|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-users] Re: iptables and ipvsadm in domU
On Tue, May 01, 2007 at 04:33:02PM -0700, Fong Vang wrote: > The documentation for Xen mentions that iptables in dom0 may affect > domUs. If iptables and ipvsadm is heavily used in a domU, how does this > impact dom0? Depends on how your network is setup. > In my particular case, I want both dom0 and ONE domU (FW_domu) to be visible > to the external network (eth1). There will be several other domU's that > will be behind FW_domU). > > as far as the domUs are concerned, this is the layout. > > FW_domU > | > LB_domU > | > +-----+--+--------+ > | | | > domU1 domU2 domU3 > > what's the best way to set this up. LB_domU runs LVS (ipvsadm). Is this > configuration even supported in Xen. It's supported, but complex. You're going to have to know an awful lot about bridging, routing, and such to be able to set this up and keep it running in any sort of good order. If I were consulting on this, I'd question the underlying assumptions that have led to this design first, as there's probably some much simpler way of laying it all out. But the diagram above, if given as a virtual network layout, is certainly doable, if perhaps not optimal. You can certainly run both iptables and ipvsadm in a Xen domU; it's been an integral part of one of my clients' setups for about 9 months now, and it works a treat. - Matt -- I'm not sure which upsets me more: that people are so unwilling to accept responsibility for their own actions, or that they are so eager to regulate everyone else's. _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |