Posted by Steve on Mon 27 Feb 2006 at 05:16
I've been running Xen for a few weeks now and until now I've been happy with the default networking setup installed. Only when I decided to install Xen upon the server which is hosting this website did I need to explore the way Xen sets up networking.
Xen is pretty good at giving a working network setup for most common cases. By default it sets up virtual instances so they communicate with the network via the host's eth0 device, using NAT.
There are several other supported configurations for the times when this setup isn't appropriate these are:
Each of the available network setups are implemented via a pair of scripts inside the directory /etc/xen/scripts. For example the bridge setup is implemented in the two files:
In order to change the network setup you simply tell the xend daemon which script(s) it should be using via the configuration file /etc/xen/scripts/xend-config.sxp.
To switch to the bridge setup, for example, you'd make sure the following settings were present:
(network-script network-bridge) (vif-script vif-bridge)
When I needed to host some Xen instances upon this machine I needed to use the routed setup, which could be done by setting:
(network-script network-route) (vif-script vif-route)
The new IP addresses 80.68.86.192/29 were each routed via my existing public address - and in this scenario I couldn't use NAT, since these are public addresses.
Instead I needed to use a bridge. The range I've been given /29 means that I have 6 public IP addresses. One of these must be allocated to the bridge - leaving me with 5 addresses for use by Xen machines.
The following diagram shows what I needed to do:
This image was created using Dia; source file available
The way that bridging works is that the host gains an IP address in the new range, and the virtual instances use this IP address as their default gateway, or route, to the internet.
To setup the bridge required two steps:
To give the host an IP address on the bridge we can't use virtual addresses so we manage it by using the dummy driver:
skx2:~# modprobe dummy skx2:~# ifconfig dummy0 80.68.86.193 up
To make sure that these settings persist we add the name 'dummy' to the file /etc/modules - and add the dummy network address to the file /etc/network/interfaces as follows:
auto dummy0
iface dummy0 inet static
address 80.68.86.193
broadcast 80.68.86.199
netmask 255.255.255.248
Once this is done we've got the host setup correctly. Restarting xend will allow it to create the bridge:
root@skx2:~# /etc/init.d/xend restart
Now we just need to create the virtual instances giving them IP addresses from the range 80.68.86.192/29 ensuring that they use the IP address 80.68.86.193 as their gateway.
One minor complication was that initially my Xen instances were unable to see the network. It turned out that adding a new line to the configuration file(s) in /etc/xen/ for each instances was required:
kernel = "/boot/xen-linux-2.6.12.6-xen" memory = 128 name = "vm1.steve.org.uk" root = "/dev/sda1 ro" vif = [ 'ip=80.68.86.194' ] disk = ....
Adding the vif line allowed things to work correctly.
This article can be found online at the Debian Administration website at the following bookmarkable URL (along with associated comments):
This article is copyright 2006 Steve - please ask for permission to republish or translate.