[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Xen-users] XCP Xen Cloud Control System ver 0.3 released!

  • To: "Vern Burke" <vburke@xxxxxxxx>, <xen-users@xxxxxxxxxxxxxxxxxxx>
  • From: "Jonathan Tripathy" <jonnyt@xxxxxxxxxxx>
  • Date: Tue, 25 May 2010 15:24:27 +0100
  • Cc:
  • Delivery-date: Tue, 25 May 2010 07:26:28 -0700
  • List-id: Xen user discussion <xen-users.lists.xensource.com>
  • Thread-index: Acr8Ex3GgH6Iz5ZBQeW/KVy8Ko9TFQAAt2Uo
  • Thread-topic: [Xen-users] XCP Xen Cloud Control System ver 0.3 released!
You could try this:
 
Don't know if it will stop DHCP broadcasts, but maybe...

From: Vern Burke [mailto:vburke@xxxxxxxx]
Sent: Tue 25/05/2010 15:04
To: matt@xxxxxxxxxxxxxxxxxx
Cc: Jonathan Tripathy; xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] XCP Xen Cloud Control System ver 0.3 released!

I only do static IP assignments on the VMs. I have no idea how you'd
stop a VM from running a DHCP server from outside the VM (not that I can
imagine why anyone would want to do that anyways). The best answer I've
found for a lot of shennanigans is a zero tolerance policy in the terms
of service (do it and you're gone, period).

Openflow looks like it might be useful except I'm not seeing much for
controllers. I'm still pondering how to make best use of the
capabilities of openvswitch.

XCCS multitenancy will provide a reduced set of functions to customers
for controlling their own VMs with the end goal being self provisioning
and automatic billing.

Vern


On 5/25/2010 4:49 AM, Matthew Law wrote:
> Hi Verne,
>
> a fine job!
>
> Do you assign domU addresses from a DHCP server and if so how do you stop
> a rogue VM from running it's own DHCP server and answering DHCP requests
> from other domUs as they start up?
>
> The default config for XCP does let a domU spoof IP addresses.  I asked
> some questions on the openvswitch list recently and I get the impression
> that with a separate flow controller box you could do some quite
> fine-grained control of network properties even through migration.
>
> What plans do you have for the multi-tenancy side of things? - if you need
> any help with database development or the web frontend I would be more
> than willing to help out (thats my background).
>
>
> Cheers,
>
> Matt
>
> On Mon, May 24, 2010 11:09 pm, Vern Burke wrote:
>   
>> Jonathan:
>>     I don't think there's much to do about preventing someone breaking out
>> of a DomU. As I've said before, that would have to be a severe fubar of
>> the hypervisor and it's not likely.
>>
>> Protecting the Dom0 is really nothing more than the standard best
>> practices for any Internet connected server.
>>
>> If you're really concerned about packet sniffing you could always use a
>> private vswitch and use a Vyatta virtual router and VPN out to wherever
>> you're going.
>>
>> Vern
>> Sent from my BlackBerry® wireless device from U.S. Cellular
>>     
>
>
>   

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.