[libvirt] What about Trusted Virtual Domains???

Daniel P. Berrange berrange at redhat.com
Tue Mar 29 16:07:33 UTC 2011


On Thu, Mar 24, 2011 at 06:44:05PM +0100, Paolo Smiraglia wrote:
> Hi guys...
> 
> I need an opinion from the Libvirt community about the development of
> a new possible Libvirt feature: the Trusted Virtual Domains (TVD).
> Conceptually, a TVD can be compared to a mix of Virtual Private
> Network (VPN) and Virtual LAN (VLAN).
> 
> My idea is to define a new Libvirt entity called "tvd" which contains
> the information about domains and hosts belonging to the same TVD.
> Below is showed a possible XML definition of tvd entity:
> 
>     <tvd name='tvd1.mycloud' uuid='...'>
>         <host ip='10.0.0.1' hostname='node1.example.com'>
>             <domain name='guest1' uuid='...' />
>             <domain name='guest27' uuid='...' />
>         </host>
>         <host ip='10.0.0.2' hostname='node2.example.com'>
>             <domain name='guest12' uuid='...' />
>             <domain name='guest2' uuid='...' />
>         </host>
>     </tvd>
> 
> With the informations contained in the tvd XML definition, Libvirt may
> be able to automatically setup, for example, an IPSec tunnel between
> node1.example.com and node2.example.com, and VLAN between guest1,
> guest2,guest12 and guest27.

One core thing to remember is that libvirt's view of the "world"
is restricted to the single host running libvirt. The XML mentioned
above seems to be predicated on a network-wide view of the world.

The second thing is that the guest XML describes the connection of
a virtual machine to the host network. This mapping above would
appear to imply some duplication of information.

> In my opinion, this feature may be really useful in a cloud computing scenario.
> 
> And you? What about it? It is a crazy idea? ;-)

I would like to see some form of VPN/IPSec support in libvirt. There
are many questions about just where it would be best to slot it into
libvirt.

We have what we call a 'virtual network' in libvirt, which is basically
an standalone bridge device, to which guests are connected. This bridge
device has no physical NIC enslaved. Thus guests can talk to each other,
or the host. It can only be made to allow routing (with optional NAT)
to the LAN. One idea would thus be to provide a mode where it would
integrate with IPSec instad of routing direct to the LAN, using 
network-2-network IPsec connections.

We also have a set of APIs for managing physical network interface
configuration (virsh iface-XXXX). This allows for bridges, bonding
and VLANs to be configured. We might want to integrate IPSec at that
point for host-2-host or network-2-network IPsec connections.

A third possibility, is that we have considered is to create a set
of APIs to represent a 'virtual switch'. This would be a defining
logical networks & ports to which guests can connect - a higher level
API over the physical network interface APIs we already have. We could
put some kind of IPSec capability in here.

I don't not enough about IPSec yet to know which is most useful / best.

Could you explain a bit about the kind of network interface configuration
/ network architecture you imagine with your example above ?

IIUC, it sounds like you'd create a IPSec host-to-host link beween the
2 IP addresses, and then somehow run multiple VLANs above it. So you
can have multiple independant secure networks across the two hosts.
Does this expand easily to > 2 hosts ?


Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|




More information about the libvir-list mailing list