On Tue, Mar 06, 2007 at 09:37:46AM +0000, Mark McLoughlin wrote:
On Fri, 2007-03-02 at 17:15 +0000, Daniel P. Berrange wrote:
> On Mon, Feb 26, 2007 at 04:09:58PM +0000, Mark McLoughlin wrote:
> > So, we want to install a default network which guests can connect to.
> > This can be seen as e.g. a replacement for xenbr0 as the default bridge
> > for xen guests.
>
> > 2) IP address choice - I've randomly chosen 192.168.122.1/24 as the
> > IP address for the network, and this could happen to clash with
> > an existing network.
>
> Oh, the default network needs to provide IPv6 support out of the box
> too - whatever that entails ?
Right, whatever that entails :-)
So, we had two primary motivations for creating virtual networks:
1) Offline support - i.e. support inter-domain communication even
when offline
2) Network switching - e.g. switching your laptop between different
wireless networks
3) Isolated networks - ie not letting (some subset of) your VMs be exposed
to scary wildwest of the internet :-)
The latter isn't really relevant to the 'default network' use case
though, but is still a use case we need to think of for interesting
admin defined network topologies.
However, with IPv6, the combination of link-local addresses,
address
auto-configuration and network renumbering should largely eliminate
these problems.
The conclusion then is that you mostly do want bridging with IPv6 -
i.e. you want to bridge all guests onto your physical network whereby
they will auto-configure using router advertisements on the physical
link.
I must admit to not understaning IPv6 all that much. Do link-local addreses
let the guest communicate with outside world, or is only enablling the
VM-to-VM and VM-to-Host communications ?
One could imagine us allowing IPv6 virtual networks, where Dom0 acts
as
a proper IPv6 router advertising a delegated prefix to guest domains,
but I'm not sure why that would be useful to people.
To let you isolate VMs from the wider world. Not relevant for a 'default network'
use case though.
The question, though, is how to make IPv6 available to guests which
are
connected to a virtual network out of a need for e.g. offline support.
You still want NAT etc. for IPv4, but what to do about IPv6?
The analogy, I think, is what would happen if your DSL provider
statically allocated an IPv6 prefix to you while still also dynamically
allocating an IPv4 address to you. You want to NAT IPv4 traffic using
the IPv4 address, but you want your IPv6 traffic to be bridged to the
IPv6 over PPP link in order to e.g. get router advertisements from the
ISP end.
I don;t know of any DSL providers or DSL routers which do IPv6, but I'd
expect that all my machines on my LAN magically get an IPv6 address and
that they can access the outside world. I'd still expect incoming traffic
to be restricted by the DSL router firewalling as per IPv4 incoming.
That leads to the rather ugly conclusion that we should bridge IPv6
traffic from the virtual network to the physical interface, while still
forwarding IPv4 traffic using NAT.
Yeah, that seems to be the way it'd work.
In order to do that, we're going to need a) "shared
physical interface"
configuration i.e. a per-interface flag that determines whether other
interfaces are allowed to bridge to it, b) an ipv6-only loopback
interface for connecting the virtual network's bridge to the shared
physical interface's bridge and c) a way for libvirtd to automatically
switch the the virtual network's bridge to the currently active physical
interface.
That's all pretty far out stuff. In the mean time, I think all we can
do is add an "ipv6 enabled" flag which would just ensure that the
virtual networks interface in Dom0 has a link-local address.
What does the link-local address let a VM do ? VM-Host and VM-VM comms,
but not VM-Internet right ?
Regards,
Dan.
--
|=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=|
|=- Perl modules:
http://search.cpan.org/~danberr/ -=|
|=- Projects:
http://freshmeat.net/~danielpb/ -=|
|=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|