Xen – Configuring Bridge and Multiple IPs on CentOS

bridgecentosroutingxen

There's a new server that is assigned 5 IP addresses. I want to use Xen to run several VMs with various services.

This is my first attempt to install Xen, I use this tutorial as a guideline. Stuck in the very beginning: they talk about replacing a single ip on an eth0 with a bridge br0. My server has 5: eth1 and 4 aliases eth1:1 .. eth1:4.

How should the network config look like?

bridge that replaces eth1 completely, and then 4 aliases added to the bridge?
bridge can only replace a single IP out of the 5?

Pardon my lame questions, first time in this forest.

Best Answer

1 advice with xen, if you decide to use classic bridge (vs ovs), set it manually as the scripts didn't get it right for me at first (with the single nic being locked out)

something like this should get bridging to work:

auto lo br0
iface lo inet loopback

iface br0 inet static
        address 192.168.128.7
        netmask 255.255.255.128
        network 192.168.128.0
        broadcast 192.168.128.127
        gateway 192.168.128.126
        dns-nameservers 172.16.2.200
        bridge_ports eth1
        bridge_stp off
        bridge_fd 0
        #bridge_hello 2
        #bridge_maxage 12

iface eth1 inet manual

Now on every guest os you will get an 'eth0' interface (rfr. bridge_fd=0), if you assign a ip address to that interface, it will be on the br0 bridge and will be able to do everything like the host can, given the fact that nothing is blocking it (netfilter etc)

for completeness sake, then you edit /etc/sysctl.conf (assuming debian here,sry) and set this as it might be needed for your network

net.ipv4.conf.eth1.proxy_arp = 1
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0

and do sysctl -p to commit them. This disables netfilter from intervening on the bridge. Alternatively you could use iptables to do this too. from top of my head, something like this (they might not all be needed), but since I don't use these, it's just to give an idea:

iptables -I FORWARD -m physdev --physdev-is-bridged -j ACCEPT
iptables -I FORWARD -m physdev --physdev-in vif1.0 -j ACCEPT

That vif1.0 (or perhaps named a bit different) interface will be shown once your guest os is started, you can check the network on the host with the classic tools (ip, ifconfig etc).

Related Solutions

No network on domU in network-bridge configuration for Xen-4.0

Is "MAC based" security activated by your network department? This sounds to me as if only the first outgoing MAC on the physical line is being accepted.

Bridge does not forwarding packets centos

First of all if you are using VirtualBox to host the XEN server please ensure to use Ethernet not Wireless network and set Promiscuous Mode to "Allow All".

Secondly just to make everything clean, let's start with clean installation of CentOS with XEN and install the Bridge Network and CentOS VM on it.

Assuming you have external server 192.168.1.6 with CentOS ISO extracted on /var/www/html/centos/6.3/os/i386/ and kickstart file on /var/www/html/centos/6.3/os/i386/ks.cfg and /var/www/html/centos/6.3/os/i386/repodata with correct names match names in repodata/TRANS.TBL file

On the XEN server (CentOS+XEN) install the following packages:

yum install -y rsync wget vim-enhanced openssh-clients
yum install -y libvirt python-virtinst libvirt-daemon-xen
yum install -y bridge-utils tunctl

Then edit ifcfg-* file to create the bridge

echo "DEVICE=br0
TYPE=Bridge
BOOTPROTO=dhcp
ONBOOT=yes" > /etc/sysconfig/network-scripts/ifcfg-br0

echo "DEVICE=eth0
HWADDR=XX:XX:XX:XX:XX:XX
ONBOOT=yes
TYPE=Ethernet
IPV6INIT=no
USERCTL=no
BRIDGE=br0" >  /etc/sysconfig/network-scripts/ifcfg-eth0

edit HWADDR=XX:XX:XX:XX:XX:XX line to match your MAC address. Don't reboot on ssh console, use VBox console

reboot

after reboot, assuming you have DHCP server the XEN server will got a new IP, login via VBox console to get the new IP

ifconfig result should be similar to

br0       Link encap:Ethernet  HWaddr 08:00:27:23:54:69  
          inet addr:192.168.1.105  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fe23:5469/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:5063 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3142 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:34251267 (32.6 MiB)  TX bytes:361205 (352.7 KiB)

eth0      Link encap:Ethernet  HWaddr 08:00:27:23:54:69  
          inet6 addr: fe80::a00:27ff:fe23:5469/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:149910 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5045 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:182020057 (173.5 MiB)  TX bytes:493792 (482.2 KiB)

Now the bridge is ready you can use the IP of br0 to get ssh console again

To create a virtual machine on XEN which use previous bridge:

cd /var/lib/xen/images/

Create virtual disk:

dd if=/dev/zero of=centos_1.img bs=4K count=0 seek=1024K
qemu-img create -f raw centos_1.img 8G

Then use virt-install to create the VM:

virt-install -d -n TestVM1 -r 512 --vcpus=1 \
--bridge=br0 --disk /var/lib/xen/images/centos_1.img \
--nographics -p -l "http://192.168.1.6/centos/6.3/os/i386" \
--extra-args="text console=com1 utf8 console=hvc0 ks=http://192.168.1.6/centos/6.3/os/i386/ks.cfg"

Now the VM should start and be able to get IP from the DHCP server normally and able to complete unattended remote installation.

The ifconfig result on XEN should be similar to:

br0       Link encap:Ethernet  HWaddr 08:00:27:23:54:69  
          inet addr:192.168.1.105  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fe23:5469/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:10247 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8090 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:102264338 (97.5 MiB)  TX bytes:827859 (808.4 KiB)

eth0      Link encap:Ethernet  HWaddr 08:00:27:23:54:69  
          inet6 addr: fe80::a00:27ff:fe23:5469/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:998780 errors:0 dropped:0 overruns:0 frame:0
          TX packets:37992 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:724701715 (691.1 MiB)  TX bytes:2897912 (2.7 MiB)


vif5.0    Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF  
          inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:37 errors:0 dropped:0 overruns:0 frame:0
          TX packets:67 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:32 
          RX bytes:4381 (4.2 KiB)  TX bytes:9842 (9.6 KiB)

After the installation complete you can use xen console to get the IP of it, then you can have ssh console on it.

Best Answer

Related Solutions

No network on domU in network-bridge configuration for Xen-4.0

Bridge does not forwarding packets centos

Related Question