From mboxrd@z Thu Jan  1 00:00:00 1970
From: Mike Wray <mike.wray@hpl.hp.com>
Subject: Re: creating a xen-local LAN - how?  heeeeellp!
Date: Mon, 29 Nov 2004 12:32:20 +0000
Message-ID: <41AB16D4.9000500@hpl.hp.com>
References: <20041128140754.GY9261@lkcl.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-admin@lists.sourceforge.net>
In-Reply-To: <20041128140754.GY9261@lkcl.net>
Sender: xen-devel-admin@lists.sourceforge.net
Errors-To: xen-devel-admin@lists.sourceforge.net
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.sourceforge.net>
List-Help: <mailto:xen-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.sourceforge.net?subject=subscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum=xen-devel>
To: Luke Kenneth Casson Leighton <lkcl@lkcl.net>
Cc: xen-devel@lists.sourceforge.net
List-Id: xen-devel@lists.xenproject.org

Luke Kenneth Casson Leighton wrote:
> hi there,
> 
> okay, i so somehow don't get this i am in need of quite a lot of help,
> but fortunately i'm quite bright so anyone who _can_ help me should only
> have to say things once :)
> 
> i'm looking to set up a network-isolated set of xen guests.
> 
> one or more of the xen guests will be running things like http
> and https clients and so what i would like to do is to run an
> HTTP and other proxies on the xen master.
> 
> the proxies i aim to bind to the xen interface on the xen
> master, such that they will listen out for incoming requests
> from the xen guest virtual eth0 cards, and the proxies will
> be able to happily make outgoing connections on the _real_ eth0.
> 
> i don't want to create an eth0:1 unless it's absolutely necessary.
> 
> i dunno - how about i create a lo1 and get the xen-br0 to bind to that?
> 
> would that do the trick?
> 
> any hints and advice much appreciated.

You might find the vnet stuff recently checked-in to 2.0-testing
useful. Vnets provide virtual private lan segments to xen virtual
machines. From the point of view of a domain everything looks normal -
but in dom0 its traffic is wrapped inside a multipoint tunnel so it
cannot get at the real network - only its virtual private lan. This
works with domains on more than one machine.

It's pretty easy to set up, and if you want a machine to have
access to the physical network as well you just configure it
with 2 interfaces, one of them not on a vnet.

The code lives in tools/vnet, with instructions in tools/vnet/doc.

Mike


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/