Hi,
Here are my current problems:
1. How many pfinet servers are allowed to connect to one hypervisor?
If only one pfinet server is allowed to connect to one hypervisor,
hypervisors must communicate with each other to route packets sent
by pfinet servers.
If several pfinet servers are allowed to connect to the same
hypervisor, a hypervisor can route packets inside itself. If so,
does the hypervisor only route the packet among pfinet servers
that connect to the hypervisor?
If several pfinet servers are allowed to connect to the same
hypervisor, it's better for the hypervisor to create multiple
virtual network interfaces and each pfinet server can attach to
one interface. Maybe it can help to route packets among pfinet
servers.
2. Who can run the hypervisor and who can create the network interface?
The hypervisor should be able to access the real network
interface. I think only the priviledged user can run it.
Who can create the network interface depends on Problem 1.
3. How does the routing work?
it can always work if the packet is broadcasted to any pfinet
servers that connect to the hypervisor. then pfinet servers can
filter packets in the IP layer.
but it cannot give a good performance and there may be a security
problem: every user can see others' packets.
If no broadcasting, it's really difficult to do the routing.
The main reason is that IP isn't bound to the network interface
directly, and it's set in the pfinet server.
The hypervisor has no way to know which pfinet server has which IP
unless another function is provided for the pfinet to tell the
hypervisor what is its current IP.
4. How does the hypervisor guard the network traffic and filter
illegal packets?
It will be much work if the hypervisor understands all packets.
Best,
Zheng Da
