From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1LLTZz-0003j9-W7 for qemu-devel@nongnu.org; Fri, 09 Jan 2009 21:28:04 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1LLTZz-0003ig-Bp for qemu-devel@nongnu.org; Fri, 09 Jan 2009 21:28:03 -0500 Received: from [199.232.76.173] (port=37639 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1LLTZz-0003iT-1l for qemu-devel@nongnu.org; Fri, 09 Jan 2009 21:28:03 -0500 Received: from mail2.shareable.org ([80.68.89.115]:50411) by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1LLTZy-0002N0-IZ for qemu-devel@nongnu.org; Fri, 09 Jan 2009 21:28:02 -0500 Date: Sat, 10 Jan 2009 02:27:59 +0000 From: Jamie Lokier Subject: Re: [Qemu-devel] [PATCH] mark nic as trusted Message-ID: <20090110022759.GK1972@shareable.org> References: <4964EC2B.1080406@codemonkey.ws> <4964EC55.4000507@codemonkey.ws> <20090107184103.GA19406@redhat.com> <496501CD.8060202@codemonkey.ws> <20090107194633.GB19406@redhat.com> <49665AE7.3000708@codemonkey.ws> <20090108212652.GB22504@redhat.com> <49667330.5070001@codemonkey.ws> <20090108224942.GA12848@shareable.org> <496688D9.1040708@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <496688D9.1040708@redhat.com> Reply-To: qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dlaor@redhat.com, qemu-devel@nongnu.org Dor Laor wrote: > As the guest OS's TCP is being used, what do you do about IP address > space conflicts? > > I.e. if NIC #1 is the guest's LAN, and NIC #2 is the vmchannel, how > is > the vmchannel NIC going to be configured in a way that's guaranteed > to > avoid breaking the LAN networking, which could be assigned any legal > subnet (especially when bridging is used), and on some networks > changes from time to time? > > Perhaps vmchannel will only use IPv6, so it can confidently pick a > unique link-local address? > > We plan to pick link local subnets for ipv4. > It solved all the above questions. Using an ipv4 link local subnet for the vmchannel may break many guests. The guest's LAN may also be configured with a link local subnet, so routing will get messed up. When bridged to the host LAN, any Windows guest on a LAN without DHCP will break, for example; so will current Linux distros. They use a link local subnet for the LAN interface, when DHCP is not detected. (They might do something else when there's a second NIC, though. That would just be a further complication - you want the vmchannel NIC to have no visible effect other than the vmchannel apps working). In fact, the guest's LAN may regularly _change_ between a link local subnet, a public IP subnet, and a private scope IP subnet (192.168..), while the guest is running. This can happen if the guest is bridged to the host's LAN, and the host is on a network where DHCP is working sometimes, or where the host is being moved between networks such as a laptop host. > w.r.t the option of using virtio nic, there is advantage of using > any other nic since this way there is no requirement to install > virtio driver on windows or on other older Linux/other OSs. I agree. Simple vmchannel monitoring apps may port easily to OSes which don't have a virtio driver, or even run without any changes if they're simple enough and statically linked. -- Jamie