WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] network idea

On Tue, 22 Jun 2004 15:13:25 +0100
Ian Pratt <Ian.Pratt@xxxxxxxxxxxx> wrote:
 
> We need to put our thinking caps on and figure out how we want
> domain bridging/networking/firewalling to work from a control
> software point of view, particularly with respect to domain
> migration and such like.
> 
> Ian

I am experimenting with using VNET servers running in domain 0.

VNET can "foist" network interfaces at the MAC level onto other networks
(if there is another VNET server on the target subnet).  The NIC appears
at the same exact place as one of the other VNET server's host's
interfaces as a real NIC.

The IP administration is out of the scope of VNET and so it can be dealt
with any way.  Domains can appear on other domain0 private subnets but
also as first class members on the network that the other VNET server is
running on.

The aim is for VMs to migrate but keep the same IPs.  So as the VM
migrates, the "Proxy" VNET server (sitting with another proxy server
forming a VLAN) stays the same but the "Host" VNET server will be on a
new resource.

http://www.cs.northwestern.edu/~plab/Virtuoso/   ("Codes" section)

This paper explains much more than the readme:
http://www.cs.northwestern.edu/~plab/Virtuoso/usenix-vm04-vnet.pdf

Tim   


p.s. As far as firewalling, here is a quote from the vnet paper linked
to above:

"A VNET client wishing to establish a handler between two VNET servers
can contact either one. This is convenient, because if only one of the
VNET servers is behind a NAT firewall, it can initiate the handler with
an outgoing connection through the firewall. If the client is on the
same network as the firewall, VNET then requires only that a single
port be open on the other site's firewall. If it is not, then both sites
need to allow a single port through. If the desired port is not
permitted through, there are two options. First, the VNET servers can be
configured to use a common port. Second, if only SSH connections are
possible, VNET's TCP connection can be tunneled through SSH."



-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel