On Mon, Mar 14, 2016 at 01:32:00AM +0100, bancfc(a)openmailbox.org wrote:
libvirt-users(a)redhat.com
TCP Tunnel Info
I've been looking at the TCP Tunnel network feature as a potential
replacement for the extra private internal networking configuration
file.
Usecase: This network is supposed to go from VM1 to VM2 without DHCP,
DNS or any incoming/outgoing connections to the host or outside world
possible.
https://libvirt.org/formatdomain.html#elementsNICSTCP
* To make sure I understand, adding the TCP Tunnel setting for both VMs
1 and 2 is enough to do what I need? (force them to exclusively
communicate without the need for adding a new network as typically
done).
Let me explain how I understand it.
Basically anything VM1 sends on that interface will arrive on VM2. That
means to whatever address it is sent, whatever protocol that uses. Of
course the guest needs to be configured, the other guest needs to know
about it.
* If another set of VMs 3 and 4 are running and connected to each
other
but I want to make sure they cannot connect to VMs 1 and 2, what source
addresses should be used to isolate these 2 networks? Do you follow CIDR
rules?
* For example if the chosen source address is 10.152.152.11 for VMs 1
and 2 what should the other network have?
The addresses are real addresses on the host, the VMs don't see them.
they are just a mean of communication between QEMU processes. You can
put localhost and some free port per each vm-to-vm tunnel.
* Going more complicated. Can one VM participate in two separate TCP
Tunnel networks while keeping them isolated? Topology: VM1(virtual NIC1)
<-> VM2 | VM1(virtual NIC2) <-> VM3
VM2 and 3 can only talk to VM1 but not to each other in this example.
That is unless you configure routing in VM1.
* Offtopic: Do your answers similarly apply for using the other
Multicast and UDP options too?
As I said, they are just means of transport between QEMU processes. Go
ahead, configure two such machines and see what happens inside, that
should be enough to understand.
I can explain better if I'm not making any sense.
_______________________________________________
libvirt-users mailing list
libvirt-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/libvirt-users