From: Asias He <asias.hejun@gmail.com>
To: Arnd Bergmann <arnd@arndb.de>
Cc: Ingo Molnar <mingo@elte.hu>,
"Michael S. Tsirkin" <mst@redhat.com>,
Jason Wang <jasowang@redhat.com>,
Pekka Enberg <penberg@kernel.org>, Amos Kong <akong@redhat.com>,
kvm@vger.kernel.org
Subject: Re: Does macvtap support host to guest communication?
Date: Mon, 18 Apr 2011 22:30:11 +0800 [thread overview]
Message-ID: <4DAC4AF3.3080107@gmail.com> (raw)
In-Reply-To: <201104181520.18061.arnd@arndb.de>
On 04/18/2011 09:20 PM, Arnd Bergmann wrote:
> On Monday 18 April 2011, Ingo Molnar wrote:
>>> Only in VEPA mode. Note that a similar restriction applies when using the
>>> bridge device, for the same technical reasons.
>>
>> Just to sum things up, our goal is to allow the tools/kvm/ unprivileged tool to
>> provide TCP connectivity to Linux guests transparently, with the following
>> parameters:
>>
>> - the kvm tool runs unprivileged - as ordinary user
>>
>> - without having to configure much (preferably zero configuration: without
>> having to configure anything) on the guest Linux side
>>
>> - multiple guests should just work without interfering with each other
>>
>> - the kvm tool wants to be stateless - i.e. it does not want to allocate or
>> manage host side devices - it just wants to provide the kind of TCP/IP
>> connectivity host unprivileged user-space has, to the guest. The tool wants
>> to be a generic tool with no global state, not a daemon.
>>
>> So it wants to be a stateless, unprivileged and zero-configuration solution.
>>
>> Is this possible with macvtap, and if yes, what kind of macvtap mode and usage
>> would you recommend for that goal?
>
> With the above requirements, I would suggest using something like the the qemu
> user networking. This is slower and does not allow servers to be present in
> the guest, but those are not your goal as it seems.
>
> The primary goals of macvtap are to allow efficient networking (zero-copy,
> multi-queue, although we're not completely there yet) and proper security
> abstractions.
>
> If you want a guest to appear on the same network as the host, you can not
> do that without privileges to manage the host network setup, and I guess that
> will have to stay that way.
We do need "guest appearing on the same network as the host" support as
well. The reason I am considering using macvatp instead of tap plus
brctl is that it simplifies the bridge configuration and it is more
efficient.
However, IMHO, the interface of macvtap is not user friendly, at least
for me. I have no idea about the technical reasons that make the
low-level device inaccessible. But if it is accessible, a lot of
configuration can be eliminated. I know virtualbox's bridge mode has
this kind of restriction, while VMware's bridge mode does not.
>
> Arnd
>
--
Best Regards,
Asias He
next prev parent reply other threads:[~2011-04-18 14:31 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-04-18 6:10 Does macvtap support host to guest communication? Asias He
2011-04-18 6:58 ` Arnd Bergmann
2011-04-18 10:21 ` Asias He
2011-04-18 10:53 ` Arnd Bergmann
2011-04-18 12:01 ` Ingo Molnar
2011-04-18 13:20 ` Arnd Bergmann
2011-04-18 14:30 ` Asias He [this message]
2011-04-18 15:05 ` Arnd Bergmann
2011-04-18 15:28 ` Asias He
2011-04-19 12:14 ` Arnd Bergmann
[not found] ` <BANLkTi=MYexojZrCS_EMuHq+A1=zFyxM6g@mail.gmail.com>
2011-04-21 14:54 ` Arnd Bergmann
2011-04-26 9:34 ` Michael S. Tsirkin
2011-04-18 13:29 ` Michael S. Tsirkin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4DAC4AF3.3080107@gmail.com \
--to=asias.hejun@gmail.com \
--cc=akong@redhat.com \
--cc=arnd@arndb.de \
--cc=jasowang@redhat.com \
--cc=kvm@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=mst@redhat.com \
--cc=penberg@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.