On 06/10/2016 05:44, Joey Connelly wrote: > Hey QEMU dev group, > > I'm a graduate student at Boise State University working on my thesis > involving Virtualization/Cloud Computing Security and I wanted to ask > another IN-DEPTH question I've been trying to solve. If you have some time > it would be greatly appreciated: > > > *[Question:]* > > Can I migrate a VM to a nested VM using only the ports on my host and > knowing (from a super-user host administrator perspective) any/all network > information as required?? > > > > *[Senario:]* > > I'm a sys admin with root privileges. 1 QEMU process is running, guest_VM0, > with -monitoring and -enable-kvm options (its virtual environment supports > Intel-VTx). > > I then create a new guest_VM1 with the same virtual environment & support, > have -enable-kvm option and -hostfwd option enabled from host port 4444 to > guest post 5555. > > Within guest_VM1 I create another QEMU process, guest_VM_COPY, with again > same virtual environment & Intel-VTx support, have -enable-kvm and this > time it’s just sitting with -incoming tcp<options,...,listen-port5555> > waiting for migration. > > I then execute from guest_VM0 Monitor Console -migrate to port 4444, which > through hostfwd should send to my nested vm paused with -incoming > initialized. > > *[So… re-wording my question with this scenario now presented:]* > > After migration, with full super-user control, is there ANY virtual > network, (socket, bridge, user, etc) or combination of things I could setup > so that my nested guest_VM_COPY can still access the network through the > same host external network that it originally accessed?? Basically no > interruptions for the original guest_VM0 during or after migration?
In theory it would work if you set up networking to bridge to the host network. I'm not sure anyone has ever tried it... -hostfwd doesn't work in this configuration (which uses -netdev tap or -netdev bridge; hostfwd is only an option for user-mode emulation i.e. -netdev user). However you don't need it, because you can just migrate to the IP address of guest_VM1, port 5555. Paolo
