system:xen:network
Differences
This shows you the differences between two versions of the page.
|
system:xen:network [2013/08/26 00:11] admin created |
system:xen:network [2013/08/26 20:57] (current) admin |
||
|---|---|---|---|
| Line 55: | Line 55: | ||
| ===== Usual configuration ===== | ===== Usual configuration ===== | ||
| - | [[more to come... sleep time]] | + | When you tend to have multiple DomU that should be split into different |
| + | networks, the usual configuration is to have a bridge on the Dom0 for each | ||
| + | network segment, and the DomUs to join them. | ||
| + | |||
| + | If you want to also include a backend between two of your DomUs, you | ||
| + | would have to get a bridge just for the two of them, and try to avoid | ||
| + | Dom0's firewalling those packets. | ||
| + | |||
| + | <code> | ||
| + | .-----------------. | ||
| + | | Dom0 | | ||
| + | |-----------------| .-----------. | ||
| + | | .----------. | | DomU: foo | | ||
| + | | | br0 | | |-----------| | ||
| + | | | .--------. .------. | | ||
| + | | | | vifX.0 |<---------->| eth0 | | | ||
| + | | | '--------' '------' | | ||
| + | | | .--------. .------. | | ||
| + | | | | vifY.0 |<-. .->| eth1 | | | ||
| + | | | '--------' \ / '------' | | ||
| + | | '----------' | \ / '-----------' | ||
| + | | | \/ .-----------. | ||
| + | | .----------. | /\ | DomU: bar | | ||
| + | | | br1 | | / \ |-----------| | ||
| + | | | .--------. / \ .------. | | ||
| + | | | | vifX.1 |<-' `->| eth0 | | | ||
| + | | | '--------' '------' | | ||
| + | | | .--------. .------. | | ||
| + | | | | vifY.1 |<---------->| eth1 | | | ||
| + | | | '--------' '------' | | ||
| + | | '----------' | '-----------' | ||
| + | '-----------------' | ||
| + | </code> | ||
| + | |||
| + | * br1: only used for foo/bar communications. | ||
| + | * br0: used for external network connectivity | ||
| + | |||
| + | Xen configuration files: | ||
| + | <code> | ||
| + | foo.cfg: | ||
| + | |||
| + | vif = [ | ||
| + | 'mac=00:16:3E:00:00:02,bridge=br0', | ||
| + | 'mac=00:16:3E:00:01:02,bridge=br1', | ||
| + | ] | ||
| + | |||
| + | |||
| + | bar.cfg: | ||
| + | |||
| + | vif = [ | ||
| + | 'mac=00:16:3E:00:00:03,bridge=br0', | ||
| + | 'mac=00:16:3E:00:01:03,bridge=br1', | ||
| + | ] | ||
| + | </code> | ||
| + | |||
| + | |||
| + | On br1, you would have to take very extra care not to firewall anything. | ||
| + | When both DomU talks to each other through br1, Dom0 would copy the data | ||
| + | around, and send it back to the other DomU. | ||
| + | |||
| + | ===== Direct backend to an other DomU ===== | ||
| + | |||
| + | Lets say we would like foo and bar to talk directly to each other. | ||
| + | Network connections should look something like : | ||
| + | |||
| + | |||
| + | <code> | ||
| + | .-----------------. | ||
| + | | Dom0 | | ||
| + | |-----------------| .-----------. | ||
| + | | .----------. | | DomU: foo | | ||
| + | | | br0 | | |-----------| | ||
| + | | | .--------. .------. | | ||
| + | | | | vifX.0 |<---------->| eth0 | | | ||
| + | | | '--------' '------' | | ||
| + | | | .--------. .---------. | | ||
| + | | | | vifY.0 |<-. .-->| vif.bar | | | ||
| + | | | '--------' \ | '---------' | | ||
| + | | '----------' | \ | '-----------' | ||
| + | | | \ | .-----------. | ||
| + | | | \ | | DomU: bar | | ||
| + | | | \| |-----------| | ||
| + | | | \ .------. | | ||
| + | | | |`->| eth0 | | | ||
| + | | | | '------' | | ||
| + | | | | .------. | | ||
| + | | | '-->| eth1 | | | ||
| + | | | '------' | | ||
| + | | | '-----------' | ||
| + | '-----------------' | ||
| + | </code> | ||
| + | |||
| + | Well, it is possible. You just have to get the network backend in a | ||
| + | different domain (not the dom0, but an other existing domain!) | ||
| + | |||
| + | Here is an example of configuration for such: | ||
| + | <code> | ||
| + | foo.cfg: | ||
| + | |||
| + | vif = [ | ||
| + | 'mac=00:16:3E:00:00:02,bridge=br0', | ||
| + | ] | ||
| + | |||
| + | |||
| + | bar.cfg: | ||
| + | |||
| + | vif = [ | ||
| + | 'mac=00:16:3E:00:00:03,bridge=br0', | ||
| + | 'mac=00:16:3E:00:01:03,backend=bar,script=vif-bridge-manual,bridge=brbar', | ||
| + | ] | ||
| + | </code> | ||
| + | |||
| + | Lets see the different options : | ||
| + | * ip - supposed IP of the DomU. Can be used for documentation, accessible by the vif script if it require to deal stupid firewall rules (As you can see, I don't use that option) | ||
| + | * mac - mac address of the interface on the DomU | ||
| + | * backend - name of the domain that should get the backend. Default is the dom0 | ||
| + | * script - name of the script to launch on the backend domain when the interface is added. The script must be present on the specified domain | ||
| + | * bridge - option passed to the vif script, usually the name of the bridge the interface backend should be added to. | ||
| + | |||
| + | |||
| + | With all that, we can get a whole network between our DomUs, without the dom0 seeing any of those interfaces! | ||
system/xen/network.txt · Last modified: 2013/08/26 20:57 by admin
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
