Re: GSoC: the plan for the project network virtualization

[zhengda]

Hi,
Here are my current problems:

  1. How many pfinet servers are allowed to connect to one hypervisor?
     If only one pfinet server is allowed to connect to one hypervisor,
     hypervisors must communicate with each other to route packets sent
     by pfinet servers.
     If several pfinet servers are allowed to connect to the same
     hypervisor, a hypervisor can route packets inside itself. If so,
     does the hypervisor only route the packet among pfinet servers
     that connect to the hypervisor?
     If several pfinet servers are allowed to connect to the same
     hypervisor, it's better for the hypervisor to create multiple
     virtual network interfaces and each pfinet server can attach to
     one interface. Maybe it can help to route packets among pfinet
     servers.
  2. Who can run the hypervisor and who can create the network interface?
     The hypervisor should be able to access the real network
     interface. I think only the priviledged user can run it.
     Who can create the network interface depends on Problem 1.
  3. How does the routing work?
     it can always work if the packet is broadcasted to any pfinet
     servers that connect to the hypervisor. then pfinet servers can
     filter packets in the IP layer.
     but it cannot give a good performance and there may be a security
     problem: every user can see others' packets.
     If no broadcasting, it's really difficult to do the routing.
     The main reason is that IP isn't bound to the network interface
     directly, and it's set in the pfinet server.
     The hypervisor has no way to know which pfinet server has which IP
     unless another function is provided for the pfinet to tell the
     hypervisor what is its current IP.
  4. How does the hypervisor guard the network traffic and filter
     illegal packets?
     It will be much work if the hypervisor understands all packets.

Best,
Zheng Da