On 05/10/2010 11:03 PM, Jussi Hirvi wrote:
On 10.5.2010 15.48, Les Mikesell wrote:
How do you handle the default route on the 'connect to both' guests? Normally you only want one default gateway and it should be the same one where the connections are coming in. Otherwise you have to do some very tricky things to make return packets go back the same path they came in, although asymmetrical routes are supposed to work if you don't have NAT or stateful firewalls in the way.
On that dual-network xen-guest, I don't handle the routing in any special way. Now only one nw connection works (because of these routing problems), but if they would both work, packets still might leave from only one interface (default route). I don't see why this would be a problem, though, even if it may not be very elegant.
Here is "ip route show" from that host:
62.236.221.64/28 dev eth0 proto kernel scope link src 62.236.221.71 62.220.237.96/27 dev eth1 proto kernel scope link src 62.220.237.111 169.254.0.0/16 dev eth1 scope link default via 62.220.237.126 dev eth1
You've also got two bridges (xenbr0 and xenbr1) and you've enslaved eth0 to the first and eth1 to the second. From your ifconfig output, none of you're bridges or virtual interfaces seem to have IP addresses or networks. Okay, its early in the morning and I had a few beers while watching the footy last night, so I could be completely wrong here, but I'm not entirely sure your routing table is having any direct impact on the network flows at all. My guess is traffic from guests on network A is going straight out eth0 to whatever switch it is connected to and not touching your xen-host routing table at all; likewise traffic from guest on network B and eth1 (other list readers feel free to correct me here).
I have to shower and head off to work but the shorewall documentation about bridging and routers might help clear things up:
http://shorewall.net/Documentation.html
and specifically
http://shorewall.net/bridge-Shorewall-perl.html
Hope this helps,
Kal