----- Original Message ----- > From: "Dan Kenigsberg" <[email protected]> > To: "Mark Wu" <[email protected]> > Cc: [email protected], "Michal Skrivanek" <[email protected]> > Sent: Sunday, January 13, 2013 12:50:30 PM > Subject: Re: tunnelled migration > > On Fri, Jan 11, 2013 at 02:05:10PM +0800, Mark Wu wrote: > > On 01/11/2013 04:14 AM, Caitlin Bestler wrote: > > >Dan Kenisberg wrote: > > > > > > > > >>Choosing tunnelled migration is thus a matter of policy. I would > > >>like to suggest a new cluster-level configurable in Engine, > > >>that controls whether migrations in this cluster are tunnelled. > > >>The configurable must be available only in new cluster levels > > >>where hosts support it. > > >Why not just dump this issue to network configuration? > > > > > >Migrations occur over a secure network. That security could be > > >provided by port groups, VLANs or encrypted tunnels. > > Agreed. Is a separate vlan network not secure enough? If yes, we > > could build a virtual encrypted network, like using openvpn + > > iptables. > > I agree that separating migration traffic to a different, > optionally-encrypted network, is a noble goal. In fact, it is a > parallel > effort that I am pushing for: > http://lists.ovirt.org/pipermail/arch/2013-January/001117.html > > Building our own tunnel between hosts is cool, but using libvirt's > tunneling is here and now and easy, and should not wait just because > there's even better technology around the third next corner. > > With my suggested API, we could even change the implementation of > "tunnelled" to "tunnel over our own vpn" if we need to. Now is the > time > to eat the low-hanging fruit of VIR_MIGRATE_TUNNELLED. > > Dan.
suggested implementation for engine (without rest/ui): http://gerrit.ovirt.org/#/c/11062/ > _______________________________________________ > Arch mailing list > [email protected] > http://lists.ovirt.org/mailman/listinfo/arch > _______________________________________________ Arch mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/arch
