This article was written for Xen 3.2, it was successful tested on debian lenny 5.0.3
I describe how to use multiple physical network cards associated to different bridges and Virtual VE (guests). By default Xen uses ony one bridge and physical NIC -> eth0
First step is to create a script that will create the bridges for your physical NICs.
/etc/xen/scripts/your-script
– eth0 is used for the Xen Dom0
– eth1 is used for VE1
– eth2 is used for VE2
1 2 3 4 5 | #!/bin/sh NETBR="/etc/xen/scripts/network-bridge" $NETBR start bridge="eth1_br" vifnum=1 netdev="eth1" $NETBR start bridge="eth2_br" vifnum=2 netdev="eth2" exit 0 |
Don’t forget to make it executable! chmod +x your-script
This script will be called from
/etc/xen/xend-config.sxp
put this line to it:
1 | (network-script your-script) |
and remove or comment this out:
1 2 | (vif-script vif-bridge) (network-script network-dummy) |
then you can configure the bridge for your VE (virtual-guest)
open your config /etc/xen/node1.cfg
and remove the standard bridge: vif = [ ‘ip=192.168.1.101,mac=00:16:3E:71:0B:18’ ]
add your new bridge: vif=[‘bridge=eth1_br’]
No routing configuration is needed! fellow
With following commands you can check your bridging configuration:
brctl show
Check the routing information
netstat -arn
Q: WHY is it interesting to use this kind of configuration?
A: The traffic cannot be sniffed by Dom0, DomN or Dom2
Some reasons:
1. If you get some problems with your primary NIC eth0 your xen dom0 will not be available but your guests are still alive and can communicate
2.If somebody hack your Xen Dom0 nobody can sniff ALL traffic of the VE’s, Guests
It is possible that this configuration will not work with older xen versions, your-script must be edited wassat
Have you any questions, please do not hesitate to contact me fellow