This article describes the xen bridging network and the tools and methods that can be used when a fault occurs:
The xen bridging network is flexible, but the logic and management aspects are still simple..
Bridging Device
- Bridge: xenbr0, xenbr1, etc.
- VIF, virtual network interface; generally named vif0.0, vif0.1, etc.
- Veth/ETH, a virtual network device. It is generally named eth0, etc.
Bridge Tool
- /Etc/xen/script/network-Bridge, Bridge operation script
- /Etc/xen/script/VIF-bridge, Virtual Interface operation script
- Brctl tool. In fact, both of the above scripts call it.
Troubleshooting steps
- Brctl show; check whether the bridge is OK.
- Ethtool peth; the physical network cartoon cannot be accessed first.
- Ifconfig VIF; check whether the virtual interfaces are normal.
- Ifconfig ETH/veth; check whether the virtual network device is normal.
Link
Xen Network Connection Mode
Xen provides three virtual network models for clients to access physical devices-bridging, routing, and Nat. In the bridge mode, the virtual network interface (vif) is visible in the external lan. In the routing model, VIF is invisible in the external LAN, but the IP address is visible. In the NAT model, VIF is invisible to the external LAN and does not have an externally visible IP address.
InBridging ModeThe brctl tool is used to create a software-based bridge interface. A physical network interface is attached to the bridge. The back-end vif of the xen client domain can be attached to this bridge. When the bridge interface receives packets from the physical interface, the physical network interface forwards the packets to different domains based on the MAC address of the virtual network card of each domain.
InRouting ModelThe iptables mechanism is used for routing. All packets received by the physical interface are processed by the Network IP layer of the drive domain. The driver domain (dom0) searches for route table entries and forwards packets to different client IP addresses. In routing mode, the drive domain connects two different CIDR blocks: the CIDR blocks used by clients and the CIDR blocks connected to external networks.
In the driver domain asNAT GatewayThe driver domain is still used as a router, but it further maps its own IP address and port to the IP address and port of a client. The IP address of the client is hidden in the drive domain and invisible to the external network.
Linux firewall provides iptables, And
Bridge-utils provides etablesTo filter MAC addresses. You can also specify a physical Nic for a domain.
The xen network structure is quite flexible. You can easily configure the complex topology between dom0/domu and the physical network.
Bridging Mode
Figure 1. xen Bridging Mode
Is an example of bridging.
Veth0 and vif0.0 are network interfaces of dom0..Veth0 is renamed to eth0.The xenbr0 interface is a soft bridge interface..Vif1.0 is the backend network interface of the running client.
Peth0, xenbr0, vif0.0, vif1.0Both share the same MAC address Fe: FF, which is the broadcast address of Ethernet. This means that the actual network interface, the dom0 loopback interface, and the client's backend interface are broadcast to xenbr0. When the physical network adapter receives a packet, it directly sends it to the bridging interface xenbr0. This bridging interface uses the package's MAC address to decide which domain the packet is forwarded to for the backend interface. Therefore, peth0 does not require an IP address, but only the MAC address. The original physical interface
The IP address has been notified to eth0, which is the virtual front-end interface of the drive domain.
Xenbr0 uses the MAC address 00: 11: 25: F6: 15: 22 or 00: 16: 3E: 45: E7: 12 to determine whether the packet is forwarded to eth0 or vif1.0. The frontend interface of the customer domain is named eth0. From the dom0 perspective, the eth0 in the client is actually vif1.0.
Brctl command display:
- [User @ dom0] # brctl show
- Bridge name bridge id stp enabled Interfaces
- Xenbr0 8000. feffffffffff no vif1.0
- Peth0
- Vif0.0
Reference