LinuxVirt:

The problem

Running Xen with a typical laptop network setup requires a little extra work. Typically the Xen guests are attached via a software network bridge to one of the system's network interfaces. This does not work well when the system changes location or simply changes from the wired to the wireless network, because the guests have no idea that the host's network environment changed.

Ideally the host OS (dom0) simply takes care of routing network traffic whereever it should go, NATing traffic to the internet. This article describes how this can be achieved relatively easily.

Dummy network

One simple solution is to have the xen ethernet bridge completely internal to the system, and leave the outside network interfaces (both wired and wireless) free to change with whatever environment you attach them to. Simply attaching the xen ethernet bridge to a dummy network interface inside domain zero will do the trick.

Add these lines to /etc/modprobe.conf:

alias dummy0 dummy
options dummy numdummies=1

To configure your dummy network (with Red Hat style initscripts), create /etc/sysconfig/network-scripts/ifcfg-dummy0:

# Dummy interface for Xen
DEVICE=dummy0
BOOTPROTO=none
ONBOOT=yes
USERCTL=no
IPV6INIT=no
PEERDNS=yes
TYPE=Ethernet
NETMASK=255.255.255.0
IPADDR=10.1.1.1
ARP=yes

In order to actually bind the xenbr0 ethernet bridge to dummy0, edit the network-script line in /etc/xen/xend-config.sxp:

(network-script 'network-bridge bridge=xenbr0 netdev=dummy0')

NAT

In order to make packet forwarding and Network Address Translation (NAT) work, you can add commands like the following to your firewall startup script, or simply to rc.local:

/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
/sbin/iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

You can enable packet forwarding in /etc/sysctl.conf:

# Controls IP packet forwarding
net.ipv4.ip_forward = 1
net.ipv6.conf.default.forwarding = 1

NetworkManager

NetworkManager can deal with random new network hardware (eg. wifi network cards or USB sticks) being plugged into the system, but this does add the complexity of unpredictable network interface names. Luckily the NetworkManagerDispatcher daemon will call any script in the /etc/NetworkManager/dispatcher.d every time an interface is brought up or taken down.

The following script (lets call it /etc/NetworkManager/dispatcher.d/xenNAT) should work.

# /etc/NetworkManager/dispatcher.d/xenNAT
#
# Bring up iptables NAT for our Xen guests if a new network interface is brought up.
#
# The script is invoked by NetworkManagerDispatcher, like this:
# xenNat <interface> <up/down>

INTERFACE=$1
UPDOWN=$2

if [ $UPDOWN = 'up' ] ; then
   /sbin/iptables -t nat -A POSTROUTING -o $INTERFACE -j MASQUERADE
else
   /sbin/iptables -t nat -D POSTROUTING -o $INTERFACE -j MASQUERADE
fi

Note that this script is untested because the author has no system with Xen and wifi networking. If you have verified that the script works, or have improvements, please edit this page.

Inside the guest

Since we do not have dhcp set up yet on our dummy network, for now it is easiest to simply configure your Xen guests with static IP addresses on the same subnet as your domain 0 dummy0 interface (10.1.1.0/24). You can edit the /etc/sysconfig/networking inside the guest to look like this:

NETWORKING=yes
HOSTNAME=localhost.localdomain
GATEWAY=10.1.1.1
IPADDR=10.1.1.10
NETMASK=255.255.255.0

DNS

To be written. How exactly do we set up a DNS proxy for the guests?


CategoryXen

LinuxVirt: XenWifiNetwork (last edited 2017-12-30 03:30:06 by localhost)