Re: [libvirt] [ 0/5] netdev ethernet allow to set ip, route and peer address
On 04/07/2016 01:35 PM, Daniel P. Berrange wrote:
On Mon, Apr 04, 2016 at 09:00:01PM +0000, Vasiliy Tolstov wrote:
> Some minor improvements and patch split as suggested by Laine Stump
FYI, make sure you include the word PATCH in mails, so they get
picked up by out patch tracking too, otherwise they could get
left without being noticed.
Regards,
Daniel
Something I've found myself worrying about lately while driving in the
car or nodding off to sleep - are the "address" and "peer" attributes
effectively used in the same way for all network connection types and
both hypervisors? I think the answer may be "no", and if so we need to
fix that before they go out in a release.
In particular, when an lxc domain's interface has:
<ip address='192.168.128.1'/>
That is the IP address seen by the guest, not the host. So I would
assume that if an LXC domain had:
<ip address='192.168.128.1' peer='192.168.128.2'/>
that 192.168.128.1 would still be the IP address see by the guest, and
192.168.128.2 would be the IP address on the host side; and it should be
the same for qemu.
From what I can see of the code, though, on a qemu domain, the IP
address is set for the tap device's own IP, meaning that it would show
up on the *host* side, while the peer address would be what the host
expects to be at the other end of the tap device (i.e. the guest side),
so the two attributes are used for the *opposite* end of the PTP link in
lxc vs. qemu.
I think that, instead, the "address" attribute should *always* be the IP
address that is seen/used by the guest, and the "peer" attribute should
be the IP address that is seen/used by the host. (perhaps "peer" could
be replaced with some other name, like "host" or "hostAddress" to
avoid
confusion? (don't like either of those alternatives, but I don't really
like peer either)).
Aside from that, I can see that these patches have been pushed in the
code that I'm running, and I've been trying to add "peer='blah'"
to
interface IP addresses on my test machine, but it's just removed from
the config. Have you tested what got pushed? Has something gone wrong?
Since there hasn't been a release with these patches included yet, there
is still time to fix it at least to be consistent (assuming that my
suspicions are correct; I've been unable to test it myself for the
reason above).