[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] Adding support for Stateless Static NAT for TAP devices
|
From: |
John Basila |
|
Subject: |
Re: [Qemu-devel] Adding support for Stateless Static NAT for TAP devices |
|
Date: |
Thu, 30 Aug 2012 12:27:55 +0300 |
I have tried NAT and this is why I came up with this feature.
When starting multiple QEMU instances from the same snapshot image, the Guest
OS in all instances from the same state and if they start a connection to the
DNS server for example, they will all use the same source port. The iptables
will NAT the first packet it sees, but when the second QEMU instance sends the
same packet, the iptables will match the already NATed connection and thus
cause problems from returning packets.
Using the SSNAT, this solves the problem by allowing a unique connection to be
observed by the iptables.
Regarding the vhost=on, I can disallow the use of both which I think is fair.
John
-----Original Message-----
From: Stefan Hajnoczi [mailto:address@hidden
Sent: Thursday, August 30, 2012 12:14 PM
To: John Basila
Cc: address@hidden; Anthony Liguori
Subject: Re: Adding support for Stateless Static NAT for TAP devices
On Thu, Aug 30, 2012 at 09:12:19AM +0300, John Basila wrote:
> When running multiple instances of QEMU from the same image file
> (using -snapshot) and connecting each instance to a dedicated TAP
> device, the Guest OS will most likely not be able to communicate with
> the outside world as all packets leave the Guest OS from the same IP
> and thus the Host OS will have difficulty returning the packets to the
> correct TAP device/Guest OS. Stateless Static Network Address
> Translation or SSNAT allows the QEMU to map the network of the Guest
> OS to the network of the TAP device allowing a unique IP address for
> each Guest OS that ease such case.
> The only mandatory argument to the SSNAT is the Guest OS network IP,
> the rest will be figured out from the underlying TAP device.
>
> Signed-off-by: John Basila <address@hidden>
> ---
> net/tap.c | 369
> +++++++++++++++++++++++++++++++++++++++++++++++++++++-
> qapi-schema.json | 5 +-
> qemu-options.hx | 10 ++-
> 3 files changed, 381 insertions(+), 3 deletions(-)
This does not work with vhost=on because the host<->guest packet processing
happens in vhost_net.ko instead of in QEMU.
Use iptables on the host to NAT the tap interface.
Stefan
Scanned by Check Point Total Security Gateway.
- [Qemu-devel] Adding support for Stateless Static NAT for TAP devices, John Basila, 2012/08/30
- Re: [Qemu-devel] Adding support for Stateless Static NAT for TAP devices, Stefan Hajnoczi, 2012/08/30
- Re: [Qemu-devel] Adding support for Stateless Static NAT for TAP devices,
John Basila <=
- Re: [Qemu-devel] Adding support for Stateless Static NAT for TAP devices, Stefan Hajnoczi, 2012/08/30
- Re: [Qemu-devel] Adding support for Stateless Static NAT for TAP devices, John Basila, 2012/08/30
- Re: [Qemu-devel] Adding support for Stateless Static NAT for TAP devices, Ivan Shmakov, 2012/08/30
- Re: [Qemu-devel] Adding support for Stateless Static NAT for TAP devices, Dennis Jacobfeuerborn, 2012/08/30
- Re: [Qemu-devel] Adding support for Stateless Static NAT for TAP devices, John Basila, 2012/08/30