[plug] DIY hosting - worth it?
Adrian Chadd
adrian at creative.net.au
Sun Oct 1 22:59:04 WST 2006
On Sun, Oct 01, 2006, Gavin Chester wrote:
> Thanks for such a comprehensive reply - you give much food for thought.
> I must look into xen some, I wonder if I could manage on a low-spec box
> and split it so that it could safely serve as both a firewall and web
> server without compromising the integrity of each. Then I could get
> away with using one box instead of two between my private network and
> the big, bad world :-)
I've got a 'test' xen server at home which I do some development on.
Its got:
* two ethernet cards - one into public IP space (/29 at home) and
the other into my NATted RFC1918;
* some Xens run in the /29 (well, two), some run just on internal IPs,
* some run with two virtual nics, one in each
* and iptables+nat works fine inside the Xen.
So its definitely possible. Paravirtualised Xen (ie, hypervisor with
modified Linux kernels that are "xen-aware") is quite light on the
system resources. The big thing to realise is that all the device
IO (network and disk) is going from the virtual servers (domU's) to the
"master" server (dom0) which controls the physical devices.
So you do pay a slight penalty there as Dom0 has to handle the IO
and then send it into the domU. Its not that bad unless you're trying
to push the machines quite hard and it means your Dom0 is actually
using quite a bit of CPU (as its handling all the IO :). Just stuff
to keep in mind.
Adrian
More information about the plug
mailing list