Debian Administration

An introduction to custom Xen networking

I've been running Xen for a few weeks now and until now I've been happy with the default networking setup installed. Only when I decided to install Xen upon the server which is hosting this website did I need to explore the way Xen sets up networking.

Xen is pretty good at giving a working network setup for most common cases. By default it sets up virtual instances so they communicate with the network via the host's eth0 device, using NAT.

There are several other supported configurations for the times when this setup isn't appropriate these are:

• bridged networking.
• routed networking.

Each of the available network setups are implemented via a pair of scripts inside the directory /etc/xen/scripts. For example the bridge setup is implemented in the two files:

• /etc/xen/scripts/network-bridge
• /etc/xen/scripts/vif-bridge

In order to change the network setup you simply tell the xend daemon which script(s) it should be using via the configuration file /etc/xen/scripts/xend-config.sxp.

To switch to the bridge setup, for example, you'd make sure the following settings were present:

(network-script network-bridge)
(vif-script vif-bridge)

When I needed to host some Xen instances upon this machine I needed to use the routed setup, which could be done by setting:

(network-script network-route)
(vif-script vif-route)

• My server has the public IP address 80.68.80.176.
• My hosting provider gave me an additional range 80.68.86.192/29 for use by Xen.

The new IP addresses 80.68.86.192/29 were each routed via my existing public address - and in this scenario I couldn't use NAT, since these are public addresses.

Instead I needed to use a bridge. The range I've been given /29 means that I have 6 public IP addresses. One of these must be allocated to the bridge - leaving me with 5 addresses for use by Xen machines.

The following diagram shows what I needed to do:

This image was created using Dia; source file available

The way that bridging works is that the host gains an IP address in the new range, and the virtual instances use this IP address as their default gateway, or route, to the internet.

To setup the bridge required two steps:

• Setup the xend-config.sxp file, as previously discussed.
• Make sure the host has an IP address allocated on the bridge.

To give the host an IP address on the bridge we can't use virtual addresses so we manage it by using the dummy driver:

skx2:~# modprobe dummy
skx2:~# ifconfig dummy0 80.68.86.193 up

To make sure that these settings persist we add the name 'dummy' to the file /etc/modules - and add the dummy network address to the file /etc/network/interfaces as follows:

auto dummy0
iface dummy0 inet static
        address 80.68.86.193
        broadcast 80.68.86.199
        netmask 255.255.255.248

Once this is done we've got the host setup correctly. Restarting xend will allow it to create the bridge:

root@skx2:~# /etc/init.d/xend restart

Now we just need to create the virtual instances giving them IP addresses from the range 80.68.86.192/29 ensuring that they use the IP address 80.68.86.193 as their gateway.

One minor complication was that initially my Xen instances were unable to see the network. It turned out that adding a new line to the configuration file(s) in /etc/xen/ for each instances was required:

kernel = "/boot/xen-linux-2.6.12.6-xen"
memory = 128
name   = "vm1.steve.org.uk"
root   = "/dev/sda1 ro"
vif    = [ 'ip=80.68.86.194' ]
disk   = ....

Adding the vif line allowed things to work correctly.

Add Comment Printable version

 

<<< VPNC and resolvconf aren't working completely Setting up and managing logs? >>>