Re: [CentOS-virt] Can I bridge a bonded and vlan tagged interface directly to a guest?
- "David Knierim" wrote: > Is there a way to set up the network on the dom0 so my domU's see a > single interface with tagged VLAN support?? I haven't tried, but does just passing the bond interface through to the guest and setting up the VLANs in the guest work? VLANs are just tagged frames, so it should work if nothing else is getting in the way. (I don't think you would want to do this if you consider the security implications, though.) -- Christopher G. Stach II ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS-virt] Can I bridge a bonded and vlan tagged interface directly to a guest?
- "David Knierim" wrote: > Coert, > To set up the networking, I basically used the following document: > http://et.redhat.com/~jmh/docs/Xen_networking.pdf > > In this document, there is a reference to a different script for xen > to use to configure the networks. This script works, but I made two > modifications: > 1) tweaked script so you could have an IP address on bond0 (untagged > traffic) and make that network accessible to the guests > 2) added code so the networks could be configured with a configuration > file rather than editing the script > > This is what the /etc/xen/net_bond.cfg file looks like: > # This file shows the mapping between the server interface, xen bridge > and virtual interface. The current code requires all three to be > specified. > # bonded interface xen bridge name vif name > bond0.3 xenbr0 vif0.0 > bond0.2 xenbr1 vif1.0 > bond0.4 xenbr2 vif2.0 > bond0.7 xenbr3 vif3.0 > bond0.5 xenbr4 vif4.0 > bond0.6 xenbr5 vif5.0 > bond0 xenbr6 vif6.0 If your setup is relatively static, you can just use the bridging and bonding support that's already in the Red Hat init scripts and just refer to these bridges in your domU configs. /etc/sysconfig/network-scripts/ifcfg-eth0: DEVICE=eth0 BOOTPROTO=none HWADDR=... ONBOOT=yes TYPE=Ethernet MASTER=bond0 SLAVE=yes USERCTL=no /etc/sysconfig/network-scripts/ifcfg-bond0: DEVICE=bond0 BOOTPROTO=none ONBOOT=yes USERCTL=no /etc/sysconfig/network-scripts/ifcfg-bond0.10: DEVICE=bond0.10 BOOTPROTO=none ONBOOT=yes USERCTL=no VLAN=yes BRIDGE=br10 /etc/sysconfig/network-scripts/ifcfg-br10: DEVICE=br10 TYPE=Bridge BOOTPROTO=none ONBOOT=yes DELAY=0 STP=on -- Christopher G. Stach II ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS-virt] Can I bridge a bonded and vlan tagged interface directly to a guest?
Coert,
To set up the networking, I basically used the following document:
http://et.redhat.com/~jmh/docs/Xen_networking.pdf
In this document, there is a reference to a different script for xen to use
to configure the networks. This script works, but I made two
modifications:
1) tweaked script so you could have an IP address on bond0 (untagged
traffic) and make that network accessible to the guests
2) added code so the networks could be configured with a configuration file
rather than editing the script
This is what the /etc/xen/net_bond.cfg file looks like:
# This file shows the mapping between the server interface, xen bridge and
virtual interface. The current code requires all three to be specified.
# bonded interface xen bridge name vif name
bond0.3 xenbr0 vif0.0
bond0.2 xenbr1 vif1.0
bond0.4 xenbr2 vif2.0
bond0.7 xenbr3 vif3.0
bond0.5 xenbr4 vif4.0
bond0.6 xenbr5 vif5.0
bond0 xenbr6 vif6.0
This is what that script looks like now:
#!/bin/sh
# Usage: transfer_addrs src dst
# Copy all IP addresses (including aliases) from device $src to device $dst.
transfer_addrs () {
local src=$1
local dst=$2
# Don't bother if $dst already has IP addresses.
if ip addr show dev ${dst} | egrep -q '^ *inet ' ; then
return
fi
# Address lines start with 'inet' and have the device in them.
# Replace 'inet' with 'ip addr add' and change the device name $src
# to 'dev $src'.
ip addr show dev ${src} | egrep '^ *inet ' | sed -e "
s/inet/ip addr add/
s...@\([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+/[0-9]\+\)@\1@
s/${src}/dev ${dst}/
" | sh -e
# Remove automatic routes on destination device
ip route list | sed -ne "
