Why VDE-VDE connection
---------------------------------------
With the implementation of IP sockets, if at all a need arises to tether
multiple VDE switches, say we want to connect two different topologies, we
can burn a port on each VDE switch and establish connection using ip
sockets. If one wants secure connectivity, of course legacy method using
SSH tunnel is still there.

Implementation
-----------------------
The patch is taken against vde-550 and I have attached a writeup on this
feature.

$ patch -p1 < vde.vdebr.patch.

This needs to be applied on top of patch for supporting ip sockets.

Please let me know if you have any questions.

Thanks,
Shesha
With this patch, one can connect two VDE switches directly using ip sockets 
without using vdeplug. Off course this assumes that the VDE switch already 
supports IP sockets.

To achieve this, two new ds commands are implemented in the vde_switch.

ds/connectvde/ip   server:port     connect to remote switch
ds/connectvde/ctl  ctrl filename   connect to remote switch

Either control port and server information or the control file that contains 
this information can be specified. This file is created during the creation of 
the vde_switch.

vde$ ds/connectvde/ip 192.168.106.66:40696

Once connected it is shown as follows at the vde command line.

vde$ port/print 1
0000 DATA END WITH '.'
Port 0001 untagged_vlan=0000 ACTIVE - Unnamed Allocatable
 Current User: root Access Control: (User: NONE - Group: NONE)
  -- endpoint ID 0004 module unix prog   : * VDE-SWITCH user=root PID=14761 
IP=192.168.106.66 PORT=59088 RVDE=192.168.106.66:40696
.
1000 Success

Testing
--------
This feature is being used for more than 2 years with an average of 2500 
switches running and at least 300 switch killed and instantiated daily.

As a sanity test just before sending out the patch, I instantiated vde-switch1 
on server-1 and vde-switch2 on server-2. I instantiated vm1 on server-2 and vm2 
on server-1. Pinged between vm1 and vm2 and ensured they are not reachable, as 
expected. Connected the two vde_switches using ds/connect/ip command and 
ensured that the two VMs are now pingable.

Attachment: vde.vdebr.patch
Description: Binary data

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
vde-users mailing list
vde-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/vde-users

Reply via email to