XEN环境中的VLAN实现

上次和朋友一块儿探讨xen中的一个问题。基本状况是这样的，公司适用xen虚拟机作VPS，因为单台机器中的VPS数量比较多，因此存在几个公司同时使用一台物理机中的VPS的状况。因为默认状况下，VPS所处的网络环境是同样的，就是同属于一个网段，这样安全方面存在问题，好比会发生arp***之类，因此须要能隔绝开不一样单位的VPS间的通信。这样想到了使用VLAN的方式，即不一样的公司用的VPS都桥接到不一样的网桥上，同时，在该vif上启用8021q，这样即可以完美解决该问题了。参考了网上一些文档，确实有一些解决方法，可是都是修改配置文件的方式，这样确实能解决该问题，可是每每须要重启xend，或是重启物理机，这对于生产环境来讲是不可能的，因此，使用如下方法完美解决该问题。
cd /etc/sysconfig/network-scripts
touch ifcfg-xenbr2 ifcfg-eth0.2
ifcfg-xenbr1 ifcfg-eth0.1的内容以下：
[root@XenServer network-scripts]# cat ifcfg-xenbr2
DEVICE=xenbr2
BOOTPROTO=static
ONBOOT=yes
TYPE=Bridge
[root@XenServer network-scripts]# cat ifcfg-eth0.2
DEVICE=eth0.2
BOOTPROTO=none
ONBOOT=yes
TYPE=Ethernet
VLAN=yes
BRIDGE=xenbr2
建立了这两个文件后，依次使用命令：
ifup ifcfg-xenbr2
ifup ifcfg-eth0.2
这样就能够首先建立一个叫xenbr2的网桥，而后，把eth0.2桥接到该往桥上，因此，启动的顺序不可反过来。
而后，在domu的配置中，使用网桥的配置改成：
vif = [ "bridge=xenbr1,script=vif-bridge" ]

不过这时候别忘记在物理端口直连的交换机端口上开启trunk，使用8021q的标签。
Enjoy it!

附上其余的解决方法

xen 3.0.3 - create 3 alias with the only one NIC and 3 vlan with each alias interface

Preparation

Install Vlan Config tool

yum install vconfig

modprobe 8021q

vi /etc/sysconfig/modules/8021q.modules
modprobe 8021q
chmod a+x /etc/sysconfig/modules/8021q.modules

create 3 alias with the only one NIC

copy configuration file

cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0.2
cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0.3
cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0.4

edit example

vi /etc/sysconfig/network-scripts/ifcfg-eth0.4
DEVICE=eth0.4
BOOTPROTO=static
DHCPCLASS=
IPADDR=10.4.100.73
NETMASK=255.255.255.0
VLAN=yes
ONBOOT=yes

Announcements:each alias interface does not need to config ip address,the purpose for that just want to test whether it works.eth0 should not have any ip address(i.e. the same network segment as the default gateway ),because the other network segment will match the rule (10.1.100.0 to eth0),and by default the bridges created by xen

cannot talk with each other.

create custom script for vlan

main function script

cp /etc/xen/scripts/network-bridge /etc/xen/scripts/network-bridge-vlan
vi /etc/xen/scripts/network-bridge-vlan
#DL# if is_bonding ${netdev} || ! ifdown ${netdev}; then
# Remember the IP details if necessary.
get_ip_info ${netdev}
ip link set ${netdev} down
ip addr flush ${netdev}
#DL# fi
#DL# if ! ifdown ${netdev}; then
get_ip_info ${netdev}
#DL# fi
chmod a+x /etc/xen/scripts/network-bridge-vlan

create main script for load

vi /etc/xen/scripts/network-bridge-withvlan
#!/bin/sh
function call_network_bridge
{
dir=/etc/xen/scripts
"$dir/network-bridge-vlan" "$@" netdev=eth0 vifnum=0 bridge=xenbr0
"$dir/network-bridge-vlan" "$@" netdev="eth0.2" vifnum=1 bridge=xenbr0V2
"$dir/network-bridge-vlan" "$@" netdev="eth0.3" vifnum=2 bridge=xenbr0V3
"$dir/network-bridge-vlan" "$@" netdev="eth0.4" vifnum=3 bridge=xenbr0V4
}

case "$1" in
start)
echo "start"
vconfig set_name_type DEV_PLUS_VID_NO_PAD
vconfig add "eth0" 2
vconfig add "eth0" 3
vconfig add "eth0" 4
call_network_bridge start
;;
stop)
echo "stop"
call_network_bridge stop
vconfig rem "eth0.2"
vconfig rem "eth0.3"
vconfig rem "eth0.4"
;;
esac
chmod a+x /etc/xen/scripts/network-bridge-withvlan

Change xend config

vi /etc/xen/xend-config.sxp
(network-script network-bridge-withvlan)

to validate mentioned in inhttp://wiki.xensource.com/xenwiki/XenNetworking

[root:/etc/xen]# cat /etc/init.d/xen-vlan #!/bin/sh ethtool -K eth0 tx off