Oups, bad mail client!
There it goes to the ML, sorry
Evaldo
-------- Original Message --------
Subject: Re: isolated "internal" network?
Date: Wed, 13 Sep 2006 19:29:07 -0300
From: Evaldo Gardenali <evaldo gardenali.biz>
To: Geert Hendrickx <ghenNetBSD.org>
References: <20060913080148.GA29829lori.ghen.be>
Geert Hendrickx wrote:
> Hi,
>
> I'm planning to deploy a NetBSD/Xen based server with
several services
> hosted in separate domains. Not all domains (e.g.
database server(s),
> build server) should have a public IP therefore I'd
whish to have two
> separately bridged networks, a public network with
public IP's on bridge0
> and an internal network with private IP's on bridge1.
But I don't want to
> connect bridge1 to any physical network device on the
dom0. What (virtual)
> network device can/should I use on the dom0 to
communicate with the private
> LAN? tap, tun, gif, ... ?
>
> Geert
>
Whoa! lots of complex ideas have been mentioned here and on
the
replies... when the thing is really simple (2 solutions
described here)
imagine this example: All domains have a public and a
private interface
(0=public)
xvif1.0 xvif2.0 and xvif3.0 are bridged to fxp0, so none
need an ip address;
xvif1.1, xvif2.1 and xvif3.1 are on the internal bridge, so
just need to
assign 172.16.0.1 to xvif1.1 and its done ;)
This example has a systemic failure: When domain 1 gets
destroyed, the
interface gets destroyed and all other domains cant
communicate to
domain 0 anymore. This can be easily solved with:
Create a tap(4) device, assign an ip address to it, add it
to the
private bridge. A tap device without a backend program is
expected to
behave just like an ethernet interface with no media
attached, so it
will do fine.
Evaldo
|