[libvirt] Libvirt and IPSec

Michal Novotny minovotn at redhat.com
Mon May 2 10:52:04 UTC 2011 

On 04/29/2011 06:13 PM, Paolo Smiraglia wrote:
> Hi to everyone!
>
> Sorry for the latency of the response but me and my team we are noticed
> that the TVD argument can not be treated only with a few lines in some
> mails. In order to avoid any possible misunderstanding, we decided to
> produce a little report (just four pages with images) that describes our
> project. Technical details are not treated in the report. You can
> download the report by using the link
>
>    http://dl.dropbox.com/u/824617/tvd_in_libvirt.pdf
>
> Our idea is to start the discussion about Libvirt TVD implementation
> using as starting point the report.
>
>
> As already mentioned in previous mail, we think that the first step for
> the implementation of the TVD is to make possible the 'tunnel' modeling
> in Libvirt.
>
> Considering the report, what do you think about our tunnel modeling
> idea? It's right or some changes are needed?
>
> Thanks for the patience and (in advance) for the replies... ;-)
>
>
Hi Paolo,
thanks for the document. I read it briefly and the design itself seems
good however in the document you mentioned moving the logic from
user-space to kernel-space which I'm not sure how would you like to
achieve this since libvirt itself is in the user-space stack and not
kernel-space. For having some implementation of those things directly in
the kernel-space you would require to modify the kernel on the host
itself which would be very similar to Xen that requires modified kernel
- Xen kernel. This introduces some issues there since if you're not able
to make it be merged into the upstream kernel tree then you'll be having
the same issues like Xen does. If you implement this as a kernel-module
and also if you make the module upstream accepted then you'll be most
likely fine however you need to upstream acceptance of the module or
provide the source codes for the module somewhere to be recompiled for
the kernel the user is having.

What exactly would you like to move to the kernel-space ?

Thanks,
Michal

-- 
Michal Novotny <minovotn at redhat.com>, RHCE
Virtualization Team (xen userspace), Red Hat

More information about the libvir-list mailing list