[Gllug] Xen and bridging

Daniel P. Berrange dan at berrange.com
Tue May 16 12:14:19 UTC 2006


On Tue, May 16, 2006 at 12:21:24PM +0100, Adrian McMenamin wrote:
> Sadly, a fixed Xen kernel has not yet been posted for Fedora FC5 so this
> is all still a theoretical conversation and apologies for the possible
> stupidity of some of the questions.

The new kernel update is undergoing final sanity checking before being
pushed - you can get it from Dave Jones' YUM repository if you don't
want to wait for the official errata:

  http://people.redhat.com/davej/kernels/Fedora/FC5/


> As I understand it running Xen on my machine means establishing an
> ethernet bridge between the hypervisor and the guests.
> 
> I have to confess I knew nothing about bridges before and now I've read
> this: http://linux-net.osdl.org/index.php/Bridge I at least know
> something.
> 
> But how does routing work? Specifically how can I ssh into the box as user
> A who only has an account on a specific guest system and get a prompt for
> that system? I am assuming that xen will let each guest access the NIC and
> I don't need a NIC per guest.
> 
> Is it the case that I have to set up NAT on top of the bridge?

Basically Xen creates one or more virtual interfaces in Dom0 for each
guest OS that runs. These are referred to as vif0, vif1, etc in the
host OS, or just plain eth0 in the guest OS. In a pure bridging mode,
the vifX devices will be connected straight to the host's real eth0
device, so packets to/from the guest go to/arrive from the physical
network without the dom0's network stack really getting involved. So
if you have DHCP on your LAN, the guests will auto-assign themselves
IP addr in the normal manner. 

There is a possible alternative setup where you don't bridge the vifX
devices onto eth0, and instead setup a traditional NAT forwarding using
iptables. This gives you an isolated subnet for your guests, which may
or may not be desirable depending on your intended use cases for the 
guests.

Dan.
-- 
|=-            GPG key: http://www.berrange.com/~dan/gpgkey.txt       -=|
|=-       Perl modules: http://search.cpan.org/~danberr/              -=|
|=-           Projects: http://freshmeat.net/~danielpb/               -=|
|=-   berrange at redhat.com  -  Daniel Berrange  -  dan at berrange.com    -=|
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: Digital signature
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20060516/b6b474dd/attachment.pgp>
-------------- next part --------------
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug


More information about the GLLUG mailing list