Depending on your datacenter allotment of IP addresses, you may be required to use the xenserver hypervisor as a gateway in order to provide different IP subnets to your underlying virtual machines.
Our particular installation uses our datacenter “gateway/primary” IP as the xenserver management interface IP address on xenbr0. All other datacenter IP allotments will require us to route via our primary IP address that’s connected to datacenter’s gateway. (Essentially our primary IP is our VLAN gateway). We’ve turned IP forwarding on and enlisted strict iptables on the hypervisor itself.
Turn on IP Forwarding
To turn on ip forwarding within xenserver, edit /etc/sysctl.conf and change net.ipv4.ip_forward = 0 to a value of 1
Edit IP Tables for IP Forwarding
Add the following line to /etc/sysconfig/iptables after “-A RH-Firewall-1-INPUT -i lo -j ACCEPT”. If your management ip is publicly facing like ours, you may wish to implement additional firewall rules; such as deny management and SSH ports from unknown ip addresses.
-A RH-Firewall-1-INPUT -i xenbr0 -o xenbr0 -j ACCEPT
Adding Additional Aliases
Once your hypervisor is connected and routing properly to the main datacenter gateway, you’ll simply add a network alias via the command shell. You’ll find the configuration under /etc/sysconfig/network-scripts. A gateway entry should not be required since it’s an alias of your main interface.
# nano /etc/sysconfig/network-scripts/ifcfg-xenbr0:1
DEVICE=xenbr0:1 ONBOOT=yes BOOTPROTO=none NETMASK=255.255.255.248 IPADDR=126.96.36.199
This is our auto configured management interface ifcfg-xenbr0. Which was configured via the physical terminal xsconsole.
# DO NOT EDIT: This file (ifcfg-xenbr0) was autogenerated by interface-reconfigure XEMANAGED=yes DEVICE=xenbr0 ONBOOT=no TYPE=Bridge DELAY=0 STP=off PIFDEV=eth0 BOOTPROTO=none NETMASK=255.255.255.224 IPADDR=188.8.131.52 GATEWAY=184.108.40.206 MTU=1500
Apply and restart the necessary services
Some of you may wish to restart the physical machine which is just fine, however if this is a production system you may not want the downtime.
# sysctl -p # ifup xenbr0:1 # service iptables restart
We have to add a new alias and use up one of our IP’s each time we’re provided a different subnet of addresses (our datacenter provides a minimum of 2ip’s for this purpose, you can’t just order one). The virtual machines would use a gateway of the IP address assigned to the subnet as an alias.
For instance, if we request an additional IP from our datacenter we’re provided the 2 IP’s at minimum. (Let’s say 220.127.116.11 and 18.104.22.168). One of these will be eaten up as an alias/gateway, while the other will be used on a VM. It doesn’t matter which we use for either, but lets keep it simple and use the first/lower 22.214.171.124 as the alias on xenbr0 and 126.96.36.199 as the ip on the VM.
When we set up 188.8.131.52 as an alias following the instructions in this post, the VM can be assigned the ip address 184.108.40.206 using the gateway of 220.127.116.11 in order to get internet connectivity.