xen kernel with dom0 in Fedora 10?

James Ralston qralston+ml.redhat-fedora-devel at andrew.cmu.edu
Fri Oct 3 18:41:05 UTC 2008 

On 2008-10-03 at 18:17+01 Daniel P Berrange <berrange at redhat.com> wrote:

> Whether bridged traffic bypasses netfilter or not is controlled by
> the kernel sysctls
> 
>   net.bridge.bridge-nf-call-arptables = 1
>   net.bridge.bridge-nf-call-iptables = 1
>   net.bridge.bridge-nf-call-ip6tables = 1
> 
> If those are set to '1', then bridge traffic hits netfilter, if they
> are set to '0', it is bypassed.

Aha; I did not know that.  Thanks for the correction.

> No, [setting up KBM bridge networking] is utterly trivial
> 
>   # cd /etc/sysconfig/network-script
> 
>   # cat > ifcfg-eth0 <<EOF
>   DEVICE=eth0
>   HWADDR=00:16:76:D6:C9:45
>   ONBOOT=yes
>   BRIDGE=br0
>   EOF
> 
>   # cat > ifcfg-br0 <<EOF
>   DEVICE=br0
>   TYPE=Bridge
>   BOOTPROTO=dhcp
>   ONBOOT=yes
>   EOF
> 
>   # service network restart

You have a very strange definition of "utterly trivial", then.  :p

First, you have to *know* that you need to do this.  One's first clue
is an empty drop-down box in virt-manager's network configuration
options when you're creating a new guest.  After much Googling, if
you're lucky, you'll stumble across the KVM wiki and read the
networking section.  Then you have to figure out how much of that is
actually appropriate to Fedora + virt-manager.  Then you have to make
the above changes (and possibly reconfigure any iptables rules you had
set up).

How many end users (or, for that matter, unseasoned system
administrators) do you realistically think are going to make it through
that whole process?

To claim "out of the box" support for KVM bridge networking,
virt-manager has to be able to do all of this automatically.  That
means that either virt-manager itself needs to know how to turn a
physical device into a bridged device, or anaconda needs to do this at
system install time.  (E.g., any physical device configured with a
fixed IP address is automatically created as a bridge.)

> Job done, virt-manager will show you that br0 bridge and allow you
> to attach a guest to it

Actually, that *didn't* work for quite a while (the guest would
launch, but networking was non-functional).  However, I just now
re-tested, and you're right; virt-manager will Do The Right Thing (as
long as you've manually configured the bridge, that is).

> or out of the box you can use the 'virbr0' for NAT based
> connectivity that works even with wifi + network manager.

That's the best solution for mobile devices, for sure, but for
virtualizing a server, bridge networking is the only realistic option.
And right now, user-friendly support for that is sorely lacking.

-- 
STABILIZATION = CHAOS; END THE FED!
The Bailout Reader - <http://mises.org/story/3128>
The Rescue Package Will Delay Recovery - <http://mises.org/story/3131>
Taking Money Back - <http://mises.org/story/2882>

More information about the devel mailing list