I need to test a microsoft exchange 2003 > 2007 migration before I do
it on the real servers, the upgrade has gone wrong once already and
with a small window of time to do it I need to be sure it will be
successful.

I see no xenbr0 at all, so what do I need to put in the config files
to use the 2nd or 3rd bridge?

I am running Xen 3.2.1 on Gentoo with kernel 2.6.25.15, any help would
be appreciated.

Andy



_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users