RE: network idea

RE: network idea

[James Harper]

I'm just looking at this now. I think that to do this I need to comment
out anything bridge related in
linux-2.4.26-xen-sparse/arch/xen/drivers/netif/backend/interface.c
so that xen doesn't do any bridging stuff, and then hook into xend so
that it can call my scripts when the netif_fe_interface_status_changed
events occur. It's the second bit I'm having trouble with... where
should that hook into? I can see where xend might sends such events...
maybe it doesn't have visibility to receiving them???

By taking the bridge stuff out of xen and putting it all in userland, it
means that we can route packets or bridge interfaces or completely
isolate them if desired. My reasons for doing it is that my server has 3
network cards, but any domain is only going to connect to 1 or 2 of
them, but not necessarily the same 1 or 2 as other domains.

Any suggestions?

Thanks

James

> -----Original Message-----
> From: xen-devel-admin@lists.sourceforge.net [mailto:xen-devel-
> admin@lists.sourceforge.net] On Behalf Of James Harper
> Sent: Tuesday, 22 June 2004 20:43
> To: xen-devel@lists.sourceforge.net
> Subject: [Xen-devel] network idea
> 
> In order to make xend a bit more flexible about what it does with
> networking, would it be possible to have it just call out scripts like
> pppd (on debian at least) does.
> 
> The idea would be /etc/xend/netup.d and /etc/xend/netdown.d
directories
> in which scripts are called with 'runparts' when a network interface
on
> a domain starts or stops (or similar hooks). To be useful the scripts
> would need at least the following args passed in:
> vmid - id of vm
> index - network interface no
> netif - eg vif1.3
> name - name of vm
> 
> I know very little about python, but a fair bit about linux systems
> programming in general and so would be happy to tackle this myself
> unless it's already in progress or is a stupid idea...
> 
> Thanks
> 
> James
> 
> 
> 
> -------------------------------------------------------
> This SF.Net email sponsored by Black Hat Briefings & Training.
> Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
> digital self defense, top technical experts, no vendor pitches,
> unmatched networking opportunities. Visit www.blackhat.com
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/xen-devel


-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com

Re: network idea

[Keir Fraser]

> I'm just looking at this now. I think that to do this I need to comment
> out anything bridge related in
> linux-2.4.26-xen-sparse/arch/xen/drivers/netif/backend/interface.c
> so that xen doesn't do any bridging stuff, and then hook into xend so
> that it can call my scripts when the netif_fe_interface_status_changed
> events occur. It's the second bit I'm having trouble with... where
> should that hook into? I can see where xend might sends such events...
> maybe it doesn't have visibility to receiving them???

Xend will certainly see these messages, and it also has an event
server for notifying interested parties when noteworthy events
occur. Probably something ought to be hooked via that --- Mike Wray at
HP will know more, since he wrote it. :-)

 -- Keir


-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com

Re: network idea

[Ian Pratt]

> I'm just looking at this now. I think that to do this I need to comment
> out anything bridge related in
> linux-2.4.26-xen-sparse/arch/xen/drivers/netif/backend/interface.c
> so that xen doesn't do any bridging stuff, and then hook into xend so
> that it can call my scripts when the netif_fe_interface_status_changed
> events occur. It's the second bit I'm having trouble with... where
> should that hook into? I can see where xend might sends such events...
> maybe it doesn't have visibility to receiving them??? 

James, 

The bridge stuff should be moving out of backend/interface.c and
into a xend invoked script any day now  -- stay tuned ;-)

> By taking the bridge stuff out of xen and putting it all in userland, it
> means that we can route packets or bridge interfaces or completely
> isolate them if desired. My reasons for doing it is that my server has 3
> network cards, but any domain is only going to connect to 1 or 2 of
> them, but not necessarily the same 1 or 2 as other domains.

We need to put our thinking caps on and figure out how we want
domain bridging/networking/firewalling to work from a control
software point of view, particularly with respect to domain
migration and such like.

