Re: Setting routes for routed setup

To: Christian Lerrahn <lists%penpal4u.net@localhost>
Subject: Re: Setting routes for routed setup
From: Manuel Bouyer <bouyer%antioche.eu.org@localhost>
Date: Fri, 14 Aug 2009 12:47:47 +0200

On Fri, Aug 14, 2009 at 03:54:06PM +1000, Christian Lerrahn wrote:
> > > I'm still trying to get a routed setup to work (the data centre
> > > infrastructure does not let me do bridged). The problem I currently
> > > have is that I'm unsure how to set up the routes. The Linux scripts
> > > would set up routes like
> > > 
> > > ip route add 1.2.3.4 dev xvif1.0 src 9.8.7.6
> > > 
> > > where 1.2.3.4 is the address of the domU and 9.8.7.6 the address of
> > > the dom0. On Linux the dom0 would sit in a netmask 255.255.255.255
> > > and have the main IP address assigned to both the physical
> > > interface and xvif1.0. Then the host routes between the physical
> > > interface and xvif1.0 make sense. Should this be done on NetBSD,
> > > too? Or is there a better way of handling this?
> > 
> > This is a strange setup. It looks like linux uses the xvif interface
> > like a point to point interface, while it emulates an ethernet one.
> >
> > I'm not sure how this would work on NetBSD. A better way would
> > probably to have all the domUs in the same netmask, and assing the
> > dom0 one IP address in this netmask on a virtual interface (e.g. a
> > tap0 created for this purpose), distinct from the IP/netmask of the
> > hardware interface. Then you bridge all the domUs and tap0 in the
> > same ethernet domain, and route between tap0 and the hardware
> > interface.
> 
> I've been thinking about this and I do agree with you. This setup is
> rather strange. However, there is an advantage to it, that I actually
> like. If you use a bridge behind an internal route (as with the tap0
> device), all traffic to a virtual machines is visible to all other
> virtual machines. Now, you could use more than one bridge but then you
> end up with host routes again as with the setup used on Linux.
> 
> While the setup is really messy on Linux, it seems the only way of
> achieving a full separation between the VMs. Every machine only
> receives only the traffic intended for it. That is in fact a very neat
> feature that I would love to have.

Or you can filter on the bridge.

>  
> > Other setups involving ipf/ipnat are probably possible, but that would
> > require some experiments.
> 
> I don't want to use NAT because for one I have enough IP addresses to
> not need it and I might run the same service on more than one VM.

You put all the public IPs on the dom0, and bimap each IP to a domU.

You may also be able to build a setup similar to linux using ipf's
to or dup-to features.

-- 
Manuel Bouyer <bouyer%antioche.eu.org@localhost>
     NetBSD: 26 ans d'experience feront toujours la difference
--

References:
- Setting routes for routed setup
  - From: Christian Lerrahn
- Re: Setting routes for routed setup
  - From: Manuel Bouyer
- Re: Setting routes for routed setup
  - From: Christian Lerrahn

Prev by Date: Re: Disconnect domU console from Terminal (OSX) ? (SOLVED)
Next by Date: SSE2
Previous by Thread: Re: Setting routes for routed setup
Next by Thread: Disconnect domU console from Terminal (OSX) ?
Indexes:

Home | Main Index | Thread Index | Old Index