The Perfect Xen 3.1.0 Setup For Debian Etch (i386) - Page 4

4.3 Create A Virtual Local Network From The Virtual Machines (Optional)

(This chapter is optional.)

In this chapter I want to create a virtual network with my virtual machines, i.e. a network that is different from the network of dom0.

You can find a drawing of what I want to do here: http://wiki.xensource.com/xenwiki/XenNetworkingUsecase#head-7f23d0f2248cb0c70458f9339b4405e2b1bfc271

I did the same with Xen 2.0.7 here: http://www.howtoforge.com/perfect_xen_setup_debian_ubuntu_p6. However, the way to achieve this with Xen 3 has changed completely. Xen 3 configures all the firewall rules, gateways, etc. automatically. Furthermore, we don't need any dummy network interface anymore for our virtual network. It is important to know that Xen 3 assigns gateways from the 10.x.x.x net to our virtual machines, so it is a good idea to also assign IP addresses from the 10.x.x.x net to our virtual machines. If you give them IP addresses from the 192.168.3.x net (as we did with Xen 2.0.7 on http://www.howtoforge.com/perfect_xen_setup_debian_ubuntu_p6), then your virtual machines will have no access to the internet.

So we will give xen1.example.com the IP address 10.0.0.1 and xen2.example.com the IP address 10.0.0.2.

First we edit /etc/xen/xend-config.sxp and disable bridging and enable NAT (network address translation) instead:

vi /etc/xen/xend-config.sxp

[...]

#(network-script network-bridge)
#(vif-script vif-bridge)

(network-script network-nat)
(vif-script vif-nat)

[...]

Then we change the IP address in the configuration files of xen1.example.com and xen2.example.com:

vi /etc/xen/xen1.example.com.cfg

#
#  Configuration file for the Xen instance xen1.example.com, created on
# Mon May 28 20:53:05 2007.
#


#
#  Kernel + memory size
#
kernel  = '/boot/vmlinuz-2.6.18-xen'

memory  = '32'


#
#  Disk device(s).
#
root    = '/dev/hda1 ro'

disk    = [ 'file:/vserver/domains/xen1.example.com/disk.img,hda1,w', 'file:/vserver/domains/xen1.example.com/swap.img,hda2,w' ]

#
#  Hostname
#
name    = 'xen1.example.com'


#
#  Networking
#
vif  = [ 'ip=10.0.0.1' ]

#
#  Behaviour
#
on_poweroff = 'destroy'
on_reboot   = 'restart'
on_crash    = 'restart'

vi /etc/xen/xen2.example.com.cfg

#
#  Configuration file for the Xen instance xen2.example.com, created on
# Mon May 28 21:22:31 2007.
#


#
#  Kernel + memory size
#
kernel  = '/boot/vmlinuz-2.6.18-xen'

memory  = '32'


#
#  Disk device(s).
#
root    = '/dev/hda1 ro'

disk    = [ 'file:/vserver/domains/xen2.example.com/disk.img,hda1,w', 'file:/vserver/domains/xen2.example.com/swap.img,hda2,w' ]

#
#  Hostname
#
name    = 'xen2.example.com'


#
#  Networking
#
vif  = [ 'ip=10.0.0.2' ]

#
#  Behaviour
#
on_poweroff = 'destroy'
on_reboot   = 'restart'
on_crash    = 'restart'

Afterwards shut down xen1.example.com and xen2.example.com (if they are running):

xm shutdown xen1.example.com
xm shutdown xen2.example.com

Wait a few seconds and control with xm list that xen1.example.com and xen2.example.com have shut down. Then reboot the system:

shutdown -r now

If xen1.example.com and xen2.example.com aren't started automatically at boot time, start them now:

xm create /etc/xen/xen1.example.com.cfg

xm create /etc/xen/xen2.example.com.cfg

-----------------------------------------------------

After both virtual machines have booted, we must log in on xen1.example.com. There we open /etc/network/interfaces and change the IP address (10.0.0.1), the gateway (10.0.0.254), and the netmask (255.0.0.0):

xen1.example.com:

vi /etc/network/interfaces

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
 address 10.0.0.1
 gateway 10.0.0.254
 netmask 255.0.0.0

 # post-up  ethtool -K eth0 tx off

#
# The commented out line above will disable TCP checksumming which
# might resolve problems for some users.  It is disabled by default
#

Then we restart the network on xen1.example.com:

xen1.example.com:

/etc/init.d/networking restart

Now we do the same on xen2.example.com (this time we set the IP address to 10.0.0.2):

xen2.example.com:

vi /etc/network/interfaces

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
 address 10.0.0.2
 gateway 10.0.0.254
 netmask 255.0.0.0

 # post-up  ethtool -K eth0 tx off

#
# The commented out line above will disable TCP checksumming which
# might resolve problems for some users.  It is disabled by default
#

Then we restart the network on xen2.example.com:

xen2.example.com:

/etc/init.d/networking restart

-----------------------------------------------------

Now you should be able to ping xen2.example.com from xen1.example.com and vice versa, and you should also be able to ping dom0 and hosts on the internet!

