[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Xense-devel] Secure Network Communications Between Xen VMs
1) By way of example, if domU1 on machine M1 is communicating with two other domains, domU2 and domU3 on machine M2, how does the hypervisor/ACM on M1 differentiate between inbound/outbound traffic destined only for domU2 or domU3 and ensure that traffic is routed to the proper domain?
Packet forwarding in Xen is handled on behalf of domU's by the Linux forwarding code running in dom0. Depending on the machine's set up, it will either use the linux bridge (currently the default) or routing code to forward packets. Depending on which of these is used, dom0 demuxes received packets based on their MAC or IP address, and passes them along to the appropriate domU.
2) Is all of the traffic between various domains encrypted to prevent eavesdropping via network sniffing?
Xen is generally unconcerned with the contents of the data that it is forwarding. One exception to this is the antispoof feature which validates source IPs on transmit to ensure that they are valid. There is some code in the tools tree to provide VPN functionality between VMs on different physical hosts. It was written by Mike Wray at HP and I'm not sure if it's been used by anyone recently. In general, I think we would generally view encryption as being an end-to-end thing that's best handled within individual domUs.
I've read the paper, "DeuTeRium -- A System for Distributed Mandatory Access Control" but it's not clear to me from the actual implementation examples and documentation how you set up the IPSEC labeled tunneling mechanism and ensure validation of all traffic passing between the various domains.
I can't seem to find a copy of this paper on the web, so this is likely a question for Reiner. ;) hth, a. _______________________________________________ Xense-devel mailing list Xense-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xense-devel
Lists.xenproject.org is hosted with RackSpace, monitoring our