Re: [Qemu-devel] [PATCH] mark nic as trusted

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Jamie Lokier <jamie@shareable.org>
To: dlaor@redhat.com, qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH] mark nic as trusted
Date: Sat, 10 Jan 2009 02:27:59 +0000	[thread overview]
Message-ID: <20090110022759.GK1972@shareable.org> (raw)
In-Reply-To: <496688D9.1040708@redhat.com>

Dor Laor wrote:
>      As the guest OS's TCP is being used, what do you do about IP address
>      space conflicts?
> 
>      I.e. if NIC #1 is the guest's LAN, and NIC #2 is the vmchannel, how
>      is
>      the vmchannel NIC going to be configured in a way that's guaranteed
>      to
>      avoid breaking the LAN networking, which could be assigned any legal
>      subnet (especially when bridging is used), and on some networks
>      changes from time to time?
> 
>      Perhaps vmchannel will only use IPv6, so it can confidently pick a
>      unique link-local address?
>
> We plan to pick link local subnets for ipv4.
> It solved all the above questions.

Using an ipv4 link local subnet for the vmchannel may break many
guests.  The guest's LAN may also be configured with a link local
subnet, so routing will get messed up.

When bridged to the host LAN, any Windows guest on a LAN without DHCP
will break, for example; so will current Linux distros.  They use a
link local subnet for the LAN interface, when DHCP is not detected.

(They might do something else when there's a second NIC, though.  That
would just be a further complication - you want the vmchannel NIC to
have no visible effect other than the vmchannel apps working).

In fact, the guest's LAN may regularly _change_ between a link local
subnet, a public IP subnet, and a private scope IP subnet (192.168..),
while the guest is running.

This can happen if the guest is bridged to the host's LAN, and the
host is on a network where DHCP is working sometimes, or where the
host is being moved between networks such as a laptop host.

> w.r.t the option of using virtio nic, there is advantage of using
> any other nic since this way there is no requirement to install
> virtio driver on windows or on other older Linux/other OSs.

I agree.  Simple vmchannel monitoring apps may port easily to OSes
which don't have a virtio driver, or even run without any changes if
they're simple enough and statically linked.

-- Jamie

next prev parent reply	other threads:[~2009-01-10  2:28 UTC|newest]

Thread overview: 34+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-01-07 14:26 [Qemu-devel] [PATCH] mark nic as trusted Gleb Natapov
2009-01-07 15:04 ` Mark McLoughlin
2009-01-07 15:19   ` Gleb Natapov
2009-01-07 15:41     ` Mark McLoughlin
2009-01-07 16:02       ` Gleb Natapov
2009-01-07 16:34 ` Anthony Liguori
2009-01-07 16:50   ` Gleb Natapov
2009-01-07 17:53     ` Anthony Liguori
2009-01-07 17:54       ` Anthony Liguori
2009-01-07 18:41         ` Gleb Natapov
2009-01-07 19:26           ` Anthony Liguori
2009-01-07 19:46             ` Gleb Natapov
2009-01-08 19:58               ` Anthony Liguori
2009-01-08 21:26                 ` Gleb Natapov
2009-01-08 21:42                   ` Anthony Liguori
2009-01-08 22:49                     ` Jamie Lokier
2009-01-08 23:14                       ` Dor Laor
2009-01-09 10:41                         ` Daniel P. Berrange
2009-01-10  2:18                           ` Jamie Lokier
2009-01-10 18:22                             ` Anthony Liguori
2009-01-11  4:55                               ` Jamie Lokier
2009-01-11  7:10                                 ` Blue Swirl
2009-01-11 14:08                                   ` Carl-Daniel Hailfinger
2009-01-11 15:07                                     ` Dor Laor
2009-01-11 15:34                                       ` Blue Swirl
2009-01-11 16:01                                         ` Dor Laor
2009-01-12  2:20                                           ` Jamie Lokier
2009-01-12  8:05                                             ` Gleb Natapov
2009-01-12 12:26                                               ` Dor Laor
2009-01-10  2:27                         ` Jamie Lokier [this message]
2009-01-08 23:26                       ` Anthony Liguori
2009-01-10  2:31                         ` Jamie Lokier
2009-01-10 18:24                           ` Anthony Liguori
2009-01-11  4:40                             ` Jamie Lokier

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20090110022759.GK1972@shareable.org \
    --to=jamie@shareable.org \
    --cc=dlaor@redhat.com \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.