Port-xen archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Routed setup and ARP issues



On Wed, 17 Jun 2009 11:24:31 +1000
Sarton O'Brien <bsd-xen%roguewrt.org@localhost> wrote:

> On 16/06/2009 2:59 PM, Christian Lerrahn wrote:
> > The second problem is how I make sure that the MAC addresses of the
> > virtual servers never make it onto the physical network. In other
> > words, I would like them to be able to communicate internally based
> > on their MAC addresses while at the same time all outgoing traffic
> > pretends that the physical device has all the IP addresses directly
> > assigned to it.
> 
> MAC addresses _typically_ don't traverse network segments unless
> there's a bridge. With a _typical_ routed setup you'll be forwarding
> via dom0 so the only MAC address hitting the physical network will be
> that of dom0.

Ok. That was what I was wondering about. My main IP address is on a
different network segment than the ones I will use on the virtual
servers, so it should all be good. I was just unsure about how far MAC
addresses travel exactly.

> If you are unable to obtain a portion of the IPs available on the 
> physical network (subnet or proxy arp) or your own private range 
> (depending on what this setup is), I'd say NAT would be the easiest 
> (only?) option but obviously useless for hosting services on the same 
> port for multiple domU.
> 
> In any case other than NAT or proxy arp, your ISP will need to
> configure their gateway router with a route to your subnet. Some ISPs
> can be a PITA WRT a setup like this. Proxy arp may be the only viable
> option. As to how this is done on NetBSD, I'm not sure. Maybe
> something like 'arp -s hostname ether_addr pub proxy' would be
> sufficient ... I don't know. Aliasing shouldn't be required ... I
> don't believe ... but also not sure. It seems to me that aliasing
> would prevent the packets from traversing.

NAT is not an option for me. As you sa yourself, it would restrict me
quite a bit. I will therefore need to figure out the ARP proxy and get
a routed setup to work.

Cheers,
Christian


Home | Main Index | Thread Index | Old Index