feature suggestion: in-host network with no external nics

Dan Kenigsberg danken at redhat.com
Thu Jan 3 10:07:22 UTC 2013 

Description
===========
In oVirt, after a VM network is defined in the Data Center level and
added to a cluster, it needs to be implemented on each host. All VM
networks are (currently) based on a Linux software bridge. The specific
implementation controls how traffic from that bridge reaches the outer
world. For example, the bridge may be connected externally via eth3, or
bond3 over eth2 and p1p2. This feature is about implementing a network
with no network interfaces (NICs) at all.

Having a disconnected network may first seem to add complexity to VM
placement. Until now, we assumed that if a network (say, blue) is
defined on two hosts, the two hosts lie in the same broadcast domain. If
a couple of VMs are connected to "blue" it does not matter where they
run - they would always hear each other. This is of course no longer
true if one of the hosts implements "blue" as nicless.
However, this is nothing new. oVirt never validates the single broadcast
domain assumption, which can be easily broken by an admin: on one host,
an admin can implement blue using a nic that has completely unrelated
physical connectivity.

Benefits
========
* All-in-One http://www.ovirt.org/Feature/AllInOne use case: we'd like
  to have a complete oVirt deployment that does not rely on external
  resources, such as layer-2 connectivity or DNS.
* Collaborative computing: an oVirt user may wish to have a group
  of VMs with heavy in-group secret communication, where only one of the
  VMs exposes an external web service. The in-group secret communication
  could be limited to a nic-less network, no need to let it spill
  outside.
* [SciFi] NIC-less networks can be tunneled to remove network segments
  over IP, a layer 2 NIC may not be part of its definition.

Vdsm
====
Vdsm already supports defining a network with no nics attached.

Engine
======
I am told that implementing this in Engine is quite a pain, as network
is not a first-class citizen in the DB; it is more of an attribute of
its primary external interface.

This message is an html-to-text redering of
http://www.ovirt.org/Features/Nicless_Network
(I like the name, it sounds like a jewelery)
and I am sure it is missing a lot (Pasternak is intentionally CCed).
Comments are most welcome.

Dan.

More information about the Arch mailing list