Network Traffic Generation

Network Traffic Generation

Shachar Shemesh shachar at shemesh.biz
Sat Mar 14 17:35:34 IST 2009 

Oleg Goldshmidt wrote:

> Shachar Shemesh <shachar at shemesh.biz> writes:
>
>   
>>      Unless VM0 sends an ARP inquiring about the destination IP,
>>
>> This ARP is sent to a physical NIC.
>>     
>
> Actually, no. It is sent by the VM's virtual NIC (the VM does not know
> anything else), and the "switch" in the hypervisor forwards it, among
> other things, to the virtual NIC of the other VM, that has its own MAC
> address, etc.
>
> I suppose it may depend on the configuration - I am not performing any
> experiments.
>
>   
>> Unless it is layer 3 aware, there is no reason for it to know that
>> the ARP received through a physical Ethernet device originated in
>> our machine.
>>     
>
> But it isn't received on the physical interface - see above.
>
>   
>> Who gave the VM
By "VM" I meant the virtual machine program. What you refer to as 
"hypervisor". My mistake. From now on I'm using your (less confusing) 
terminology.

When I bind a VM NIC to a physical NIC, especially if I do it for two 
different VMs and NICs (one NIC per VM), then the hypervisor has no 
right to assume the NICs are layer 2 connected. Any other functionality 
is a bug, and no two ways of looking at it. The network setup will 
simply misbehave if this is the case.
>
> It sends an Ethernet frame out of its
> virtual NIC (the only one it knows of), and as soon as this is done
> the VM considers the frame to be out in the "network", even though it
> may still be inside the physical box.
So far, so good.
>  The hypervisor, in turn,
> contains a virtual switch, that has virtual ports virtually connected
> to the VM's virtual NICs,
No no no no no!

The hypervisor is well within its right to contain a virtual switch that 
connects all of the VM NICs *that connect to the same physical NIC*. It 
is perfectly ok for it to forward that packet to any other VMs that 
connect to the same physical NIC, except in our case there are none. If 
it forwards this packet to VMs that do not connect to the same physical 
NIC, it has just connected two networks that were otherwise not 
connected. If VMWare does that, it is buggy (but I doubt it does).
> At least this is what happens in today's VMware. Again, possibly
> modulo configurations that I am not checking.
Such as the configuration I'm suggesting?
>  The motivation behind it
> is exactly the above: not to send frames out to the physical network
> if it can be avoided.
The behavior you are suggesting is akin to a hardware switch forwarding 
packets between two VLANS "to save on routing". A layer 2 switch is 
simply not allowed to do that.
> Xen/KVM/others may be different (I have not checked lately if they
> include virtual switches by default).
>   
Of course they do (well, Xen does, at least). There is no other way to 
function (a physical NIC does not "receive" its own outgoing packets 
unless it's in promiscuous mode, possibly not even then). Again, this 
has nothing to do with the scenario I'm describing.

Shachar

-- 
Shachar Shemesh
Lingnu Open Source Consulting Ltd.
http://www.lingnu.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.cs.huji.ac.il/pipermail/linux-il/attachments/20090314/7d909e88/attachment.html>

More information about the Linux-il mailing list