Now let's assume we have a web server on port 80 on xen1.example.com and a mail server on port 25 on xen2.example.com. As they are in their own network (10.x.x.x), we cannot access them from the outside unless we forward these ports to the appropriate vm. We can create the necessary port forwarding rules on dom0 with the help of iptables:

iptables -A PREROUTING -t nat -p tcp -i eth0 --dport 80 -j DNAT --to 10.0.0.1:80
iptables -A PREROUTING -t nat -p tcp -i eth0 --dport 25 -j DNAT --to 10.0.0.2:25

If we connect to dom0 now on port 80, we are forwarded to xen1.example.com. The same goes for port 25 and xen2.example.com.

Of course, the forwarding rules are lost when we reboot dom0. Therefore we put the rules into /etc/network/if-up.d/iptables, which is executed automatically when the system boots:

vi /etc/network/if-up.d/iptables

#!/bin/sh

### Port Forwarding ###
iptables -A PREROUTING -t nat -p tcp -i eth0 --dport 80 -j DNAT --to 10.0.0.1:80
iptables -A PREROUTING -t nat -p tcp -i eth0 --dport 25 -j DNAT --to 10.0.0.2:25

Now we have to make that script executable:

chmod 755 /etc/network/if-up.d/iptables

Whenever you need additional port forwarding rules, execute them on dom0's shell and then append them to /etc/network/if-up.d/iptables so that they are available even after a reboot.

Share this page:

7 Comment(s)

Add comment

Comments

From: at: 2007-11-19 07:26:51

I installed xen from binary package in Debian Lenny (amd64) according your notes and everything is fine.

The only problem was initrd, where my Raid partitions were not recognized on the boot and therefore the boot failed. The solution was using:

mkinitramfs -o /boot/initrd.img-2.6.18-xen 2.6.18-xen

instead of

mkinitrd.yaird -o /boot/initrd.img-2.6.18-xen 2.6.18-xen

From: at: 2007-09-07 19:32:07

Dear Author

please add the bcc package to your requirements. The hvmloader won´t be compiled without it. It took me an hour or so to discover the missing package.

Best Regards an thx for the Howto

arnageddon 

 

From: at: 2007-10-26 22:33:58

 You say:

> Please make sure that you comment out the initrd line!

When I did this my LVM-based VM's wouldn't boot.

From: at: 2007-11-14 22:14:38

Hi,

 I think there isa newer version of xen utils neccessary, because the XEN-3.1.0 Binary version seems to be to new ...

It also asked a lots of questions about replacing scripts when I installed xen utils via aptitude - and after rebooting it a secound time my xen bridge settings got lost and I wheren't able to start any virtual machine again.

There might be an update of the Howto neccessary ...

 

Thanks 

J. K. S.

From: at: 2007-06-21 10:00:34

some hints for compiling Xen 3.1:

if you wan't the VNC/SDL feature with HVM you need the following packages:

 libjpeg62-dev, libvncserver-dev,  libsdl1.2-dev

and you need to set the following var:

export XENFB_TOOLS=y

and maybe you miss hvmloader: you need the package bcc or it will just not compile.

To check build dependecies there is a nice script:

cd tools/check

./chk build

- Thomas 

PS: see also: http://wiki.xensource.com/xenwiki/BuildConsiderations 

From: at: 2007-07-17 16:31:24

If your root partition is on LVM you need to create an initrd for xen0 kernel as well, run: mkinitramfs -o /boot/initrd.img-2.6.18-xen0 2.6.18-xen0 before update-grub

From: at: 2007-11-01 05:16:08

It seems that the default bnx2 drivers in the Debian Etch kernel are malfunctioning with the network-bridge script in Xen 3.1.

For anyone having issues with the network-bridge and you are using broadcom nics (Dell PowerEdge, etc.) you should install the drivers found here:

http://www.broadcom.com/docs/driver_download/NXII/linux-1.5.10c.zip

Also check out this thread for some talk on the problem:

http://lists.xensource.com/archives/html/xen-users/2007-07/msg00768.html