view tools/vnet/doc/vnet-xend.txt @ 8740:3d7ea7972b39

Update patches for linux 2.6.15.

Signed-off-by: Christian Limpach <Christian.Limpach@cl.cam.ac.uk>
author cl349@firebug.cl.cam.ac.uk
date Thu Feb 02 17:16:00 2006 +0000 (2006-02-02)
parents 06d84bf87159
children 71b0f00f6344
line source
2 Vnets: Virtual Networks for Virtual Machines
4 Mike Wray <mike.wray@hp.com>
6 2005/08/25
8 0) Introduction
9 ---------------
11 Vnets provide virtual private LANs for virtual machines.
12 This is done using bridging and multipoint tunneling. A virtual interface
13 on a vnet can only see other interfaces on the same vnet - it cannot
14 see the real network, and the real network cannot see it either.
16 Virtual interfaces on the same vnet can be on the same machine
17 or on different machines, they can still talk. The hosting machines
18 can even be on different subnets if you run vnetd to forward,
19 or have multicast routing enabled.
22 1) Installing vnet support
23 --------------------------
25 Assuming the code has been installed (make install in the parent directory),
26 configure xend to use 'network-vnet' instead of the default 'network' to
27 start up networking. This just loads the vnet module when networking starts.
29 In /etc/xend/xend-config.sxp:
31 Configure the network script:
33 (network-script network-vnet)
35 Restart xend.
37 Alternatively insert the vnet module using vnet-insert,
38 preferably before xend starts.
40 2) Creating vnets
41 -----------------
43 Xend already implements commands to add/remove vnets and
44 bridge to them. To add a vnet use
46 xm vnet-create <vnet config file>
48 For example, if vnet97.sxp contains:
50 (vnet (id 97) (bridge vnet97) (vnetif vnetif97) (security none))
52 do
54 xm vnet-create vnet97.sxp
56 This will define a vnet with id 97 and no security. The bridge for the
57 vnet is called vnet97 and the virtual interface for it is vnetif97.
58 To add an interface on a vm to this vnet simply set its bridge to vnet97
59 in its configuration.
61 In Python:
63 vif="bridge=vnet97"
65 In sxp:
67 (dev (vif (mac aa:00:00:01:02:03) (bridge vnet97)))
69 Once configured, vnets are persistent in the xend database.
70 To remove a vnet use
72 xm vnet-delete <vnet id>
74 To list vnets use
76 xm vnet-list
78 To get information on a vnet id use
80 xm vnet-list <vnet id>
82 3) Troubleshooting
83 ------------------
85 The vnet module should appear in 'lsmod'.
86 If a vnet has been configured it should appear in the output of 'xm vnet-list'.
87 Its bridge and interface should appear in 'ifconfig'.
88 It should also show in 'brctl show', with its attached interfaces.
90 You can 'see into' a vnet from dom0 if you put an IP address on the bridge
91 and configure its MAC address as a vif.
92 For example, if you have vnet97 with a vm with ip addr on it,
93 and <mac> is the MAC address of vnet97 (use ifconfig), then
95 echo '(vif.add (vnet 97) (vmac <mac>))' >/proc/vnet/policy
96 ifconfig vnet97 up
98 should let you ping via the vnet97 bridge.
99 This works even if the vm with vif is on another
100 machine (it only works locally if you don't use vif.add).
102 4) Examples
103 -----------
105 Here's the full config for a vm on vnet 97, using ip addr
107 (vm
108 (name dom12)
109 (memory '64')
110 (cpu '1')
111 (console '8502')
112 (image
113 (linux
114 (kernel /boot/vmlinuz-2.6-xenU)
115 (ip
116 (root /dev/sda1)
117 (args 'rw fastboot 4')
118 )
119 )
120 (device (vbd (uname phy:hda2) (dev sda1) (mode w)))
121 (device (vif (mac aa:00:00:11:00:12) (bridge vnet97)))
122 )
124 If you run another vm on the same vnet:
126 (vm
127 (name dom11)
128 (memory '64')
129 (cpu '1')
130 (console '8501')
131 (image
132 (linux
133 (kernel /boot/vmlinuz-2.6-xenU)
134 (ip
135 (root /dev/sda1)
136 (args 'rw fastboot 4')
137 )
138 )
139 (device (vbd (uname phy:hda3) (dev sda1) (mode w)))
140 (device (vif (mac aa:00:00:11:00:11) (bridge vnet97)))
141 )
143 the vms should be able to talk over the vnet. Check with ping.
144 If they are both on the same machine the connection will simply
145 be the vnet97 bridge, if they are on separate machines their
146 packets will be tunneled in etherip. They should be able to
147 see each other, but not the real network.