xen networking
Xen networking is a pain in the butt.
Due to my setup, bridge mode is non-workable. I don't want every vm on the same logical network. So, that leaves me with other options..
Use a dummy interface, and bridge that. This will probably be a good long term solution, but I have to recompile the Xen kernel..again.. to get this to work. The dummy driver is not included in the Xen kernel. bah.
Use network-nat and vif-nat. This gives every vm a virtual interface, and traffic is nat'ed from that, to the real eth0 interface. This is fine, but it creates iptabes rules FOR YOU. I don't like apps modifying my iptables rules on the fly. Still..this might be tenable, granted I can hack up the vif-nat script to not setup the rules for me..
Use a single nat'ed VM, and have internal vlan interfaces between inside vm's. This would give me an arbitrary virtual network internal, with just a single external nat'ed interface. I could even put an internal 'dmz' firewall installation in there. Layered security is great.
The downside to #3 is..it requires yet another kernel recompile. Virtual lan support is not in the Xen binaries by default either.
Xen is great for many things, but the poor documentation on Xen networking is not one of the highlights of using Xen. I will report back if I find any new or interesting information on Xen networking.
PS. I freakin love Markdown.