Jussi Hirvi wrote:
On 11.5.2010 3.40, Gordon Messmer wrote:
Routing policy is definitely required for a multi-homed system such as Jussi presented, but NAT is totally superfluous. It adds an extra layer of complexity that makes the system more difficult to diagnose and configure, and contributes nothing of value in return.
Funny, this morning I came to the same conclusion after some googling. A xen box with two bridges should be considered normal, and it should not break anything inside or outside the box.
There are good instructions on the net for installing 2 virtual bridges on a xen box. But I have found no mention of this specific dual-bridge problem I have: that ip traffic goes in ok through any physical nic to the dom0 or domUs, but all replies are routed to only one nic (the default gateway). (I verified this with tcpdump.)
That's not xen or bridge related. Unless you do policy-based routing, packets always follow the destination route regardless of where the input was received. That's a feature, not a bug.