[CentOS-virt] Xen List
Joseph L. Casale
jcasale at ActiveNetwerx.com
Thu Apr 17 19:18:08 UTC 2008
>What's your pciback/bridging issue(s) maybe I can help.
I would be more grateful then you can imagine:) As far as the pci stuff goes I have to get home and dig my notes out (based on your help from before), likely you'll spot my blunder once I iterate all I have done.
As far as the bonding issue goes, I am stuck on the following scenario:
I have two physical nics. I want the first setup like it would by default when using Xen3.2, it creates a bridge "eth0" and gets renamed to peth0 (That's good). I connect all my guests "Lan" nic to the vifs associated to this bridge.
I want the other nic to be in a bridge, but not have any ip or connectivity outside the bridge especially to the host. It will plug into a DSL modem and a vif associated to this bridge will be the red interface on a Linux firewall (Lab only environment). My custom bridge script is as follows:
"$dir/network-bridge" "$@" vifnum=0 netdev=eth0 bridge=eth0
"$dir/network-bridge" "$@" vifnum=1 netdev=eth1 bridge=eth1
"$dir/network-bridge" "$@" vifnum=2 netdev=dummy0 bridge=eth3 #Test lan
This is working, but how do I make sure the isolation is as I expect? Give the nic (eth1) an IP of 0.0.0.0? Is that very secure? I had an ip for testing although the nic wasn't plugged into a switch, when I did an ifconfig I didn't see the eth1/peth1 untill I did an ifconfig -a? Was that because of the media sense? Also, dummy0 is just a test lan for isolation so hosts can only see themselves. How could I also make sure packets never see the host?
(Now to find another Linux firewall appliance as I was using pfSense and it doesnt play nice with Xen)
More information about the CentOS-virt