...
Reference: http://wiki.xenproject.org/wiki/Storage_options
Networking
Choice (TODO: can be mixed?):
- Bridged Each DomU* OS is connected to the LAN
- Routed Dom0 is a router between the LAN and the DomU* network interfaces
- NATted Dom0 is a NATting router between the LAN and the DomU* network interfaces
Interface names:
- peth* The physical ethernet interfaces in a Xen bridge, connected to the LAN
- vif* The virtual interfaces in a Xen bridge, connected to the DomUs
- veth*
- xenbr0
...
- TBC
- xenbr* A Xen bridge
Bridged
Dom0's eth0 gets the bridge's address, broadcast, netmask and gateway settings (assuming the bridge config includes bridge_ports eth0).
Diagram from http://wiki.xenproject.org/wiki/Xen_Networking#ASCII_Art_Examples_of_Xen_Networking_Topologies:
LAN0 LAN1
| |
+-----+-----------------------------------------------------+-----+
| | | |
| +---+-------------------------+ +-------------------------+---+ |
| | | | | | | |
| | eth0 | | eth1 | |
| | | | | |
| | xenbr0 vif1.0 vif2.0 | | vif1.1 vif2.1 xenbr1 | |
| | | \ | | / | | |
| +---^------------+---------\--+ +--/---------+------------^---+ |
| | | \ / | | |
| | +------+-------------X-------------+------+ | |
| | | | / \ | | | |
| | | +----+---------/--+ +--\---------+----+ | | |
| | | | | / | | \ | | | | |
| | | | eth0 eth1 | | eth0 eth1 | | | |
| | | | | | | | | | | | | |
| +-+-+ | | +-+-+ +-+-+ | | +-+-+ +-+-+ | | +-+-+ |
| | | | | | | | | | | | | | | | | | | |
| www ssh | | www ssh ftp pop | | www ssh ftp pop | | ftp pop |
| | | | | | | |
| Domain0 | | Domain1 | | Domain2 | | Domain0 |
+-----------+ +-----------------+ +-----------------+ +-----------+Useful commands:
brctl show
Routed
When routing is used, need:
net.ipv4.ip_forward = 1
net.ipv4.conf.eth0.proxy_arp = 1
NATted
When NAT is used, need:
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
A cunning plan?
Maybe we can do what we want (as on blav; some VMs with public IPs, most with NATted non-routable IPs) without a bridge; configure the physical interface with all the public IPs and use IPTABLES to forward traffic sent to notionally the VM's public IPs to the VM's non-routable IPs. For each VM adressable by public IP:
iptables -t nat -A PREROUTING -i eth0 -d PUBLICIP -j DNAT --to-destination INTERNALIP
For NATting:
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
References (network)
- http://wiki.xenproject.org/wiki/Network_Configuration_Examples_%28Xen_4.1%2B%29
- https://wiki.debian.org/BridgeNetworkConnections
- Old, but has a boot script example: http://www.tldp.org/HOWTO/Ethernet-Bridge-netfilter-HOWTO.html
Toolstacks (a.k.a toolkits and toolboxes)
...