Port-xen archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Routed setup and ARP issues



On Tue, 16 Jun 2009 14:59:56 +1000
Christian Lerrahn <lists%penpal4u.net@localhost> wrote:

> Hi,
> I'm trying to setup a routed configuration of XEN. My ISP does not let
> me use bridged setups and bans the use of MAC addresses other than the
> one of the physical interface on the network.
> 
> There are 2 problems I have. One is that on Linux you need to use the
> kernel's arp_proxy which I don't think the NetBSD kernel has on board.
> Therefore I assume I need to set up a userland ARP proxy for the
> routed setup to work. Am I right?

See the 'proxy' option on arp(8) -- does that do what you want?
> 
> The second problem is how I make sure that the MAC addresses of the
> virtual servers never make it onto the physical network. In other
> words, I would like them to be able to communicate internally based on
> their MAC addresses while at the same time all outgoing traffic
> pretends that the physical device has all the IP addresses directly
> assigned to it.
> 
> I'm wondering if this requirement actually means that my physical
> network interface needs to have all used IP addresses as aliases.
> However, while I could still route that, it seems like a bit of a
> messy setup.
> 
> Has anyone ever set this up? Is there maybe a howto that I missed in
> my web searches?
> 
Can you get a subnet from your ISP?  If so, assign the domUs addresses
on it and enable forwarding on the dom0.  No ARP games will be needed.
Second, depending on your needs, you could NAT the domUs' addresses.


                --Steve Bellovin, http://www.cs.columbia.edu/~smb


Home | Main Index | Thread Index | Old Index