On Mon, Mar 14, 2016 at 01:32:00AM +0100, bancfc@openmailbox.org
wrote:>libvirt-users@redhat.com
>
>TCP Tunnel Info
>
>I've been looking at the TCP Tunnel network feature as a potential
>replacement for the extra private internal networking configuration
>file.
>
>Usecase: This network is supposed to go from VM1 to VM2 without DHCP,
>DNS or any incoming/outgoing connections to the host or outside world
>possible.
>
>https://libvirt.org/formatdomain.html#elementsNICSTCP
>
>* To make sure I understand, adding the TCP Tunnel setting for both VMs
>1 and 2 is enough to do what I need? (force them to exclusively
>communicate without the need for adding a new network as typically
>done).
>
Let me explain how I understand it.
Basically anything VM1 sends on that interface will arrive on VM2. That
means to whatever address it is sent, whatever protocol that uses. Of
course the guest needs to be configured, the other guest needs to know
about it.
>* If another set of VMs 3 and 4 are running and connected to each other
>but I want to make sure they cannot connect to VMs 1 and 2, what source
>addresses should be used to isolate these 2 networks? Do you follow CIDR
>rules?
>
>* For example if the chosen source address is 10.152.152.11 for VMs 1
>and 2 what should the other network have?
>
The addresses are real addresses on the host, the VMs don't see them.
they are just a mean of communication between QEMU processes. You can
put localhost and some free port per each vm-to-vm tunnel.
>* Going more complicated. Can one VM participate in two separate TCP
>Tunnel networks while keeping them isolated? Topology: VM1(virtual NIC1)
><-> VM2 | VM1(virtual NIC2) <-> VM3
>
>VM2 and 3 can only talk to VM1 but not to each other in this example.
>
That is unless you configure routing in VM1.
>* Offtopic: Do your answers similarly apply for using the other
>Multicast and UDP options too?
>
As I said, they are just means of transport between QEMU processes. Go
ahead, configure two such machines and see what happens inside, that
should be enough to understand.
>I can explain better if I'm not making any sense.
>
>_______________________________________________
>libvirt-users mailing list
>libvirt-users@redhat.com
>https://www.redhat.com/mailman/listinfo/libvirt-users