Hi Mike,
1) By way of example, if domU1 on machine M1 is communicating with two
other domains, domU2 and domU3 on machine M2, how does the
hypervisor/ACM on M1 differentiate between inbound/outbound traffic
destined only for domU2 or domU3 and ensure that traffic is routed to
the proper domain?
Packet forwarding in Xen is handled on behalf of domU's by the Linux
forwarding code running in dom0. Depending on the machine's set up,
it will either use the linux bridge (currently the default) or routing
code to forward packets. Depending on which of these is used, dom0
demuxes received packets based on their MAC or IP address, and passes
them along to the appropriate domU.
2) Is all of the traffic between various domains encrypted to prevent
eavesdropping via network sniffing?
Xen is generally unconcerned with the contents of the data that it is
forwarding. One exception to this is the antispoof feature which
validates source IPs on transmit to ensure that they are valid. There
is some code in the tools tree to provide VPN functionality between
VMs on different physical hosts. It was written by Mike Wray at HP
and I'm not sure if it's been used by anyone recently. In general, I
think we would generally view encryption as being an end-to-end thing
that's best handled within individual domUs.
I've read the paper, "DeuTeRium -- A System for Distributed Mandatory
Access Control" but it's not clear to me from the actual implementation
examples and documentation how you set up the IPSEC labeled tunneling
mechanism and ensure validation of all traffic passing between the
various domains.
I can't seem to find a copy of this paper on the web, so this is
likely a question for Reiner. ;)
hth,
a.
_______________________________________________
Xense-devel mailing list
Xense-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xense-devel
|