上次和朋友一起探讨xen中的一個問題。基本情況是這樣的,公司适用xen虛拟機做VPS,由于單台機器中的VPS數量比較多,是以存在幾個公司同時使用一台實體機中的VPS的情況。由于預設情況下,VPS所處的網絡環境是一樣的,就是同屬于一個網段,這樣安全方面存在問題,比如會發生arp攻擊之類,是以需要能隔絕開不同機關的VPS間的通訊。這樣想到了使用VLAN的方式,即不同的公司用的VPS都橋接到不同的網橋上,同時,在該vif上啟用8021q,這樣便可以完美解決該問題了。參考了網上一些文檔,确實有一些解決方法,但是都是修改配置檔案的方式,這樣确實能解決該問題,但是往往需要重新開機xend,或是重新開機實體機,這對于生産環境來說是不可能的,是以,使用以下方法完美解決該問題。
cd /etc/sysconfig/network-scripts
touch ifcfg-xenbr2 ifcfg-eth0.2
ifcfg-xenbr1 ifcfg-eth0.1的内容如下:
[root@XenServer network-scripts]# cat ifcfg-xenbr2
DEVICE=xenbr2
BOOTPROTO=static
ONBOOT=yes
TYPE=Bridge
[root@XenServer network-scripts]# cat ifcfg-eth0.2
DEVICE=eth0.2
BOOTPROTO=none
TYPE=Ethernet
VLAN=yes
BRIDGE=xenbr2
建立了這兩個檔案後,依次使用指令:
ifup ifcfg-xenbr2
ifup ifcfg-eth0.2
這樣就可以首先建立一個叫xenbr2的網橋,然後,把eth0.2橋接到該往橋上,是以,啟動的順序不可反過來。
然後,在domu的配置中,使用網橋的配置改為:
vif = [ "bridge=xenbr1,script=vif-bridge" ]
不過這時候别忘記在實體端口直連的交換機端口上開啟trunk,使用8021q的标簽。
Enjoy it!
<a href="https://61.129.13.23:8082/tiki-editpage.php?page=xen+3.0.3+-+create+3+alias+with+the+only+one+NIC+and+3+vlan+with+each+alias+interface&hdr=1"></a>
<a href="https://61.129.13.23:8082/tiki-editpage.php?page=xen+3.0.3+-+create+3+alias+with+the+only+one+NIC+and+3+vlan+with+each+alias+interface&hdr=2"></a>
yum install vconfig
<a href="https://61.129.13.23:8082/tiki-editpage.php?page=xen+3.0.3+-+create+3+alias+with+the+only+one+NIC+and+3+vlan+with+each+alias+interface&hdr=3"></a>
vi /etc/sysconfig/modules/8021q.modules
<b>modprobe 8021q</b>
chmod a+x /etc/sysconfig/modules/8021q.modules
<a href="https://61.129.13.23:8082/tiki-editpage.php?page=xen+3.0.3+-+create+3+alias+with+the+only+one+NIC+and+3+vlan+with+each+alias+interface&hdr=4"></a>
<a href="https://61.129.13.23:8082/tiki-editpage.php?page=xen+3.0.3+-+create+3+alias+with+the+only+one+NIC+and+3+vlan+with+each+alias+interface&hdr=5"></a>
cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0.2
cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0.3
cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0.4
<a href="https://61.129.13.23:8082/tiki-editpage.php?page=xen+3.0.3+-+create+3+alias+with+the+only+one+NIC+and+3+vlan+with+each+alias+interface&hdr=6"></a>
vi /etc/sysconfig/network-scripts/ifcfg-eth0.4
DEVICE=eth0.4
DHCPCLASS=
IPADDR=10.4.100.73
NETMASK=255.255.255.0
<b>Announcements</b>:each alias interface does not need to config ip address,the purpose for that just want to test whether it works.eth0 should not have any ip address(i.e. the same network segment as the default gateway ),because the other network segment will match the rule (10.1.100.0 to eth0),and by default the bridges created by xen
cannot talk with each other.
<a href="https://61.129.13.23:8082/tiki-editpage.php?page=xen+3.0.3+-+create+3+alias+with+the+only+one+NIC+and+3+vlan+with+each+alias+interface&hdr=7"></a>
<a href="https://61.129.13.23:8082/tiki-editpage.php?page=xen+3.0.3+-+create+3+alias+with+the+only+one+NIC+and+3+vlan+with+each+alias+interface&hdr=8"></a>
cp /etc/xen/scripts/network-bridge /etc/xen/scripts/network-bridge-vlan
vi /etc/xen/scripts/network-bridge-vlan
#DL# if is_bonding ${netdev} || ! ifdown ${netdev}; then
# Remember the IP details if necessary.
get_ip_info ${netdev}
ip link set ${netdev} down
ip addr flush ${netdev}
#DL# fi
#DL# if ! ifdown ${netdev}; then
chmod a+x /etc/xen/scripts/network-bridge-vlan
<a href="https://61.129.13.23:8082/tiki-editpage.php?page=xen+3.0.3+-+create+3+alias+with+the+only+one+NIC+and+3+vlan+with+each+alias+interface&hdr=9"></a>
vi /etc/xen/scripts/network-bridge-withvlan
#!/bin/sh
function call_network_bridge
{
dir=/etc/xen/scripts
"$dir/network-bridge-vlan" "$@" netdev=eth0 vifnum=0 bridge=xenbr0
"$dir/network-bridge-vlan" "$@" netdev="eth0.2" vifnum=1 bridge=xenbr0V2
"$dir/network-bridge-vlan" "$@" netdev="eth0.3" vifnum=2 bridge=xenbr0V3
"$dir/network-bridge-vlan" "$@" netdev="eth0.4" vifnum=3 bridge=xenbr0V4
}
case "$1" in
start)
echo "start"
vconfig set_name_type DEV_PLUS_VID_NO_PAD
vconfig add "eth0" 2
vconfig add "eth0" 3
vconfig add "eth0" 4
call_network_bridge start
;;
stop)
echo "stop"
call_network_bridge stop
vconfig rem "eth0.2"
vconfig rem "eth0.3"
vconfig rem "eth0.4"
esac
chmod a+x /etc/xen/scripts/network-bridge-withvlan
<a href="https://61.129.13.23:8082/tiki-editpage.php?page=xen+3.0.3+-+create+3+alias+with+the+only+one+NIC+and+3+vlan+with+each+alias+interface&hdr=10"></a>
vi /etc/xen/xend-config.sxp
(network-script network-bridge-withvlan)
to validate mentioned in inhttp://wiki.xensource.com/xenwiki/XenNetworking
[root:/etc/xen]# cat /etc/init.d/xen-vlan
ethtool -K eth0 tx off
本文轉自 justiceplus 51CTO部落格,原文連結:http://blog.51cto.com/johnwang/367688,如需轉載請自行聯系原作者
![unit 1 - redhat Enterprise 8.0 Linux 指令行使用技巧[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)