RE: [Xen-devel] HVM guest sees two NICs even though just one vif configured

[Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>]

Fischer, Anna writes ("RE: [Xen-devel] HVM guest sees two NICs even though just 
one vif configured"):
> I am not too confident with having to rely on the guest to make such
> a disconnect happen. Is there no way to do this in Xen/Dom0?

>From a security point of view, you should tread both virtual
interfaces the same way - as controlled by the (untrusted) guest.  If
you do that it won't matter which interface the guest uses or even if
it is confused and uses both.

Fischer, Anna writes ("RE: [Xen-devel] HVM guest sees two NICs even though just 
one vif configured"):
> Yes, I understand that. But at least on the backend side, shouldn't
> there only be a single device associated with the guest if I
> configured a single NIC for my guest?

No, because that's not the way it's implemented.  Because of the
possibility of both HVM emulation, and PV drivers, it is necessary to
do some multiplexing.  Rather than write our own custom multiplexer
(which would, ultimately, be a kind of braindead ethernet switch) we
chose to use the dom0's kernel which already has all the necessary
functionality.  I think this is a sensible design decision.

>  Because otherwise, how do I know which one is active if the guest
> can switch back and forth between them?

You need to treat both as potentially active.

> I don't think that having the two devices in Dom0 is
> an ideal solution for other management components on the system.

>From the point of view of management tools, this situation is little
different to the guest having two network interfaces for redundancy,
with automatic failover.

Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel