From: Alyssa Ross <hi@alyssa.is>
To: Cole Helbling <cole.e.helbling@outlook.com>
Cc: devel@spectrum-os.org
Subject: Re: [PATCH nixpkgs 14/16] spectrumPackages.sys-vms.net: init
Date: Wed, 14 Apr 2021 20:49:31 +0000 [thread overview]
Message-ID: <20210414204931.bs373beu65kdpl6e@eve.qyliss.net> (raw)
In-Reply-To: <20210411115740.29615-15-hi@alyssa.is>
[-- Attachment #1: Type: text/plain, Size: 2913 bytes --]
On Sun, Apr 11, 2021 at 11:57:38AM +0000, Alyssa Ross wrote:
> This is a VM that acts as a router. It handles talking to network
> hardware, and other VMs can be connected to it by attaching virtual
> ethernet devices.
>
> It expects to get a physical ethernet device passed through to it
> using VFIO. Wi-Fi should work too, but would need to be configured so
> I've stuck with Ethernet for now. We use ConnMan[1] to configure
> physical network interfaces, and it automatically takes care of DHCP
> and stuff for us. I chose ConnMan over NetworkManager because it was
> easier to get set up.
>
> Virtual ethernet devices are identified by a specific OUI in their MAC
> address. The NIC part of the MAC address is used to encode the last
> three octets of the IPv4 address this VM should assign to the
> interface. This way, the host can tell this VM what the address of
> each virtual interface is without having to resort to a secondary
> communication channel. The first octet will always be 100, as the
> intention is to use the IPv4 shared address space (aka the CGNAT
> space) for inter-VM networks to match the behaviour of Chromium OS[2].
>
> Every networking client will be connected to a router VM with a /31,
> where the low address is for the router, and the high address is for
> the client. This way the host's job is as simple as possible -- it
> just has to connect two TAPs together, without worrying about any
> routing rules or anything -- that can all happen in the VM. This does
> mean that the router has to have a virtio-net device for every client,
> though. We may run into scaling limitations with this approach, in
> which case we might have to revisit how this works on the host.
>
> [1]: https://git.kernel.org/pub/scm/network/connman/connman.git/about/
> [2]: https://chromium.googlesource.com/chromiumos/platform2/+/39e48f668a937d266638f3f7d31d3427a4966464/patchpanel/address_manager.cc#13
> ---
> .../os-specific/linux/spectrum/vm/default.nix | 2 +
> .../linux/spectrum/vm/net/default.nix | 165 ++++++++++++++++++
> 2 files changed, 167 insertions(+)
> create mode 100644 pkgs/os-specific/linux/spectrum/vm/net/default.nix
Cole, if you want to test this, you'll probably need the following
additional diff to make it work with your hardware.
It's quite clearly time to support loadable modules in this VM, but I'd
like to leave that for a follow up after this series is sorted.
diff --git i/pkgs/os-specific/linux/spectrum/vm/net/default.nix w/pkgs/os-specific/linux/spectrum/vm/net/default.nix
index 079311c80e6..1deb7031caf 100644
--- i/pkgs/os-specific/linux/spectrum/vm/net/default.nix
+++ w/pkgs/os-specific/linux/spectrum/vm/net/default.nix
@@ -6,6 +6,7 @@ runCommand "vm-net" rec {
linux = linux_vm.override {
structuredExtraConfig = with lib.kernel; {
E1000E = yes;
+ IGB = yes;
PACKET = yes;
IP_NF_NAT = yes;
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next prev parent reply other threads:[~2021-04-14 20:49 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-11 11:57 [PATCH nixpkgs 00/16] Inter-guest networking Alyssa Ross
2021-04-11 11:57 ` [PATCH nixpkgs 01/16] linux: enable Xen everywhere it can be Alyssa Ross
2021-04-11 11:57 ` [PATCH nixpkgs 02/16] cloud-hypervisor: 0.8.0 -> 0.14.1 Alyssa Ross
2021-04-11 11:57 ` [PATCH nixpkgs 03/16] mdevd: init at 0.1.3.0 Alyssa Ross
2021-04-11 11:57 ` [PATCH nixpkgs 04/16] spectrumPackages.linux_vm: fix cloud-hypervisor hotplug Alyssa Ross
2021-04-11 11:57 ` [PATCH nixpkgs 05/16] spectrumPackages.linux_vm: allow config overrides Alyssa Ross
2021-04-11 11:57 ` [PATCH nixpkgs 06/16] crosvm: support setting guest MAC from --tap-fd Alyssa Ross
2021-04-11 11:57 ` [PATCH nixpkgs 07/16] spectrumPackages: export makeRootfs Alyssa Ross
2021-04-11 11:57 ` [PATCH nixpkgs 08/16] spectrumPackages.rootfs: add s6-rc support Alyssa Ross
2021-04-11 11:57 ` [PATCH nixpkgs 09/16] spectrumPackages.rootfs: make /var/lib and /var/run Alyssa Ross
2021-04-11 11:57 ` [PATCH nixpkgs 10/16] spectrumPackages.rootfs: add dbus configuration Alyssa Ross
2021-04-11 11:57 ` [PATCH nixpkgs 11/16] spectrumPackages.rootfs: add connman dbus services Alyssa Ross
2021-04-11 11:57 ` [PATCH nixpkgs 12/16] spectrumPackages.sys-vms.comp: init Alyssa Ross
2021-04-11 11:57 ` [PATCH nixpkgs 13/16] spectrumPackages.makeRootfs: move to default.nix Alyssa Ross
2021-04-11 11:57 ` [PATCH nixpkgs 14/16] spectrumPackages.sys-vms.net: init Alyssa Ross
2021-04-14 20:49 ` Alyssa Ross [this message]
2021-04-11 11:57 ` [PATCH nixpkgs 15/16] spectrumPackages.sys-vms.app: init Alyssa Ross
2021-04-11 11:57 ` [PATCH nixpkgs 16/16] spectrumPackages.spectrum-testhost: init Alyssa Ross
2021-04-14 22:15 ` [PATCH nixpkgs 00/16] Inter-guest networking Cole Helbling
2021-04-14 23:56 ` Alyssa Ross
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210414204931.bs373beu65kdpl6e@eve.qyliss.net \
--to=hi@alyssa.is \
--cc=cole.e.helbling@outlook.com \
--cc=devel@spectrum-os.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://spectrum-os.org/git/crosvm
https://spectrum-os.org/git/doc
https://spectrum-os.org/git/mktuntap
https://spectrum-os.org/git/nixpkgs
https://spectrum-os.org/git/spectrum
https://spectrum-os.org/git/ucspi-vsock
https://spectrum-os.org/git/www
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).