/dev ${dst}\( \|$\)/ {
s/^/ip route del /
p
}" | sh -e
}
# Usage: transfer_routes src dst
# Get all IP routes to device $src, delete them, and
# add the same routes to device $dst.
# The original routes have to be deleted, otherwise adding them
# for $dst fails (duplicate routes).
transfer_routes () {
local src=$1
local dst=$2
# List all routes and grep the ones with $src in.
# Stick 'ip route del' on the front to delete.
# Change $src to $dst and use 'ip route add' to add.
ip route list | sed -ne "
/dev ${src}\( \|$\)/ {
h
s/^/ip route del /
P
g
s/${src}/${dst}/
s/^/ip route add /
P
d
}" | sh -e
}
# Usage: create_bridge bridge
create_bridge () {
local bridge=$1
# Don't create the bridge if it already exists.
if ! brctl show | grep -q ${bridge} ; then
brctl addbr ${bridge}
brctl stp ${bridge} off
brctl setfd ${bridge} 0
fi
ip link set ${bridge} up
}
# Usage: add_to_bridge bridge dev
add_to_bridge () {
local bridge=$1
local dev=$2
# Don't add $dev to $bridge if it's already on a bridge.
if ! brctl show | grep -q ${dev}$ ; then
brctl addif ${bridge} ${dev}
fi
}
# Usage: show_status dev bridge
# Print ifconfig and routes.
show_status () {
local dev=$1
local bridge=$2
echo ''
ip addr show ${dev}
ip addr show ${bridge}
echo ' '
brctl show ${bridge}
echo ' '
ip route list
echo ' '
route -n
echo ''
}
op_start () {
if [ -f /etc/xen/net_bond.cfg ] ; then
grep ^bond /etc/xen/net_bond.cfg | while read bond bridge vif
do
create_bridge $bridge
add_to_bridge $bridge $vif
add_to_bridge2 $bridge $bond
transfer_addrs $bond $bridge
transfer_routes $bond $bridge
done
fi
}
op_stop () {
if [ -f /etc/xen/net_bond.cfg ] ; then
grep ^bond /etc/xen/net_bond.cfg | while read bond bridge vif
do
transfer_routes $bridge $bond
ip link set $bridge down
brctl delbr $bridge
done
fi
}
# adds $dev to $bridge but waits for $dev to be in running state first
add_to_bridge2() {
local bridge=$1
local dev=$2
local maxtries=10
echo -n "Waiting for ${dev} to negotiate link."
for i in `seq ${maxtries}` ; do
if ifconfig ${dev} | grep -q RUNNING ; then
break
else
echo -n '.'
sleep 1
fi
done
if [ ${i} -eq ${maxtries} ] ; then echo '(link isnt in running state)' ;
fi
add_to_bridge ${bridge} ${dev}
}
case "${1}" in
start)
op_start
;;
stop)
op_stop
;;
status)
show_status ${netdev} ${bridge}
;;
*)
echo "Unknown command: ${1}" >&2
echo 'Valid commands are: start, stop, status' >&2
exit 1
esac
D
Re: [CentOS-virt] Can I bridge a bonded and vlan tagged interface directly to a guest?
On Fri, 2009-07-31 at 11:08 -0400, David Knierim wrote: > I am running CentOS 5.3 x86_64 as my dom0 and CentOS 5.3 on my domU's. > On the dom0, I have two interfaces that are bonded and have tagged > VLANs. I can get the networks to the domU's by creating a bridge for > each of the VLANS (bond0.3, bond0.4, etc). On the domU, the > interfaces show up as eth0, eth1, etc. > > Is there a way to set up the network on the dom0 so my domU's see a > single interface with tagged VLAN support?? > > Thanks! >David > ___ > CentOS-virt mailing list > CentOS-virt@centos.org > http://lists.centos.org/mailman/listinfo/centos-virt Hello David, Sorry this is not an answer to your question, but how did you set up the bonds with xen? I tried doing the same, and did not win Regards, Coert ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
[CentOS-virt] Can I bridge a bonded and vlan tagged interface directly to a guest?
I am running CentOS 5.3 x86_64 as my dom0 and CentOS 5.3 on my domU's. On the dom0, I have two interfaces that are bonded and have tagged VLANs. I can get the networks to the domU's by creating a bridge for each of the VLANS (bond0.3, bond0.4, etc). On the domU, the interfaces show up as eth0, eth1, etc. Is there a way to set up the network on the dom0 so my domU's see a single interface with tagged VLAN support?? Thanks! David ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
