Subject: Re: xen2 and VLANs (again)
To: Chris Brookes <>
From: Manuel Bouyer <>
List: port-xen
Date: 12/11/2007 13:44:46
On Mon, Dec 10, 2007 at 11:08:27PM -0600, Chris Brookes wrote:
> I have done some searching and I've read a couple of threads on VLANs
> with Xen  but I'm still not sure I can do what I want to do.
> Here's what I have now:
> DOM0:
> bridge0: vr0 interface,xvif1.1,xvif2.1,xvif3.1 (private net dom-u)
> bridge1: vr1 interface, xvif4.1, xvif5.1, xbif6.1 (public net dom-u)
> I was wanting to have my DOM0 run another dom-u for a third network I
> have. Initially I thought  I'd just attach another NIC, make a third
> bridge, and follow the same scheme as above. But then I realized I'd
> have to BUY another NIC. My vr0 and vr1 are cabled to unique vlans on
> the same physical switch, and my switch supports 802.1Q. Seems like I
> should be making use of this now. Is it as simple as this:
> DOM0:
> vr0 - vlan0 interface
> vr0 - vlan1 interface
> vr0 - vlan2 interface
> bridge0: vlan0, xvif1.1,xvif2.1,xvif3.1
> bridge1: vlan1, xvif4.1, xvif5.1, xbif6.1
> bridge2: vlan2, xvif7.1

Yes, it's the way to go
> I need dom-0 to be reachable by IP from vlan0, but I dont need or want
> dom-0 to be reachable from vlan1 or vlan2. I will need all dom-u's to
> be able to reach each other, and assuming layer 3 permits, should
> there be an issue? I thought I read that I couldn't have a vlan
> interface in a bridge, but maybe I read it wrong.

vlans in bridges works fine; I've several servers setup this way. One of
them has more than 25 vlans, all connected to differents domUs

> Regarding MTU, I didn't seem vr listed in vlan(4) as supporting the
> increased size for 1q frames. If it's not a simple patch (I saw one
> for OpenBSD) where would I be adjusting the MTU, on the Dom-U xennet
> configurations?

The hardware has to accept and pass frames larger than the ethernet MTU
to the software. Not all hardware allow this (on some, the MTU is hardwired
and can't be changed by software).

From a quick look at current, it looks like the MTU is hardwired in
the vr(4) driver. But if you have a patch from openbsd, it shouldn't
be hard to get it working.

Manuel Bouyer, LIP6, Universite Paris VI. 
     NetBSD: 26 ans d'experience feront toujours la difference