Home / server / Questions / 242374
Accepted
Kendall
Asked: 2011-03-03 10:52:01 +0800 CST

Xen domU needs to be on different network (vlan) than dom0

  • 772

We have multiple VLANs setup between different sites, and are using them to connect our dev. network, 192.168.3.x, and a management network, 172.16.20.x. I have a Xen dom0 on 192.168.3.x; one of it's domUs needs to be on 172.16.20.x.

The network setup on dom0 looks like:

dhcp-169:/ # ifconfig
br0       Link encap:Ethernet  HWaddr 00:30:48:CC:72:BC  
      inet addr:192.168.3.169  Bcast:192.168.3.255  Mask:255.255.255.0
      inet6 addr: fe80::230:48ff:fecc:72bc/64 Scope:Link
      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
      RX packets:8298 errors:0 dropped:0 overruns:0 frame:0
      TX packets:3569 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0 
      RX bytes:1644212 (1.5 Mb)  TX bytes:1060834 (1.0 Mb)

br0 is a bridge interface to eth0. This bridge is what allows the domUs to access the 192.168.3.x network.

The routing table is as simple as

Destination     Gateway     Genmask         Flags Metric Ref      Use Iface
default         192.168.3.1 0.0.0.0         UG    0      0        0 br0

What I need is for the domU to have a management address (172.16.20.x), so that other machines on that network can talk to it. It can additionally have a development (192.168.3.x) address, if that's required to make things work.

Now, I can ping to the management network (172.16.20.x) from the development (192.168.3.x) network. However, I cannot ping the development (192.168.3.x) network from the management (172.16.20.x) network. Not sure if this will cause any problems...

What networking configuration needs to be in place on the dom0 and domU to enable this setup? I've tried a few different bridge and VLAN configurations on dom0 and domU, but no to avail.

Thanks,

Kendall

xen networking vlan bridge

2 Answers

  1. Best Answer

    Let's suppose the dev VLAN is 4 and the mgmnt VLAN is 5.

    On dom0's switch port enable VLAN trunking and grantccess to VLANs 4 and 5.

    On dom0 configure two VLAN interfaces eth0.4 and eth0.5.

    On dom0 configure two bridges br4 (attached to eth0.4) and br5 (attached to eth0.5).

    Have the domUs use the appropriate bridge.

    An alternate config would pass the VLAN config into the domUs but this is a security risk.

    • 3

  2. I don't know Xen very well, but a basic assumption would be that, if you want a virtual machine to talk to a given network, then the host needs some connectivity to that network too, either via another network adapter or by using trunking to carry several VLANs at once on the same cable.

    If your server can only talk to the 192.168.3.x network, there is no way anything running on it (be it an application or a virtual machine) can talk to the 172.16.20.x one.

    • 0