|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] Creating a local network within the GuestOS and r outing to an ext ernal network
> Will this layer 2 switch supplant the current code, or be an addition? An addition. Xen is being used by a lot of different groups in a lot of different ways. > " Xen won't be able to enforce IP firewalling for you, but > > But this is a feature! We want that external IP layer enforcement. > For our purposes, full layer 2 network access by any domain is a bad > thing. Mike's code also has a concept of 'virtual network'; only hosts on the same virtual network are visible to each other. It's probably a fairly simple modification to only allow hosts to talk to e.g. domain 0, then implement IPv6 firewalling using iptables in the domain. The "correct" solution would be to implement an IPv6-capable VFR in Xen (which is actually very easy), but since this code is all going to change in the new IO world I wouldn't advise embarking on such a project right now unless you need it urgently. Ian ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |