Xen project Mailing List

Re: [Xen-devel] RFC: XenSock brainstorming

To: Stefano Stabellini <stefano@xxxxxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxxx>

From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Mon, 6 Jun 2016 10:57:31 +0100

Cc: joao.m.martins@xxxxxxxxxx, wei.liu2@xxxxxxxxxx, roger.pau@xxxxxxxxxx

Delivery-date: Mon, 06 Jun 2016 09:57:57 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 06/06/16 10:33, Stefano Stabellini wrote: > Hi all, > > a couple of months ago I started working on a new PV protocol for > virtualizing syscalls. I named it XenSock, as its main purpose is to > allow the implementation of the POSIX socket API in a domain other than > the one of the caller. It allows connect, accept, recvmsg, sendmsg, etc > to be implemented directly in Dom0. In a way this is conceptually > similar to virtio-9pfs, but for sockets rather than filesystem APIs. > See this diagram as reference: > > https://docs.google.com/presentation/d/1z4AICTY2ejAjZ-Ul15GTL3i_wcmhKQJA7tcXwhI3dys/edit?usp=sharing > > The frontends and backends could live either in userspace or kernel > space, with different trade-offs. My current prototype is based on Linux > kernel drivers but it would be nice to have userspace drivers too. > Discussing where the drivers could be implemented it's beyond the scope > of this email. Just to confirm, you are intending to create a cross-domain transport for all AF_ socket types, or just some? > > > # Goals > > The goal of the protocol is to provide networking capabilities to any > guests, with the following added benefits: Throughout, s/Dom0/the backend/ I expect running the backend in dom0 will be the overwhelmingly common configuration, but you should avoid designing the protocol for just this usecase. > > * guest networking should work out of the box with VPNs, wireless > networks and any other complex network configurations in Dom0 > > * guest services should listen on ports bound directly to Dom0 IP > addresses, fitting naturally in a Docker based workflow, where guests > are Docker containers > > * Dom0 should have full visibility on the guest behavior and should be > able to perform inexpensive filtering and manipulation of guest calls > > * XenSock should provide excellent performance. Unoptimized early code > reaches 22 Gbit/sec TCP single stream and scales to 60 Gbit/sec with 3 > streams. What happens if domU tries to open an AF_INET socket, and the domain has both sockfront and netfront ? What happens if a domain has multiple sockfronts? ~Andrew _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.