[libvirt] [RFC] migration encryption

Nikolay Shirokovskiy nshirokovskiy at virtuozzo.com
Tue Nov 10 10:52:16 UTC 2015

Hi guys.

 I have a problem getting migration traffic encrypted for some scenarios. I need to
migrate domain with non shared disks and can't use tunelled migration because of RHEL7 qemu.
Without tunnel i get both vm state and disk state traffic unencrypted between
peer's qemus. AFAIK there is a work in progress in qemu to bring TLS encryption
to all channels and eventually I get desired functionality but what are my options
 I thinking of forwarding ports from destination to source and use localhost in
hypervisor uri. The only problem is that port for disk migration is auto selected.
Can we add a patch to pass this port as a migration parameter?

More information about the libvir-list mailing list