Subject: Re: Xen and VLANs
To: Johan Ihren <johani@autonomica.se>
From: Manuel Bouyer <bouyer@antioche.eu.org>
List: port-xen
Date: 01/06/2006 17:43:05
On Fri, Jan 06, 2006 at 12:39:22PM +0100, Johan Ihren wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Manuel,
>
> >>Any ideas anyone?
> >
> >I tried this too, and this doesn't work. The problem is with the way
> >bridge and vlan works, once you have a brige packets will never be
> >passed to the vlan interfaces (or the opposite, I don't remember).
> >
> >My workaround was to bridge the N vlan interface in dom0 (creating N
> >xennet interface for each domU) instead of bridging the physical
> >interface
> >and creating the vlans in each domU
>
> Ho hum. I see.
>
> I understand your workaround, but unfortunately it doesn't work for
> me because I actually need the physical interface to be bridged
> because that's the way I arrange remote login access to students
> (located at various desktops outside without any VLANs). Yes, I know
> it's messy to mix both tagged and untagged traffic over the same
> infrastructure, but that's the only solution I found.
>
> Another alternative (vastly preferred from my POV) was if there was
> any way to connect to the domUs from the dom0 without involving the
> physical interface at all. I.e. if the dom0 also had one (or several)
> "virtual" xennetN, then everything would work out just fine with a
> cleaner design than both your workaround and my (non-functional)
> attempt.
>
> Would it be possible to add that?
Yes, of course. When you have a xennetN in a virtual domain, there is
a corresponding interface in dom0 named xvifX.N, where X is the domain's
number. You can then route or bridge these interfaces, leaving the physical
interface out of the setup
--
Manuel Bouyer <bouyer@antioche.eu.org>
NetBSD: 26 ans d'experience feront toujours la difference
--