[Libvir] Patch for routed virtual networks

Mads Chr. Olesen shiyee at shiyee.dk
Mon Mar 24 09:52:41 UTC 2008


Anything further I can do to help get this patch commited?

I have been running with it, without problems across restarts, etc., for
a couple of weeks now.

man, 10 03 2008 kl. 22:09 +0100, skrev Mads Chr. Olesen:
> søn, 09 03 2008 kl. 21:09 +0000, skrev Daniel P. Berrange:
> > On Sat, Mar 08, 2008 at 04:33:32PM +0100, Mads Chr. Olesen wrote:
> > > I have added a <route dev="ethX" /> stanza (dev is optional),
> completely
> > > equivalent to the <forward /> stanza.
> > 
> > This is still forwarding of traffic, so I think we should just use
> the
> > existing  <forward/> element and have an extra attribute to
> indiciate
> > the type of forwarding, eg
> > 
> >    <forward/>                      (defaults to mode="nat" for
> compat)
> >    <forward mode="nat"/>
> >    <forward mode="route"/>
> >    <forward mode="nat" dev="ethX"/>
> >    <forward mode="route" dev="ethX"/>
> 
> Sure, makes sense - an updated patch is attached.
> 
> > I'm a little unclear on how this actually works. You add iptables
> rules to
> > allow traffic in/out, but you're not adding any routing table
> entries, nor
> > turning on proxy_arp, so I don't see how this will actually work in
> practice.
> > 
> > Are you assuming the admin has already added suitable routing rules
> & turned
> > on proxy arp ?
> 
> Well, in my case (dedicated server, hetzner.de) this is all that is
> needed. My physical interface has IP 85.10.XXX.XXX, and then I have a
> secondary IP range which gets routed at that interface, IP range
> 78.47.YYY.YYY/30. I then setup my virtual interface with an IP in that
> range, by setting 
> <ip address="78.47.YYY.YYY" netmask="255.255.255.248" />
> 
> Thus, to get packets routed at the virtual machines, it just needs to
> be
> allowed by iptables, and /proc/sys/net/ipv4/ip_forward needs to be set
> to 1.
> 
> Other setups obviously might need more work.

-- 
Mads Chr. Olesen <shiyee at shiyee.dk>
shiyee.dk




More information about the libvir-list mailing list