Routed Xen setup

Yesterday i needed to setup a Xen machine where only the MAC address of the host (dom0) was allowed by the firewall. Because of this, a bridged setup could not be used since all domU's will be using their own MAC address. So i needed a routed setup instead. That way the host (dom0) will be used as a "router" for the domU's and the firewall would only see the MAC of the dom0 host when communicating. Configuration is quite easy. Edit /etc/xen/xend-config.sxp and comment out the bridge related stuff. Then uncomment or add the following lines to enable routing:

(network-script network-route)
(vif-script     vif-route)

Then in /etc/sysctl.conf make sure you've these 2 lines to enable routing. The Proxy arp is needed if you have domU's on differend networks.

net.ipv4.ip_forward = 1
net.ipv4.conf.all.proxy_arp = 1

Restart xend, reboot the domU's and you're done (you can also just reboot the host).

By vincent at 01/13/2010 - 06:30
routing
Xen
Xen
Add new comment

Serge, I finally had some

Serge,

I finally had some time to do some reading about the topic.
I have domU's in the same subnet and domU's in an other subnet than dom0, so after things started working i assumed the proxy arp was indeed needed to "masq" the unknown MAC's for the switches.

It seems that this is indeed the case. I found a good explaination here

By vincent (not verified) at 01/24/2010 - 10:10
reply

I would think Proxy ARP is

I would think Proxy ARP is when a hosts is in between hosts in the same subnet. You don't need Proxy ARP when you have routing between subnets.

By Serge van Ginderachter (not verified) at 01/13/2010 - 18:53
reply

blog.vanderkussen.org

User login

Syndicate

Navigation

Routed Xen setup

Serge, I finally had some

I would think Proxy ARP is