Xen 3.2, CentOS 5.1 and NAT HOWTO

From PDP/Grid Wiki
Jump to navigationJump to search

The default configuration for networking with Xen DomUs is bridging the network interface to the Dom0. This will make a DomU network interface appear on the LAN just like any other machine.

This HOWTO explains how you can change the configuration to masquerade all the network interfaces of the DomUs behind the Dom0. This will turn the Dom0 into a NAT box, which may be useful if you want to build a cluster that doesn't expose itself to the network as much.

NAT

The IP adresses behind the NAT box are assigned dynamically with DHCP from the private 10.x.x.x range. A lightweight DHCP/DNS server called dnsmasq is used to manage the assignments. Configuration files for dnsmasq can be placed in /etc/dnsmasq.d/ and must have the extension .conf.

This is the full text of /etc/dnsmasq.d/xencluster.conf.

dhcp-range=testbed,10.0.0.1,static,255.0.0.0,infinite
read-ethers
leasefile-ro
except-interface=eth0

Here's the configuration explained.

dhcp-range
every configuration must have at least one range of IP addresses to hand out, even if only static assignments are being done. The 'static' keyword replaces the end address of the range and means that only static addresses will be given. The lease time is infinite.
read-ethers
this directive tells dnsmasq to read the file /etc/ethers, to find out which IP addresses belong to which MAC addresses. This file will play an role later on.
leasefile-ro
don't bother with any leases; useful for just doing the static thing.
except-interface
tells dnsmasq to ignore DHCP request originating from the physical interface of the machine (so as not to conflict with other DHCP servers on the net).


The way network interfaces work in Xen is by generating, on the fly, a virtual network interface in the Dom0 for each DomU. This interface is connected to the interface on the DomU side by an imaginary crossover cable.

Two scripts handle the management of these interfaces. One is called the network-script, which is just run once upon starting the xend daemon; the other is the vif-script, which is called each time a virtual interface needs to be created or torn down. The file names of the scripts to use are defined in the Xen daemon configuration file, /etc/xen/xend-config.xsp.

Install the new scripts network-nat-dns, vif-nat-dns and the replacement vif-common.sh.

Edit /etc/xen/xend-config.xsp and replace the lines

(network-script network-bridge)
(vif-script vif-bridge)

by

(network-script network-nat-dns)
(vif-script     vif-nat-dns)

and restart the xend daemon

/etc/init.d/xend restart