[CentOS-virt] Xen networking - pulling out my hair

Tue Apr 29 13:01:05 UTC 2008
Kai Schaetzl <maillists at conactive.com>

Ken Bass wrote on Mon, 28 Apr 2008 20:55:13 -0400:

> Hmm. I dont have a separate gateway in that net. 192.168.144.5 is the
> gateway for everything. But each of my ip addresses are actual real DNS
> entries so packets originating from them should come from them.

Ok, public routable addresses. I'm not a network expert, but I don't see 
how these public addresses can be used if the gateway doesn't have an IP 
number from each of those subnets. No matter if physical machines or 
virtual machines are involved.

(I used
> 192.168 as a private example, but my actual addresses are real). And
> shouldn't the installer just setup a default route to the dom0 that is
> installing via its eth0?

No, you do not need a route there at all. Your Dom0 doesn't even need to 
have an IP number and your Dom0 and DomU's don't need to have IP numbers 
from the same net. In this regard DomU's are very much like independant 
physical PCs. At least if you use the standard bridging that comes with 
Xen.

> Also my ip ranges, being
> real, are very limited so I don't have a 'pool' of ip addresses to
> create dummy gateways on each subnet.

AFAIK, your peripheral router needs one IP number from each subnet (or you 
need to have some other device play that role in your network and route to 
the router, whatever you do, it won't spare you an IP number). If you have 
the impression that you need an additional IP number from that subnet on 
the Dom0 for routing to/from the DomU and you do not want to "waste" that 
IP - that is not the case! (with bridging at least - if you do routing, I 
assume you may need that, so, with routed networking you actually need 
more IP numbers, I guess).

I think if your question actually revolves around "how to use as few IP 
addresses as necessary and have them all publically routed" this is 
actually not xen/vm-related at all, so you may get more answers on the 
main centos list. And, *do* you need to have all these machines in public 
subnets? For instance, I also have a public subnet for my office here and 
I've been using that for several years, all machines had public addresses. 
Recently, I wanted to free up some net space for new machines that need to 
be public. So, I moved all the workstations that need to have internet 
access, but not serve anything to a private subnet and added NAT routing 
on the gateway. Some PCs are now on the public subnet and some are 
private, and all have internet access over the same router.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com