David Edmondson wrote:
> On Mon, Dec 01, 2008 at 11:59:17PM +0300, Vasiliy Baranov wrote:
>
>> In fact, it looks like our ultimate goal here is we need to be able
>> to additionally configure the VNIC created for a guest before the
>> guest is even started. "Additionally configure" could include adding
>> IP Filter rules, Crossbow properties, etc. To do so, do we need to
>> hack /usr/lib/xen/scripts/vif-vnic? Or can we create VNICs ourselves
>> and use e.g. /usr/lib/xen/scripts/vif-dedicated to pass them to xVM?
>> What would be the recommended mechanism, in both xm and virsh
>> realms? Are there any hook scripts called on VNIC
>> creation/destruction intended specifically for this, maybe?
>>
>
> The xVM Server BUI team chose to create the VNIC first and use
> vif-dedicated.
>
> Rate limits can be specified in the .py files for xm, but not with
> virsh. These aren't applied yet, but will start to work when Crossbow
> is integrated.
>
> There are no hooks to apply filtering, etc. If you can describe what
> you need we may look at adding a hook mechanism to the scripts.
We need to be able to setup IP Filter rules:
ipf -f - <<EOF
pass in on vnic100 from a.b.c.0/d to any layer2
pass in on vnic100 from e.f.g.0/h to any layer2
pass in on vnic100 from i.j.k.0/l to any layer2
count in on vnic100 from x.y.0.0/z to any layer2
count out on vnic100 from any to x.y.0.0/z layer2
EOF
add Crossbow flows:
flowadm add-flow -l vnic100 -a remote_ip=a.b.c.0/d myflow1
flowadm add-flow -l vnic100 -a remote_ip=e.f.g.0/h myflow2
specify CPU binding:
dladm set-linkprop -o cpus=0,1 vnic100
and maybe do some more (sorry, I don't think I can foresee all the
requirements) before the guest starts using the VNIC. We also need to be
able to cleanup things when the guest is destroyed.
Rate limits can be useful but do not cover everything. Hooks can be
useful, but there is a question of passing all app-specific information
to the hook scripts.
So perhaps vif-dedicated is the ideal method. The question is, are there
any special things that need to be done to a VNIC to make it usable by
an xVM guest? That is, if I create a VNIC with:
dladm create-vnic -l bge0 vnic100
and, when starting the guest, specify the VNIC as 'bridge' and
/usr/lib/xen/scripts/vif-dedicated as 'script', will the VNIC work as if
it was created by vif-nic?
Thank you,
Vasiliy
_______________________________________________
xen-discuss mailing list
[email protected]
