This article was written for Xen 3.2, it was successful tested on debian lenny 5.0.3

I describe how to use multiple physical network cards associated to different bridges and Virtual VE (guests). By default Xen uses ony one bridge and physical NIC -> eth0

First step is to create a script that will create the bridges for your physical NICs.

/etc/xen/scripts/your-script

- eth0 is used for the Xen Dom0
- eth1 is used for VE1
- eth2 is used for VE2


Don't forget to make it executable! chmod +x your-script

This script will be called from
/etc/xen/xend-config.sxp

put this line to it:


and remove or comment it out



then you can configure the bridge for your VE (virtual-guest)
open your config /etc/xen/node1.cfg

and remove the standard bridge: vif = [ 'ip=192.168.1.101,mac=00:16:3E:71:0B:18' ]
add your new bridge: vif=['bridge=eth1_br']

No routing configuration is needed!

With following commands you can check your bridging configuration:
brctl show

Output:


Check the routing information
netstat -arn

Output:


Q: WHY is it interesting to use this kind of configuration?
A: The traffic cannot be sniffed by Dom0, DomN or Dom2

Some reasons:
1. If you get some problems with your primary NIC eth0 your xen dom0 will not be available but your guests are still alive and can communicate

2.If somebody hack your Xen Dom0 nobody can sniff ALL traffic of the VE's, Guests

It is possible that this configuration will not work with older xen versions, your-script must be edited

Have you any questions, please do not hesitate to contact me