This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-devel] will this clever plan work?

> and if I could make it run out of flash memory, it would be the cat's
> ass[1]

You can also pull tricks like running the firewall out of a ramdisk or using a 
CoW LVM VBD so that you can be sure that you can always roll its state back 
to a known config (e.g. after a hacking attempt).

> can the two domains communicate over a virtual NIC?  the reason I ask is
> that since most of the control is by a Web interface, we would need to
> tickle the control system in dom0 or at least proxy to it.

Oooh, are you using xensv (the pretty one)?  Or the Xend web interface?  How's 
it working for you?  I think most people use the xm tool at the console or 
via SSH.

I'm not sure that you can currently get dom0 to use a virtual NIC but it's 
certainly technically possible with a little hacking.  Using a dedicated 
management NIC to talk to dom0 would work right now and has the advantage 
that you could access it even if you exploded your firewall VM ;-)

> I really need to learn how the whole storage metaphor is organized..  I
> don't know enough to ask the right questions yet.  I probably should
> just set up a system with a real standard disk image and partitioning
> and start breaking it.

Linux generally doesn't expect to have filesystems modified underneath it, so 
(unless you're using a cluster filesystem like GFS, etc) Linux will get very 
confused if another domain modifies a filesystem it had been using.  If two 
Linux domains both write to a filesystem then you're certainly going to hose 
it as well as confusing both kernels.

In general, sharing block devices should *only* be read-only by all clients 
unless you're using a cluster FS.  Xend generally shouts at you if you try to 
do something it thinks is unsafe (unless you force the operation).

NFS has support for shared write access, with the server managing consistency 
of the metadata so you can share NFS filesystems safely.

> on a humorous aside, VBD used to refer to people who are so insecure in
> their manhood that they used proxies like expensive cars, trophy wives,
> etc. to show that they had a VBD.

That interpretation of the acronym hadn't occurred to me before!


This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
Xen-devel mailing list

<Prev in Thread] Current Thread [Next in Thread>