'AW: [Xen-users] multiple nic's with vlan -> bridge or bridge -> vlan'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       xen-users
Subject:    AW: [Xen-users] multiple nic's with vlan -> bridge or bridge -> vlan
From:       <thomas.vonsteiger () bluewin ! ch>
Date:       2006-09-15 5:47:38
Message-ID: 00d601c6d88a$740b4560$0401a8c0 () athlon
[Download RAW message or body]

For security eth0 – vlan's – bridge's – domU's it's "maybe" a better
solution. Becose i have problem to run this configuration.
There is for each vlan (mtu 1496) a bridge.
Something is not running for such networkconfigs. I'm not sure about the
traffic between bridge and domU.
Is there 8021q traffic or not ?
Becose 8021q traffic i have to the dom0 vlan's, and from there ?
The other way, bridge-vlan's is working fin with mtu 1496.
With tcpdump inside domU i can sea all available vlan numbers with the
subnet information. It's running but not secure.

Thomas

> -----Ursprüngliche Nachricht-----
> Von: xen-users-bounces@lists.xensource.com [mailto:xen-users-
> bounces@lists.xensource.com] Im Auftrag von Javier Guerra
> Gesendet: Donnerstag, 14. September 2006 14:53
> An: xen-users@lists.xensource.com
> Betreff: Re: [Xen-users] multiple nic's with vlan -> bridge or bridge ->
> vlan
> 
> On Thursday 14 September 2006 4:14 am, Molle Bestefich wrote:
> > thomas.vonsteiger@bluewin.ch wrote:
> > > eth0 – vlan's – bridge's – domU's
> > > eth1 – vlan's – bridge's – domU's
> > >
> > > or
> > >
> > > eth0 - bridge – vlan's –domU's
> > > eth1 - bridge – vlan's –domU's
> >
> > Assuming from your ASCII drawing that you terminate your VLANs inside
> > the domu's in the second configuration, I'd go with the first
> > configuration from a security point of view.
> 
> apart from termination worries, the second setup usually has problems.
> mainly
> because it's better to put the physical eth's MTU to 1504, but the bridges
> usually choke with MTUs bigger than 1500
> 
> --
> Javier


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic