Version 7, last updated by zhengda at June 13, 2008 13:04 UTC
The design and implementation of hypervisor
Hi everyone,
I will create the network virtualization in Hurd.
I will create the network virtualization in Hurd.
The requirements:
to implement a mechanism which help pfinet servers communicate with each other. For example, if pfinet 1 has IP A and pfinet 2 has IP B, the packet sent by pfinet 1 with destination address IP B should be received by pfinet 2.
Sub-hurd should be able to use this mechanism to communicate with each other.
Meanwhile this mechanism should allow non-privileged the user to start his own pfinet.
to implement a mechanism which help pfinet servers communicate with each other. For example, if pfinet 1 has IP A and pfinet 2 has IP B, the packet sent by pfinet 1 with destination address IP B should be received by pfinet 2.
Sub-hurd should be able to use this mechanism to communicate with each other.
Meanwhile this mechanism should allow non-privileged the user to start his own pfinet.
The possible approach is to create a hypervisor whose roles are:
- to create some virtual network interface, so pfinet can send packets to it.
- to receive the packet from pfinet, and forward the packet to other pfinets in hurd
- or forward the packet to the real network device in the kernel and send it to the network.
- to guard the network traffic and filter illegal packets (forged by some malicious users) from pfinet or some other programs.
To create a virtual network interface:
Implement the RPC interface defined in device.defs just as "boot" does.
Publish the port, so other programs can get the port and open the virtual device by calling device_open(). The hypervisor now works as a translator and other programs can get the port by calling file_name_port().
Some problems:
- How many pfinet servers are allowed to connect to one hypervisor?
If only one pfinet server is allowed to connect to one hypervisor, hypervisors must communicate with each other to route packets sent by pfinet servers.
If several pfinet servers are allowed to connect to the same hypervisor, a hypervisor can route packets inside itself.
If several pfinet servers are allowed to connect to the same hypervisor, it's better for the hypervisor to create multiple virtual network interfaces and each pfinet server can attach to one interface. Maybe it can help to route packets among pfinet servers. - Who can run the hypervisor and who can create the network interface?
The hypervisor should be able to access the real network interface. I think only the priviledged user can run it.
Who can create the network interface depends on Problem 1. - How does the hypervisor guard the network traffic and filter illegal packets?
I have no idea how to do it.
It will be much work if the hypervisor understands all packets.
Could someone give me some advices or comments?
Thank you in advance.
Best,
Zheng Da
Thank you in advance.
Best,
Zheng Da