Ian


 
> Any suggestions?
> 
> Thanks
> 
> James
> 
> > -----Original Message-----
> > From: xen-devel-admin@lists.sourceforge.net [mailto:xen-devel-
> > admin@lists.sourceforge.net] On Behalf Of James Harper
> > Sent: Tuesday, 22 June 2004 20:43
> > To: xen-devel@lists.sourceforge.net
> > Subject: [Xen-devel] network idea
> > 
> > In order to make xend a bit more flexible about what it does with
> > networking, would it be possible to have it just call out scripts like
> > pppd (on debian at least) does.
> > 
> > The idea would be /etc/xend/netup.d and /etc/xend/netdown.d
> directories
> > in which scripts are called with 'runparts' when a network interface
> on
> > a domain starts or stops (or similar hooks). To be useful the scripts
> > would need at least the following args passed in:
> > vmid - id of vm
> > index - network interface no
> > netif - eg vif1.3
> > name - name of vm
> > 
> > I know very little about python, but a fair bit about linux systems
> > programming in general and so would be happy to tackle this myself
> > unless it's already in progress or is a stupid idea...
> > 
> > Thanks
> > 
> > James
> > 
> > 
> > 
> > -------------------------------------------------------
> > This SF.Net email sponsored by Black Hat Briefings & Training.
> > Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
> > digital self defense, top technical experts, no vendor pitches,
> > unmatched networking opportunities. Visit www.blackhat.com
> > _______________________________________________
> > Xen-devel mailing list
> > Xen-devel@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/xen-devel
> 
> 
> -------------------------------------------------------
> This SF.Net email sponsored by Black Hat Briefings & Training.
> Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
> digital self defense, top technical experts, no vendor pitches, 
> unmatched networking opportunities. Visit www.blackhat.com
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/xen-devel
\x1f -=- MIME -=- \x1f\f

I'm just looking at this now. I think that to do this I need to comment
out anything bridge related in
linux-2.4.26-xen-sparse/arch/xen/drivers/netif/backend/interface.c
so that xen doesn't do any bridging stuff, and then hook into xend so
that it can call my scripts when the netif_fe_interface_status_changed
events occur. It's the second bit I'm having trouble with... where
should that hook into? I can see where xend might sends such events...
maybe it doesn't have visibility to receiving them???

By taking the bridge stuff out of xen and putting it all in userland, it
means that we can route packets or bridge interfaces or completely
isolate them if desired. My reasons for doing it is that my server has 3
network cards, but any domain is only going to connect to 1 or 2 of
them, but not necessarily the same 1 or 2 as other domains.

Any suggestions?

Thanks

James

> -----Original Message-----
> From: xen-devel-admin@lists.sourceforge.net [mailto:xen-devel-
> admin@lists.sourceforge.net] On Behalf Of James Harper
> Sent: Tuesday, 22 June 2004 20:43
> To: xen-devel@lists.sourceforge.net
> Subject: [Xen-devel] network idea
>=20
> In order to make xend a bit more flexible about what it does with
> networking, would it be possible to have it just call out scripts like
> pppd (on debian at least) does.
>=20
> The idea would be /etc/xend/netup.d and /etc/xend/netdown.d
directories
> in which scripts are called with 'runparts' when a network interface
on
> a domain starts or stops (or similar hooks). To be useful the scripts
> would need at least the following args passed in:
> vmid - id of vm
> index - network interface no
> netif - eg vif1.3
> name - name of vm
>=20
> I know very little about python, but a fair bit about linux systems
> programming in general and so would be happy to tackle this myself
> unless it's already in progress or is a stupid idea...
>=20
> Thanks
>=20
> James
>=20
>=20
>=20
> -------------------------------------------------------
> This SF.Net email sponsored by Black Hat Briefings & Training.
> Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
> digital self defense, top technical experts, no vendor pitches,
> unmatched networking opportunities. Visit www.blackhat.com
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/xen-devel


-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xen-devel



-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com

Re: network idea

[Tim Freeman]

On Tue, 22 Jun 2004 15:13:25 +0100
Ian Pratt <Ian.Pratt@cl.cam.ac.uk> wrote:
 
> We need to put our thinking caps on and figure out how we want
> domain bridging/networking/firewalling to work from a control
> software point of view, particularly with respect to domain
> migration and such like.
> 
> Ian

I am experimenting with using VNET servers running in domain 0.

