[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [RFC] Network interface XML for containers



On Fri, May 09, 2008 at 10:16:38AM -0700, Dave Leskovec wrote:
> We never really settled on the XML format for container network interfaces.  I
> know a little more about what these look like now and have been working on the
>  code so would like to get this sorted out.
> 
> With network namespaces enabled, processes within the container will not be able
> to see any network devices outside of the container.  A veth device pair will be
> used to transport traffic into and out off the container.  One end of the veth
> pair will be attached to a bridge in the parent namespace.  The other end of
> will be moved into the container namespace.  We need to be able to represent the
> following in the XML:
> 
> Network or bridge name
> Name for parent side veth device
> Name for container side veth device

Do you really need to be able to specify the guest side of the NIC
name in the XML ? I'd rather we just left it out unless there was a
clear need & it can't be automatically determined by the driver. With
other virt drivers, the guest side of the NIC just gets name sequentially
assigned eth0, eth1,...  Linux lets you rename the NICs anyway so IMHO
the only important thing is the MAC address since that's guarenteeed
persistent & unique property for NICs, which a name is not.

> inet address for container side veth device

Again, why are you specifying an IP address manually ? THe guest IP is 
typically determined by the guest admin, either statically  or via DHCP.
It shouldn't need to be configured in the host side if using the libvirt
virtual networking or bridging.

> So this should end up looking quite a bit like the formats for Virtual network
> and Bridge to LAN with a couple new items.  The formats I've been kicking around
> are:
> Virtual network
>     <devices>
>         <interface type='network'>
>             <source network='default' dev='veth0'/>
>             <target dev='veth1' address='192.168.0.150'/>
>         </interface>
>     </devices>

Due to a historical accident the <target> element in the interface
XML is actually refering to the host side of the NIC. We don't have
any existing element in our XML format describing the guest name of
the NIC - its just implied by ordering. THe <target> element is
also treated as read-only by existing drivers, being automagically
assigned unique name by the virt driver.

The containers should follow the existing XML format 100%

        <interface type='network'>
            <source network='default'>
            <target dev='veth0'/>
        </interface>

> Bridge to LAN
>     <devices>
>         <interface type='bridge'>
>             <source bridge='virbr0' dev='veth4'/>
>             <target dev='veth5' address='192.168.0.155'/>
>         </interface>
>     </devices>

Again I think including the guest NIC name is redundant, likewise for 
ip address & we can follow the existing XML format 100%

        <interface type='bridge'>
            <source network='br0'>
            <target dev='veth4'/>
        </interface>


NB, We do have an IP address element in the interface XML format, however,
this is not for configuring the guest IP address directly. Rather it
is to setup a filter on the host side to reject any IP traffic other
than than coming from the designate IP address. This basically sets
a firewall rule on the host side of the NIC matching on IP. This is
only implemented in Xen though and even then I don't think anyone really
uses it in practice.

Regards,
Daniel.
-- 
|: Red Hat, Engineering, Boston   -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org  -o-  http://virt-manager.org  -o-  http://ovirt.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-  F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]