[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: GSoC: the plan for the project network virtualization

From: zhengda
Subject: Re: GSoC: the plan for the project network virtualization
Date: Sat, 14 Jun 2008 18:06:40 +0200
User-agent: Thunderbird (X11/20080421)

zhengda wrote:
Here are my current problems:

  1. How many pfinet servers are allowed to connect to one hypervisor?
     If only one pfinet server is allowed to connect to one hypervisor,
     hypervisors must communicate with each other to route packets sent
     by pfinet servers.
     If several pfinet servers are allowed to connect to the same
     hypervisor, a hypervisor can route packets inside itself. If so,
     does the hypervisor only route the packet among pfinet servers
     that connect to the hypervisor?
     If several pfinet servers are allowed to connect to the same
     hypervisor, it's better for the hypervisor to create multiple
     virtual network interfaces and each pfinet server can attach to
     one interface. Maybe it can help to route packets among pfinet
  2. Who can run the hypervisor and who can create the network interface?
     The hypervisor should be able to access the real network
     interface. I think only the priviledged user can run it.
     Who can create the network interface depends on Problem 1.
  3. How does the routing work?
     it can always work if the packet is broadcasted to any pfinet
     servers that connect to the hypervisor. then pfinet servers can
     filter packets in the IP layer.
     but it cannot give a good performance and there may be a security
     problem: every user can see others' packets.
     If no broadcasting, it's really difficult to do the routing.
     The main reason is that IP isn't bound to the network interface
     directly, and it's set in the pfinet server.
     The hypervisor has no way to know which pfinet server has which IP
     unless another function is provided for the pfinet to tell the
     hypervisor what is its current IP.
  4. How does the hypervisor guard the network traffic and filter
     illegal packets?
     It will be much work if the hypervisor understands all packets.

Zheng Da


I'm thinking about the packet routing in the hypervisor.
I suppose a hypervisor can have several virtual network interface at the same time. 1. One solution is that the hypervisor broadcasts a packet to every pfinet server, as I said before. 2. The hypervisor can always track which packet is from which virtual network interface.
   and a table can be built to record which interface has what IP.
   It sends a packet to the interface who owns the destination IP.
The first solution can be seen as a hub, and the second one as a switch.
I don't like the second one. It's too complex, and there is no reason to make the hypervisor so complex.

An acceptable solution (at least for me) can be:
when a virtual network interface is created, a network address must be bound with it,
so the hypervisor can know where to send the packet.
We can think the network address tells the network that the interface connects to. The user should also tell the hypervisor what is the network address of the external network,
so the hypervisor can know when to send the packet to the external network.
It's reasonable to do that because the real network interface also connects to the network with a fixed network address. We can suppose that the interfaces bound with the same network address are in the same sub-net.

Anyway, my current implementation can be that
there is only one interface in the hypervisor,
and all pfinet servers connect to the same interface,
so every server should get one copy.

Zheng Da

reply via email to

[Prev in Thread] Current Thread [Next in Thread]