I’ve a machine at Hetzner DE and have been pretty happy with it and their service in general. I used to run VMWare Server on it for virtualisation but have become a bit annoyed at the totally unfixable clock problems that seems to be the norm with VMWare guests.
First the good news. I decided to give XEN a try on it, same setup same spec virtual machine on the host doing the same workload as before, below a CPU usage graph before and after, enough said.
I know it’s not the same technology etc, but XEN VMs will do what I need now so it seems a good option for me.
Now for the bad, I had a few problems:
- Hetzner uses a DHCP/TFTP rescue system that is very useful, if I make a mistake in a network config for example I can sort it out via this. XEN by default works in a bridged mode that will change the MAC address for your eth0 to FE:FF:FF:FF:FF:FF. The problem is that Hetzner uses Realtek NICs which as most people know are uber crap. When the machine gets a normal alt-ctrl-del or other reboot other than a power cycle the NIC does not reset to the original MAC. So if I get a crash I wont ever get to the rescue system. This cost me 119 Euro this weekend in support fees.
- In the past I had a few crashes on this machine, adding acpi=force irqpoll noapic to the kernel command line solved it, however the XEN kernel won’t poll my drives properly without removing the noapic bit, so I hope my machine doesn’t become unstable all of a sudden.
I am using CentOS 5.0 on this machine that came with XEN out of the box so installation was dead easy, creating new VM’s are easy etc and very importantly I can manage the VM’s all through text consoles which was a pain for me under VMWare as I don’t use Windows or Linux, getting console access was tough.
So about the MAC address, this turned out incredibly easy to fix by turning the machine into a routed network setup instead of a bridge, so previously the network was bridging eth0 with the vif’s from the virtual machines onto the wire, this required the MAC address of eth0 to change. Moving to a routed setup required the following changes:
/etc/sysctl.conf:
net.ipv4.ip_forward = 1
net.ipv4.conf.all.proxy_arp = 1
This basically enables routing and sets up proxy arp across all interfaces, this is to work with Hetzner’s routing where they don’t actually add a route to my subnet over my eth0 but over to the switch is connected too. Proxy ARP sorts this out.
/etc/xen/xend-config.sxp:
#(network-script network-bridge)
#(vif-script vif-bridge)
(vif-script vif-route)
(network-script network-route)
This points XEN to its provided route scripts rather than the bridge ones.
Reboot virtual machines and thats that. Machine is perfectly happy, routing traffic and MAC address is correct.
Bonus is now all traffic gets routed through my Dom0 and I can now do all the firewalling there outside of my DomU’s which enhances security as it is essentially a border firewall.