Chair of Network Architectures and Services Department of Informatics Technical University of Munich Virtio-Vsock - Configuration-Agnostic Guest/Host Communication Johannes Wiesböck Friday 19 th July, 2019 Chair of Network Architectures and Services Department of Informatics Technical University of Munich
Introduction Common Problems J. Wiesböck — virtio-vsock 2
Introduction Use-cases for Guest/Host Communication VM1 VM2 Agent Agent Host Service Host Possible Use Cases [2] • SSH (configuration, file transfer, etc.) • file sharing • qemu-guest-agent (shutdown, suspend, etc.) J. Wiesböck — virtio-vsock 3
Traditional Solutions Networking Create a virtual network between host and virtual machines. Pros • Can be used by existing applications. • Also used for networking between hosts and internet access. Cons • Setup can be complex and requires high maintenance. • Invasive on both host and VMs. Serial Interface Create a virtual serial device for communication between guest and host (virtio-serial). Cons • Porting of network applications to serial device is more complex. • Limited number of channels. • slow J. Wiesböck — virtio-vsock 4
Virtio-Vsock Concept Communication channel between host and guests based on the addressing scheme AF_VSOCK. History • virtual machine sockets introduced to Linux by VMware in 2013 • virtio-vsock in the mainline Linux kernel since version 4.8 Features • zero-configuration guest/host communication • stream-based • flow-control • safe ordering J. Wiesböck — virtio-vsock 5
Virtio-Vsock AF_VSOCK • Address format used by virtual machine sockets (VMWare vSockets, virtio-vsock). • Machines are identified by 32 bit Context Identifier (CID). • Services are identified by 32 bit Port numbers. /* Creating an IPv6 socket */ int ip6_sock = socket(AF_INET6, SOCK_STREAM, 0); /* Creating a virtual socket */ int vsock = socket(AF_VSOCK, SOCK_STREAM, 0); J. Wiesböck — virtio-vsock 6
Virtio-Vsock New topology with Virtio-Vsock VM1 (CID 3) VM2 (CID 4) Agent Agent v:4711 v:4711 Host Service Host (CID 2) J. Wiesböck — virtio-vsock 7
Implementation Overview Problem Discover the ability to use various applications over virtio-vsock, e.g. SSH, HTTP , SMB. Considerations Characteristics Native Implementation Inetd-Style Applicability to many applications ✗ ✓ Consideration of special application features ✓ ✗ Simple implementation ✗ ✓ J. Wiesböck — virtio-vsock 8
Implementation SSH Server: Inetd-Style The SSH server sshd can be started through systemd socket activation: • Systemd listens to port 22 for incoming connections. • Once a connections arrives, systemd accepts the connection and passes the connected socket to sshd . ⇒ Socket activation can be used for vsock connections. J. Wiesböck — virtio-vsock 9
Implementation SSH Server: Inetd-Style The SSH server sshd can be started through systemd socket activation: • Systemd listens to port 22 for incoming connections. • Once a connections arrives, systemd accepts the connection and passes the connected socket to sshd . ⇒ Socket activation can be used for vsock connections. Client: SSH ProxyCommand • Problem: The ssh client only supports to connect to servers using IP . • Solution: ProxyCommand allows to start a proxy application when starting a SSH connection. • All SSH traffic is passed through the proxy application and relayed to the server over vsock. ssh -o ProxyCommand='socat - SOCKET-CONNECT:40:0:x0000x16000000x04000000x00000000' user@vm J. Wiesböck — virtio-vsock 9
Implementation Inetd-Style IPv6 Unique-Local Unicast Addresses IPv6 addresses in the subnet fc00::/7 are intended to be used locally and are not routed on the internet [1]. Address Mapping • Choose a random /64 prefix, e.g. fd00:abcd:ef12::/64. • Add destination CID to the prefix, e.g.: • CID 3 → fd00:abcd:ef12::3 • CID 1024 → fd00:abcd:ef12::400 J. Wiesböck — virtio-vsock 10
Implementation Inetd-Syle VM1 (CID 3) VM2 (CID 4) [fd00:abcd:ef12::2]:445 [fd00:abcd:ef12::2]:445 Samba Host (CID 2) [::1]:445 v:445 J. Wiesböck — virtio-vsock 11
Implementation Inetd-Syle VM1 (CID 3) VM2 (CID 4) cifs 1 [fd00:abcd:ef12::2]:445 [fd00:abcd:ef12::2]:445 Samba Host (CID 2) [::1]:445 v:445 J. Wiesböck — virtio-vsock 11
Implementation Inetd-Syle VM1 (CID 3) VM2 (CID 4) cifs socat 1 2 [fd00:abcd:ef12::2]:445 [fd00:abcd:ef12::2]:445 Samba Host (CID 2) [::1]:445 v:445 J. Wiesböck — virtio-vsock 11
Implementation Inetd-Syle VM1 (CID 3) VM2 (CID 4) cifs socat 1 2 [fd00:abcd:ef12::2]:445 [fd00:abcd:ef12::2]:445 3 Samba Host (CID 2) [::1]:445 v:445 J. Wiesböck — virtio-vsock 11
Implementation Inetd-Syle VM1 (CID 3) VM2 (CID 4) cifs socat 1 2 [fd00:abcd:ef12::2]:445 [fd00:abcd:ef12::2]:445 3 socat Samba 4 Host (CID 2) [::1]:445 v:445 J. Wiesböck — virtio-vsock 11
Implementation Inetd-Syle VM1 (CID 3) VM2 (CID 4) cifs socat 1 2 [fd00:abcd:ef12::2]:445 [fd00:abcd:ef12::2]:445 3 socat Samba 5 4 Host (CID 2) [::1]:445 v:445 J. Wiesböck — virtio-vsock 11
Implementation Demo J. Wiesböck — virtio-vsock 12
Conclusion Virtio-Vsock • zero-configuration guest/host communication • stream-based communication mechanism using the socket API Contributions • SSH configuration interface resilient against faulty network configuration • a simple and versatile way to use virtio-vsock in existing applications J. Wiesböck — virtio-vsock 13
Conclusion J. Wiesböck — virtio-vsock 14
Conclusion J. Wiesböck — virtio-vsock 15
Bibliography [1] G. Carle, S. Günther, J. Naab, and H. Stubbe. Grundlagen Rechnernetze und Verteilte Systeme (GRNVS) - Kapitel 3: Vermittlungsschicht. Technische Universität München, June 2019. [2] S. Hajnoczi. virtio-vsock Zero-configuration host/guest communication. J. Wiesböck — virtio-vsock 16
Recommend
More recommend
