[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] network idea

On Tue, 22 Jun 2004 15:13:25 +0100
Ian Pratt <Ian.Pratt@xxxxxxxxxxxx> wrote:
> We need to put our thinking caps on and figure out how we want
> domain bridging/networking/firewalling to work from a control
> software point of view, particularly with respect to domain
> migration and such like.
> Ian

I am experimenting with using VNET servers running in domain 0.

VNET can "foist" network interfaces at the MAC level onto other networks
(if there is another VNET server on the target subnet).  The NIC appears
at the same exact place as one of the other VNET server's host's
interfaces as a real NIC.

The IP administration is out of the scope of VNET and so it can be dealt
with any way.  Domains can appear on other domain0 private subnets but
also as first class members on the network that the other VNET server is
running on.

The aim is for VMs to migrate but keep the same IPs.  So as the VM
migrates, the "Proxy" VNET server (sitting with another proxy server
forming a VLAN) stays the same but the "Host" VNET server will be on a
new resource.

http://www.cs.northwestern.edu/~plab/Virtuoso/   ("Codes" section)

This paper explains much more than the readme:


p.s. As far as firewalling, here is a quote from the vnet paper linked
to above:

"A VNET client wishing to establish a handler between two VNET servers
can contact either one. This is convenient, because if only one of the
VNET servers is behind a NAT firewall, it can initiate the handler with
an outgoing connection through the firewall. If the client is on the
same network as the firewall, VNET then requires only that a single
port be open on the other site's firewall. If it is not, then both sites
need to allow a single port through. If the desired port is not
permitted through, there are two options. First, the VNET servers can be
configured to use a common port. Second, if only SSH connections are
possible, VNET's TCP connection can be tunneled through SSH."

This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com
Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.