[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[libvirt] Libvirt and IPSec (was: What about Trusted Virtual Domains???)



Hi to everyone! First of all, sorry for the thread subject change.

Due to the several issues of the Libvirt implementation of the Trusted Virtual Domains (TVD), I decided to approach the topic in a modular manner.

I think that the first step should be to define the IPSec support or, more in general, the secure tunnel support for Libvirt. I see the implementation divided in two step:

   1. define a new driver called 'sectunnel' which describes a generic
      secure tunnel that will be established using several
      technologies (for now using only ipsec)

   2. modify the existing 'network' driver by adding the possibility to
      specify the 'sectunnel' that
      the network have to use in the virtual network definition

As an example, you can see below a possible XML definition of the network which use a secure tunnel and the corresponding 'sectunnel' XML definition:

    NETWORK DEFINITION
    ==================
    <network>
        <name>sec-net</name>
        <uuid>3e3fce45-4f53-4fa7-bb32-11f34168b82b</uuid>
        <bridge name='virbr0' />
        <domain name='example' />
	...
        <sectunnel name='sec-tun' /> <--(specify the 'sectunnel' to use)
    </network>

    SECTUNNEL DEFINITION
    ====================
    <sectunnel type='ipsec'>
        <name>sec-tun</name>
        <uuid>8b7fd1b0-4463-43b7-8b6e-8006344aeb66</uuid>

        <!-- Security Association definitions -->

        <sa>
            <secret uuid='...' /> <--(specify the 'secret' which
                                      contains the pre-shared key)
        </sa>

        <!-- Security Policy definitions -->

        <sp>
            <src_range address='10.0.0.1' prefixlen='30' port='5000' />
            <dst_range address='10.0.0.2' prefixlen='30' port='5000' />
            <upperspec protocol='any' />

            <policy direction='out' action='ipsec'>
                <rule protocol='esp' mode='tunnel' level='require'>
                    <src address='192.168.0.1' port='55055' />
                    <dst address='192.168.0.2' port='55055' />
                </rule>
            </policy>
        </sp>

        <sp>
            <src_range address='10.0.0.2' prefixlen='30' port='5000' />
            <dst_range address='10.0.0.1' prefixlen='30' port='5000' />
            <upperspec protocol='any' />
            <policy direction='in' action='ipsec'>
                <rule protocol='esp' mode='tunnel' level='require'>
                    <src address='192.168.0.2' port='55055' />
                    <dst address='192.168.0.1' port='55055' />
                </rule>
            </policy>
        </sp>
    </sectunnel>

As you can see in the 'sectunnel' XML definition, I use a 'secret' element. This element is a Libvirt secret [1] and it stores the pre-shared key used by IPSec to establish the Security Associations (SA). Obviously this feature requires to define a new usage category in the 'secret' driver definition.

Another possible way to establish the SA is to use the X.509 certificates. To this purpose, I think that the certificates already used by Libvirt to setup SSL/TLS remote connections, might be used.

That's all! :-)

What do you think about this possible IPSec implementation?

Thanks in advance for the replies!

Best regards,

   PAOLO



LINK LIST
---------
[1] http://libvirt.org/formatsecret.html


--
PAOLO SMIRAGLIA
Department of Control and Computer Engineering
Mobile: +39 (333) 527 3593
Email: paolo smiraglia polito it

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]