Subject: Re: Xen and VLANs
To: Johan Ihren <>
From: Manuel Bouyer <>
List: port-xen
Date: 01/06/2006 17:43:05
On Fri, Jan 06, 2006 at 12:39:22PM +0100, Johan Ihren wrote:
> Hash: SHA1
> Hi Manuel,
> >>Any ideas anyone?
> >
> >I tried this too, and this doesn't work. The problem is with the way
> >bridge and vlan works, once you have a brige packets will never be
> >passed to the vlan interfaces (or the opposite, I don't remember).
> >
> >My workaround was to bridge the N vlan interface in dom0 (creating N
> >xennet interface for each domU) instead of bridging the physical  
> >interface
> >and creating the vlans in each domU
> Ho hum. I see.
> I understand your workaround, but unfortunately it doesn't work for  
> me because I actually need the physical interface to be bridged  
> because that's the way I arrange remote login access to students  
> (located at various desktops outside without any VLANs). Yes, I know  
> it's messy to mix both tagged and untagged traffic over the same  
> infrastructure, but that's the only solution I found.
> Another alternative (vastly preferred from my POV) was if there was  
> any way to connect to the domUs from the dom0 without involving the  
> physical interface at all. I.e. if the dom0 also had one (or several)  
> "virtual" xennetN, then everything would work out just fine with a  
> cleaner design than both your workaround and my (non-functional)  
> attempt.
> Would it be possible to add that?

Yes, of course. When you have a xennetN in a virtual domain, there is
a corresponding interface in dom0 named xvifX.N, where X is the domain's
number. You can then route or bridge these interfaces, leaving the physical
interface out of the setup

Manuel Bouyer <>
     NetBSD: 26 ans d'experience feront toujours la difference