[libvirt] configuring a disconnected <interface>

Dan Kenigsberg danken at redhat.com
Sun Jun 23 12:34:06 UTC 2013


On Fri, Jun 21, 2013 at 04:31:53AM -0500, Daniel P. Berrange wrote:
> On Thu, Jun 20, 2013 at 02:42:31PM +0300, Dan Kenigsberg wrote:
> > Hi List,
> > 
> > Like most of us, I've bought my actual computer with an Ethernet
> > interface card, that I can connect to a wall jack at will. It's quite
> > easy to disconnect the Ethernet cable from the wall, as well.
> > 
> > I would like to expose this behavior to virtual computers, too. Via
> > libvirt, of course. That's useful, since an admin may need to disconnect
> > a running VM from a network temporarily, without resorting to
> > hot-unplugging its nic.
> 
> In the bug you filed requested this feature, you said that you want
> this so that you can make oVirt configure bridging behind libvirts
> back with Quantum.

This is not exact. Bug 878481 - define a disconnected <interface>
was opened with the VM-connected-to-no-bridge in mind.

Since libvirt is lacking this feature, oVirt has introduced an ugly
hack: a dummy bridge, to which a disconnected VM is moved to. The
interface fo this VM had to be set with <link state=off> to avoid
inter-VM communication.

Only then came the Quantum use case.

> As explained in the bug, this is a really bad way
> todo this & should not be required - OpenStack Nova demonstrates you
> can do the right thing wrt Quantum using exisiting libvirt config.

I'm not sure that this is THE right thing. At the momement, both
quantum's linuxbridge plugin and nova's LinuxBridgeInterfaceDriver have
an ensure_vlan_bridge() method.

I'm no OpenStack expert, but I think that the nicest separation between
nova's and quantum's domains is the tap device (obviously only for
networks which use tap devices). Quantum should create the Linux bridge
and its underlying connectivity (or even worse for ovs with security
groups...), and Nova should connect a newly-created VM to it. Otherwise,
Nova would have to reimplement just about any extension that is
introduced to Quantum.

In particular, I worry about the mapping of a network to a physical
device. Quantum's linuxbridge does it according to a preconfigured
cfg.CONF.LINUX_BRIDGE.physical_interface_mappings. Does Nova's vif
driver support something like this? From where does it collect this
information?

Anyway, would you suggest oVirt to implement its own
ensure_vlan_bridge()? Or use the vif driver code? Or that of linuxbridge
quantum plugin?

> So I'm not inclined to support this disconnected mode.

Disconnected mode exists in actuality. It has valid use cases in the
virtual world as well. I would like to discuss the domxml schema for
representing it, and then, hopefully find the menpower to implement it
outside the core libvirt team. So please, reconsider.

Regards,
Dan.




More information about the libvir-list mailing list