VNET can "foist" network interfaces at the MAC level onto other networks
(if there is another VNET server on the target subnet).  The NIC appears
at the same exact place as one of the other VNET server's host's
interfaces as a real NIC.

The IP administration is out of the scope of VNET and so it can be dealt
with any way.  Domains can appear on other domain0 private subnets but
also as first class members on the network that the other VNET server is
running on.

The aim is for VMs to migrate but keep the same IPs.  So as the VM
migrates, the "Proxy" VNET server (sitting with another proxy server
forming a VLAN) stays the same but the "Host" VNET server will be on a
new resource.

http://www.cs.northwestern.edu/~plab/Virtuoso/   ("Codes" section)

This paper explains much more than the readme:
http://www.cs.northwestern.edu/~plab/Virtuoso/usenix-vm04-vnet.pdf

Tim   


p.s. As far as firewalling, here is a quote from the vnet paper linked
to above:

"A VNET client wishing to establish a handler between two VNET servers
can contact either one. This is convenient, because if only one of the
VNET servers is behind a NAT firewall, it can initiate the handler with
an outgoing connection through the firewall. If the client is on the
same network as the firewall, VNET then requires only that a single
port be open on the other site's firewall. If it is not, then both sites
need to allow a single port through. If the desired port is not
permitted through, there are two options. First, the VNET servers can be
configured to use a common port. Second, if only SSH connections are
possible, VNET's TCP connection can be tunneled through SSH."



-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com

Grub & boot problems with Xen

[Rune Johan Andresen]

Hi, I am in the beginning stage of Xen and am trying to install on a 
Red Hat 7.x distribution (Yes, very old but I need it to function on 
this dinosaur, if possible!) I am now following the CD DOCUMENTATION 
and copied the xen.gz & xenolinux.gz to the /boot folder. (the 
bootloader IS grub).

When i reboot with xen (and not redhat) i get a errormessage:

Can't find file image.gz

The grub.conf looks like this:

default=0
timeout=10
splashimage=(hd0,0)/grub/splash.xmp.gz

title Xen / Xenlinux 2.4.22
	root(hd0,0)
	kernel /boot/image.gz dom0_mem=131072 ser_baud=115200 noht
	module /boot/xenolinux.gz root=/dev/sda4 no console=tty0


another DOCUMENT from Xen also used xen.gz instead for image.gz. Why is 
that? Need some warm up here.

Thanks for all help!!!

Regards
Rune 
  



-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com

Re: Grub & boot problems with Xen

[Rolf Neugebauer]

On Tue, 2004-06-22 at 17:12, Rune Johan Andresen wrote:
> Hi, I am in the beginning stage of Xen and am trying to install on a 
> Red Hat 7.x distribution (Yes, very old but I need it to function on 
> this dinosaur, if possible!) I am now following the CD DOCUMENTATION 
> and copied the xen.gz & xenolinux.gz to the /boot folder. (the 
> bootloader IS grub).
> 
> When i reboot with xen (and not redhat) i get a errormessage:
> 
> Can't find file image.gz
> 
> The grub.conf looks like this:
> 
> default=0
> timeout=10
> splashimage=(hd0,0)/grub/splash.xmp.gz
> 
> title Xen / Xenlinux 2.4.22
> 	root(hd0,0)
> 	kernel /boot/image.gz dom0_mem=131072 ser_baud=115200 noht
> 	module /boot/xenolinux.gz root=/dev/sda4 no console=tty0
> 
> 
> another DOCUMENT from Xen also used xen.gz instead for image.gz. Why is 
> that? Need some warm up here.

the 'kernel' grub is booting should be that of the Xen VMM (the module
line tells xen which image to use for domain 0). If you copied the xen
image of the CD and it is called xen.gz the kernel line for the grub
entry should read:
kernel /boot/xen.gz dom0_mem=131072 ser_baud=115200 noht

Rolf

> Thanks for all help!!!
> 
> Regards
> Rune 
>   
> 
> 
> 
> -------------------------------------------------------
> This SF.Net email sponsored by Black Hat Briefings & Training.
> Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
> digital self defense, top technical experts, no vendor pitches, 
> unmatched networking opportunities. Visit www.blackhat.com
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/xen-devel



-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com

Re: Grub & boot problems with Xen

[Niraj Tolia]

On Tue, 22 Jun 2004 18:12:50 +0200, Rune Johan Andresen
<runejoha@idi.ntnu.no> wrote:
> 
> 
> Hi, I am in the beginning stage of Xen and am trying to install on a
> Red Hat 7.x distribution (Yes, very old but I need it to function on
> this dinosaur, if possible!) I am now following the CD DOCUMENTATION
> and copied the xen.gz & xenolinux.gz to the /boot folder. (the
> bootloader IS grub).
> 
> When i reboot with xen (and not redhat) i get a errormessage:
> 
> Can't find file image.gz
> 
> The grub.conf looks like this:
> 
> default=0
> timeout=10
> splashimage=(hd0,0)/grub/splash.xmp.gz
> 
> title Xen / Xenlinux 2.4.22
>         root(hd0,0)
>         kernel /boot/image.gz dom0_mem=131072 ser_baud=115200 noht
Rune,

The above line should be 
kernel /boot/xen.gz <params>. Try that and let us know if it works.

Niraj
>         module /boot/xenolinux.gz root=/dev/sda4 no console=tty0
> 
> another DOCUMENT from Xen also used xen.gz instead for image.gz. Why is
> that? Need some warm up here.
> 
> Thanks for all help!!!
> 
> Regards
> Rune
> 
> -------------------------------------------------------
> This SF.Net email sponsored by Black Hat Briefings & Training.
> Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
> digital self defense, top technical experts, no vendor pitches,
> unmatched networking opportunities. Visit www.blackhat.com
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/xen-devel
>


-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com

Re: network idea

[Tim Freeman]

What are the general plans for migration and bridging?

I'm new to Xen, maybe this has been covered, sorry if it has. Is the
plan to have the new xend talk to other xend's on other resources?

Thanks,

Tim


-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com

Re: network idea

[Ian Pratt]

> What are the general plans for migration and bridging?
> 
> I'm new to Xen, maybe this has been covered, sorry if it has. Is the
> plan to have the new xend talk to other xend's on other resources?

Yes. We need to get migration working again under the new control
software world. A migration will involve two xend's talking to
each other and transferring the domain's IO configuration as well
as its memory image, registers etc.

Hopefully this will be re-integrated within the next week.

Ian


-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com

Re: network idea

[Tim Freeman]

Thankyou for responding.  When you say IO configuration, do you mean
networking as well? What will happen to the IPs of the domains? Will we
manually reassign once migrated?

Thanks!

Tim

On Tue, 22 Jun 2004 17:51:30 +0100
Ian Pratt <Ian.Pratt@cl.cam.ac.uk> wrote:

> > What are the general plans for migration and bridging?
> > 
> > I'm new to Xen, maybe this has been covered, sorry if it has. Is the
> > plan to have the new xend talk to other xend's on other resources?
> 
> Yes. We need to get migration working again under the new control
> software world. A migration will involve two xend's talking to
> each other and transferring the domain's IO configuration as well
> as its memory image, registers etc.
> 
> Hopefully this will be re-integrated within the next week.
> 
> Ian
> 


-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com

Re: network idea

[Ian Pratt]

> Thankyou for responding.  When you say IO configuration, do you mean
> networking as well? What will happen to the IPs of the domains? Will we
> manually reassign once migrated?

Our focus has been on migration within a cluster (same subnet)
hence the IP can be retained and either the MAC address migrated
too, or other people's ARP caches updated via an unsolicited
broadcast ARP Reply.

Cross subnet migration is more tricky. You either need to tunnel
packets, or change the domain's IP. The latter is likely to be
bad news for any open connections, but is achievable using the
same mechanisms that laptops use for re-DHCPing when coming out
of suspend. The resume code in arch/xen/kernel/setup.c could
easily fake out an APM power resumed event that would then
propagate to the appropriate user space daemons.

Ian


-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com