Re: [Qemu-devel] [PATCH] mark nic as trusted

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: Jamie Lokier <jamie@shareable.org>
To: dlaor@redhat.com, qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH] mark nic as trusted
Date: Sat, 10 Jan 2009 02:27:59 +0000	[thread overview]
Message-ID: <20090110022759.GK1972@shareable.org> (raw)
In-Reply-To: <496688D9.1040708@redhat.com>

Dor Laor wrote:
>      As the guest OS's TCP is being used, what do you do about IP address
>      space conflicts?
> 
>      I.e. if NIC #1 is the guest's LAN, and NIC #2 is the vmchannel, how
>      is
>      the vmchannel NIC going to be configured in a way that's guaranteed
>      to
>      avoid breaking the LAN networking, which could be assigned any legal
>      subnet (especially when bridging is used), and on some networks
>      changes from time to time?
> 
>      Perhaps vmchannel will only use IPv6, so it can confidently pick a
>      unique link-local address?
>
> We plan to pick link local subnets for ipv4.
> It solved all the above questions.

Using an ipv4 link local subnet for the vmchannel may break many
guests.  The guest's LAN may also be configured with a link local
subnet, so routing will get messed up.

When bridged to the host LAN, any Windows guest on a LAN without DHCP
will break, for example; so will current Linux distros.  They use a
link local subnet for the LAN interface, when DHCP is not detected.

(They might do something else when there's a second NIC, though.  That
would just be a further complication - you want the vmchannel NIC to
have no visible effect other than the vmchannel apps working).

In fact, the guest's LAN may regularly _change_ between a link local
subnet, a public IP subnet, and a private scope IP subnet (192.168..),
while the guest is running.

This can happen if the guest is bridged to the host's LAN, and the
host is on a network where DHCP is working sometimes, or where the
host is being moved between networks such as a laptop host.

> w.r.t the option of using virtio nic, there is advantage of using
> any other nic since this way there is no requirement to install
> virtio driver on windows or on other older Linux/other OSs.

I agree.  Simple vmchannel monitoring apps may port easily to OSes
which don't have a virtio driver, or even run without any changes if
they're simple enough and statically linked.

-- Jamie

next prev parent reply	other threads:[~2009-01-10  2:28 UTC|newest]

Thread overview: 34+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-01-07 14:26 [Qemu-devel] [PATCH] mark nic as trusted Gleb Natapov
2009-01-07 15:04 ` Mark McLoughlin
2009-01-07 15:19   ` Gleb Natapov
2009-01-07 15:41     ` Mark McLoughlin
2009-01-07 16:02       ` Gleb Natapov
2009-01-07 16:34 ` Anthony Liguori
2009-01-07 16:50   ` Gleb Natapov
2009-01-07 17:53     ` Anthony Liguori
2009-01-07 17:54       ` Anthony Liguori
2009-01-07 18:41         ` Gleb Natapov
2009-01-07 19:26           ` Anthony Liguori
2009-01-07 19:46             ` Gleb Natapov
2009-01-08 19:58               ` Anthony Liguori
2009-01-08 21:26                 ` Gleb Natapov
2009-01-08 21:42                   ` Anthony Liguori
2009-01-08 22:49                     ` Jamie Lokier
2009-01-08 23:14                       ` Dor Laor
2009-01-09 10:41                         ` Daniel P. Berrange
2009-01-10  2:18                           ` Jamie Lokier
2009-01-10 18:22                             ` Anthony Liguori
2009-01-11  4:55                               ` Jamie Lokier
2009-01-11  7:10                                 ` Blue Swirl
2009-01-11 14:08                                   ` Carl-Daniel Hailfinger
2009-01-11 15:07                                     ` Dor Laor
2009-01-11 15:34                                       ` Blue Swirl
2009-01-11 16:01                                         ` Dor Laor
2009-01-12  2:20                                           ` Jamie Lokier
2009-01-12  8:05                                             ` Gleb Natapov
2009-01-12 12:26                                               ` Dor Laor
2009-01-10  2:27                         ` Jamie Lokier [this message]
2009-01-08 23:26                       ` Anthony Liguori
2009-01-10  2:31                         ` Jamie Lokier
2009-01-10 18:24                           ` Anthony Liguori
2009-01-11  4:40                             ` Jamie Lokier

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20090110022759.GK1972@shareable.org \
    --to=jamie@shareable.org \
    --cc=dlaor@redhat.com \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).