XEN networking
Last edited -> 10/20/2007
I’m starting this page since it was a post that I never got around to finishing. So this page is a Work In Progress.
If many of you are like me, then you are lost when it comes to how XEN networking works. I was lucky to have Ron Terry, from Novell ATT (Advanced Technical Training), come and help me understand this. After having him explain it to me I’ve realized that networking in XEN isn’t all that bad. Before I start explaining XEN networking I want to mention his website. I recommend poking around as there is lots of good information. Also, I wanted to point out a link to a script that he is working on for building the network. I have finally been able to use this script and recommend it.
Now onto XEN networking. There are no promises that I’m going to get this 100% correct and I’m bases most of this on SuSE, so if you know better COMMENT! Otherwise, please still comment as I’m sure others with appreciate it.
Starting at the beginning, on SLES (SuSE Linux Enterprise Linux), when XEN boots and domain 0 comes up you have X network cards and 4 virtual ethernet interfaces. The physical ethernet cards are switch to pethX and the veth[0-3] are converted over to eth[0-3]. The MAC address information is copied from the physical to the virtual for all active network cards. Since there can’t be two network devices with the same MAC address, the physical interface’s MAC is set to FE:FF:FF:FF:FF:FF. For example,
eth1 Link encap:Ethernet HWaddr 00:19:D1:6D:70:78
peth1 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
From what I understand, the new addres is the same that port on a switch would be given. Once all of the ethX devices are converted to pethX XEN goes through and creates bridges, xenbrX. The problem with the scripts that are installed by default (not confirmed outside of SuSE), they only create 1 bridge by default. This means that if you want to connect your domUs to more than one ethernet interface, then you have to create a new script that calls network-bridge X times needed bridges. So if the setup requires two bridges, then you need to call the network-bridge script twice (located in /etc/xen/scripts/).
The problem that you run into, if you don’t add more bridges, is all of your VMs’ traffic moves through one network card regardless of how many network cards you have in your machine. They only way around this is to create several bridges and then balance the VMs between all of them. The area that I need to learn more about is creating the vifs that connect between the bridge and DomU. Hopefully I can add that soon. I’m thinking about creating a wiki for this so that as I learn more I just just update the wiki. So, if you have recommendation with reason for a wiki let me know.
It isn’t required that you have a physical ethernet device per bridge or even virtual for that matter.
Please comment to sshaw [at] decriptor [dot] com
so after it boots do you just login as root and go to another browser and type the address? I apologize for all the questions, but I am simply running into roadblocks no matter the steps I take
Please ignore the above post. wrong blog.
Why not just use “pf” to shape your traffic instead? It can be compiled into the kernel to provide NAT and many other firewalling services while you’re at it since it was designed to do all this.
PF: The OpenBSD Packet Filter
http://www.openbsd.org/faq/pf/