WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] Creating a local network within the GuestOS and r outing

To: David Becker <becker@xxxxxxxxxxx>
Subject: Re: [Xen-devel] Creating a local network within the GuestOS and r outing to an ext ernal network
From: Ian Pratt <Ian.Pratt@xxxxxxxxxxxx>
Date: Thu, 19 Feb 2004 17:49:12 +0000
Cc: xen-devel@xxxxxxxxxxxxxxxxxxxxx, Ian.Pratt@xxxxxxxxxxxx
Delivery-date: Thu, 19 Feb 2004 18:02:52 +0000
Envelope-to: steven.hand@xxxxxxxxxxxx
In-reply-to: Your message of "Thu, 19 Feb 2004 12:31:49 EST." <20040219173149.GW8763@xxxxxxxxxxx>
List-archive: <http://sourceforge.net/mailarchive/forum.php?forum=xen-devel>
List-help: <mailto:xen-devel-request@lists.sourceforge.net?subject=help>
List-id: List for Xen developers <xen-devel.lists.sourceforge.net>
List-post: <mailto:xen-devel@lists.sourceforge.net>
List-subscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=subscribe>
List-unsubscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=unsubscribe>
Sender: xen-devel-admin@xxxxxxxxxxxxxxxxxxxxx
> Will this layer 2 switch supplant the current code, or be an addition?

An addition. Xen is being used by a lot of different groups in a
lot of different ways.

> " Xen won't be able to enforce IP firewalling for you, but
> 
> But this is a feature!   We want that external IP layer enforcement.
> For our purposes, full layer 2 network access by any domain is a bad
> thing.

Mike's code also has a concept of 'virtual network'; only hosts
on the same virtual network are visible to each other.

It's probably a fairly simple modification to only allow hosts to
talk to e.g. domain 0, then implement IPv6 firewalling using
iptables in the domain.

The "correct" solution would be to implement an IPv6-capable VFR
in Xen (which is actually very easy), but since this code is all
going to change in the new IO world I wouldn't advise embarking
on such a project right now unless you need it urgently.

Ian


-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel