Xen project Mailing List

Re: [Xen-users] Guest Type for Network Management

To: Michel D'HOOGE <michel.dhooge@xxxxxxxxx>

From: rayj <ray3960852@xxxxxxxxx>

Date: Sat, 30 Dec 2017 13:16:07 -0600

Cc: xen-users@xxxxxxxxxxxxxxxxxxxx

Delivery-date: Sat, 30 Dec 2017 19:17:39 +0000

List-id: Xen user discussion <xen-users.lists.xenproject.org>

Michael,

Thank you.

On 12/29/2017 3:53 AM, Michel D'HOOGE wrote:

Hi,

I'll just answer that part:

Is it appropriate to include a firewall here or should different guests use
different firewalls?

Virtualizing some computers is not so different to having small,
concrete computers connected together into a LAN. So the answer is: it
depends ;-)

Having a firewall only in the network domain should spare some CPU
because the filtering is only done once. But this isn't maybe
fine-grained enough.
On the other hand, if your dom0 and domUs are doing very different
businesses, this could be easier to configure a firewall per dom.
And like in a real LAN, it also depends on how you trust every domU.

In your case (a laptop), filtering (and maybe NAT-ing for wireless) in
the network domain could be easier, because you'll have a single point
of configuration & management.

Michel

I appreciate your viewpoints. I do not have a variety of different functionality so it seems like a single firewall should be sufficient.

Ray

-- 
Ray Joseph, PE
832 586-5854
ray@xxxxxxxxx

_______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-users

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.