From mboxrd@z Thu Jan 1 00:00:00 1970 From: Mike Day Subject: Re: RFC: virtual network access control Date: Fri, 28 Jul 2006 19:43:20 -0400 Message-ID: <20060728234320.GC6701@localhost.localdomain> References: <409ef10e77d37de5c12024a3cbf3ba7a@cl.cam.ac.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Return-path: Content-Disposition: inline In-Reply-To: List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: Reiner Sailer Cc: xen-devel@lists.xensource.com, xense-devel@lists.xensource.com, Bryan D Payne List-Id: xen-devel@lists.xenproject.org On 28/07/06 12:30 -0400, Reiner Sailer wrote: > > In terms of cost, an extra hypercall per packet will have measurable > > cost, at least in CPU usage, for high-bandwidth network transfers. > > > > -- Keir > > > You only make the decision once for the first packet exchanged between > two interfaces. Afterwards you reuse this decision for this interface > pair (local cache). You basically have the cost of looking up a > decision locally. This is a key principle of "shype" - that they hypervisor authorizes the channel when it to be set up. As long as the channel persists unchaged (no additional parties, not policy modifications) there is no need to perform further authorization. It performs a different level of authorization than packet filtering does, and it is another layer of depth in a multi-layer defense. Mike