xen kernel with dom0 in Fedora 10?

Daniel P. Berrange berrange at redhat.com
Fri Oct 3 17:17:21 UTC 2008 

On Fri, Oct 03, 2008 at 01:11:11PM -0400, James Ralston wrote:
> On 2008-09-30 at 20:37+01 Richard W.M. Jones <rjones at redhat.com> wrote:
> 
> > Yup, KVM is cool, much easier to use, and with virtio-enabled guests
> > it's about the same speed as Xen.
> 
> I really have to beg to differ about "easier to use", for two reasons:
> 
>     1.  Xen's network subsystem bypasses netfilter.
> 
>         (One could argue there's a benefit to protecting public
>         bridged guests with netfilter, but I think from a philsophical
>         viewpoint, public bridged guests really should have unfettered
>         network access.)

That has got absolutely nothing todo with Xen. Whether bridged
traffic bypasses netfilter or not is controlled by the kernel
sysctls

  net.bridge.bridge-nf-call-arptables = 1
  net.bridge.bridge-nf-call-iptables = 1
  net.bridge.bridge-nf-call-ip6tables = 1

If those are set to '1', then bridge traffic hits netfilter, if they
are set to '0', it is bypassed. 

>     2.  Setting up a public bridge is a snap in Xen.  In KVM, it is
>         massively complex (i.e., virt-manager can't do it), and
>         requires tools (tunctl) Fedora doesn't even provide:
> 
>         http://kvm.qumranet.com/kvmwiki/Networking

That is just plain wrong. Both KVM and Xen can use bridging in 
exactly the same way, and it works just fine with standard  tools
and initscripts provided in Fedora

  http://wiki.libvirt.org/page/Networking

> 
> IMHO, KVM's big win is that it doesn't interfere with ACPI functions,
> so features like CPU frequency throttling work even if you're running
> a KVM guest.
> 
> But man oh man, is public bridge networking in KVM a nightmare...

No, it is utterly trivial

  # cd /etc/sysconfig/network-script

  # cat > ifcfg-eth0 <<EOF
  DEVICE=eth0
  HWADDR=00:16:76:D6:C9:45
  ONBOOT=yes
  BRIDGE=br0
  EOF

  # cat > ifcfg-br0 <<EOF
  DEVICE=br0
  TYPE=Bridge
  BOOTPROTO=dhcp
  ONBOOT=yes
  EOF

  # service network restart

Job done, virt-manager will show you that br0 bridge and allow you to
attach a guest to it, or out of the box you can use the 'virbr0' for
NAT based connectivity that works even with wifi + network manager.

Daniel
-- 
|: Red Hat, Engineering, London   -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org  -o-  http://virt-manager.org  -o-  http://ovirt.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-  F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|

More information about the fedora-devel-list mailing list