0

I want to configure xen with 2 NIC. The dom0 is configured with CentOS7 where the interface eth0 is facing the local LAN (10.12.X.X) and the eth1 (192.x.x.x) is connected to the corporate LAN.

Dom0 is configured following the guideline from Xen4Centos Wiki and the eth0 NIC is configured to bridge xenbr0 following the networking guide.

1. Created the bridge:

    nmcli con add type bridge con-name xenbr0 ifname xenbr0
    nmcli con modify xenbr0 bridge.stp no
    nmcli con modify xenbr0 bridge.hello-time 0

2. Make the eth0 interface slave to the bridge:

    nmcli con modify eth0 connection.master xenbr0 connection.slave-type bridge

I replicated all the initial settings of eth0 to xenbr0. The network script for eth0 and xenbr0 is here:

[eth0]
TYPE=Ethernet
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
NAME=eth0
UUID=ba6411dc-b9a6-41b4-868c-7bdab79b729b
DEVICE=eth0
ONBOOT=yes
DNS1=10.12.0.1
IPV6_PRIVACY=no
BRIDGE=xenbr0

And the bridge xenbr0: 

[xenbr0]
DEVICE=xenbr0
STP=no
TYPE=Bridge
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPADDR=10.12.0.20
NETMASK=255.255.0.0
GATEWAY=10.12.0.254
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=xenbr0
UUID=0e7599cb-2d5d-4ca8-885f-02048fe2fa77
ONBOOT=yes
PEERDNS=yes
PEERROUTES=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes

I managed to configure 2 Centos7 guest in domU-1 and domU-2. Each one of them are successfully networked with xenbr0 and I can ssh/ping to them.

The problem starts when I try bring up the second NIC eth1 following the same steps. Initially if I assign IP address statically to the eth1 it works fine and is accessible from outside but when I tried configuring the 2nd bridge xenbr1 with eth1, the IP transferred to the xenbr1 from eth1 becomes inaccessible from outside. I followed the same procedure when configuring xenbr0. From domU host when I added second virtual NIC and connected it to xenbr1 they also remain inaccessible.

[eth1]
TYPE=Ethernet
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
UUID= ee369965-a1f4-4b65-97c6-5d79b8669186
NAME=eth1
DEVICE=eth1
ONBOOT=yes
BRIDGE=xenbr1

xenbr1

[xenbr1]
DEVICE=xenbr1
STP=no
TYPE=Bridge
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPADDR=192.168.43.45
NETMASK=255.255.255.224
GATEWAY=192.168.43.33
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=xenbr1
UUID=0e7599cb-2d5d-4ca8-885f-02048fe2fa77
ONBOOT=yes
PEERDNS=yes
PEERROUTES=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes

I want the topology that looks like the following, where each of the domU-n will have ip from to different LAN:

LAN0 10.X.X.X ------ |eth0 / xenbr0| ---- |  eth0   |
                     |  dom0       |      |  domu-n |
LAN1 192.168.X.X --- |eth1 / xenbr1| ---- |  eth1   |

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.12.0.254     0.0.0.0         UG    425    0        0 xenbr0
0.0.0.0         192.168.43.33   0.0.0.0         UG    426    0        0 xenbr1
10.12.0.0       0.0.0.0         255.255.0.0     U     425    0        0 xenbr0
192.168.43.32   0.0.0.0         255.255.255.224 U     425    0        0 xenbr1

Am I missing any steps? Most the of examples shows how to configure dom0 - domU with one NIC. Any suggestions/ clue are much appreciated.

jazaman
  • 101
  • 2
  • Please show the routing table after you have configured both interfaces. – Tero Kilkanen Jul 19 '17 at 08:32
  • @TeroKilkanen I added the routing table in the description – jazaman Jul 19 '17 at 10:54
  • Could you also clarify what does the outside mean in "the IP transferred to the xenbr1 from eth1 becomes inaccessible from outside"? And what is "they" in "From domU host when I added second virtual NIC and connected it to xenbr1 they also remain inaccessible."? – Tero Kilkanen Jul 19 '17 at 16:03
  • @TeroKilkanen sorry for the confusion I initially setup xenbr1/eth1 with ISP assigned external public IP address expecting to be accessible from an external host (my home pc in this instant). When the configuration did not work, for the testing purpose I physically connected to another private LAN and replaced public IP with the 192.168.x.x series. But the ping failed within the 192.168.x.x LAN. "They" refers to the two domU guest OS I added. Both of the guestOS contains 2 NICS eth0 and eth1 where the eth0 connected to xenbr0 and the eth1 to xenbr1. – jazaman Jul 19 '17 at 19:36

0 Answers0