Xen project Mailing List

Re: [Xen-devel] network idea

From: Tim Freeman <tfreeman@xxxxxxxxxxx>

Date: Tue, 22 Jun 2004 10:40:56 -0500

Delivery-date: Tue, 22 Jun 2004 16:42:04 +0100

List-id: List for Xen developers <xen-devel.lists.sourceforge.net>

On Tue, 22 Jun 2004 15:13:25 +0100 Ian Pratt <Ian.Pratt@xxxxxxxxxxxx> wrote: > We need to put our thinking caps on and figure out how we want > domain bridging/networking/firewalling to work from a control > software point of view, particularly with respect to domain > migration and such like. > > Ian I am experimenting with using VNET servers running in domain 0. VNET can "foist" network interfaces at the MAC level onto other networks (if there is another VNET server on the target subnet). The NIC appears at the same exact place as one of the other VNET server's host's interfaces as a real NIC. The IP administration is out of the scope of VNET and so it can be dealt with any way. Domains can appear on other domain0 private subnets but also as first class members on the network that the other VNET server is running on. The aim is for VMs to migrate but keep the same IPs. So as the VM migrates, the "Proxy" VNET server (sitting with another proxy server forming a VLAN) stays the same but the "Host" VNET server will be on a new resource. http://www.cs.northwestern.edu/~plab/Virtuoso/ ("Codes" section) This paper explains much more than the readme: http://www.cs.northwestern.edu/~plab/Virtuoso/usenix-vm04-vnet.pdf Tim p.s. As far as firewalling, here is a quote from the vnet paper linked to above: "A VNET client wishing to establish a handler between two VNET servers can contact either one. This is convenient, because if only one of the VNET servers is behind a NAT firewall, it can initiate the handler with an outgoing connection through the firewall. If the client is on the same network as the firewall, VNET then requires only that a single port be open on the other site's firewall. If it is not, then both sites need to allow a single port through. If the desired port is not permitted through, there are two options. First, the VNET servers can be configured to use a common port. Second, if only SSH connections are possible, VNET's TCP connection can be tunneled through SSH." ------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.