zeldor.biz

Linux, programming and more

Xen 3.2 physical bridging

by Leave a Comment

This article was written for Xen 3.2, it was successful tested on debian lenny 5.0.3

I describe how to use multiple physical network cards associated to different bridges and Virtual VE (guests). By default Xen uses ony one bridge and physical NIC -> eth0

First step is to create a script that will create the bridges for your physical NICs.

/etc/xen/scripts/your-script

– eth0 is used for the Xen Dom0
– eth1 is used for VE1
– eth2 is used for VE2

1
2
3
4
5

#!/bin/sh
NETBR="/etc/xen/scripts/network-bridge"
$NETBR start bridge="eth1_br" vifnum=1 netdev="eth1"
$NETBR start bridge="eth2_br" vifnum=2 netdev="eth2"
exit 0

Don’t forget to make it executable! chmod +x your-script

This script will be called from
/etc/xen/xend-config.sxp

put this line to it:

1

(network-script your-script)

and remove or comment this out:

1
2

(vif-script vif-bridge)
(network-script network-dummy)

then you can configure the bridge for your VE (virtual-guest)
open your config /etc/xen/node1.cfg

and remove the standard bridge: vif = [ ‘ip=192.168.1.101,mac=00:16:3E:71:0B:18’ ]
add your new bridge: vif=[‘bridge=eth1_br’]

No routing configuration is needed! fellow

With following commands you can check your bridging configuration:
brctl show

Check the routing information
netstat -arn

Q: WHY is it interesting to use this kind of configuration?
A: The traffic cannot be sniffed by Dom0, DomN or Dom2

Some reasons:
1. If you get some problems with your primary NIC eth0 your xen dom0 will not be available but your guests are still alive and can communicate

2.If somebody hack your Xen Dom0 nobody can sniff ALL traffic of the VE’s, Guests

It is possible that this configuration will not work with older xen versions, your-script must be edited wassat

Have you any questions, please do not hesitate to contact me fellow