[Planetlab-devel] IPv6 support for MyPLC

mef at CS.Princeton.EDU mef at CS.Princeton.EDU
Tue Nov 7 21:27:03 EST 2006 

Hello Rick and Jim,

As you know, PlanetLab started as a grassroots effort.  As such, there 
was an effort to ensure that institutions could join PlanetLab with 
relatively small cost.  Requesting each site to give us, say, 64 IPv4 
address per hosted machine would likely have been a showstopper.  For 
this reason, it was decided that users on PlanetLab would share a 
single IPv4 address.  In PlanetLab 1.0, each sliver (a "virtual 
machine" in PlanetLab speak) was basically a Linux account. Port 
sharing worked just liked it does on a regular Linux machine.  In 
PlanetLab 2.0, we moved to vserver technology that would let users have 
limited root access.  However, with such root access they could now 
sniff any traffic to the host (and on the wire).  Long story short, to 
solve this problem Mark Huang developed VNET 
(http://www.planet-lab.org/doc/vnet.php), which provides isolation 
while still allowing a limited form of raw sockets.

Rick already listed the main drawback of sharing a single IPv4 address: 
only one sliver can bind to well known ports (e.g., 53 for DNS, 80 for 
HTTP, etc.).  Nor do we support IPsec. It will be nice to address these 
problems with IPv6.  My hope is that we will also be able to do some 
interesting mcast and anycast work.

Marc





Quoting "McGeer, Patrick C" <rick.mcgeer at hp.com>:

> "Isolation rather than virtualization" means that if you and I share the
> same IP address we share the same port space under vservers, I think.  I
> agree, it's not a very clear choice of phrasing.
>
> As to why people want their own IP addresses, it's because they want to
> attach services to well-known ports.  For example, there are at least
> three collaborative DNS services I know about, and all three would love
> to use port 53.  Similarly, lots of people want 80, either because
> they're offering content distribution services over http and they want
> end-users sitting behind blocked firewalls to use their service, or
> they're doing whatever they're doing as a web service and don't want to
> deal with firewalls.
>
> -----Original Message-----
> From: Bound, Jim
> Sent: Tuesday, November 07, 2006 5:06 PM
> To: McGeer, Patrick C; 'Marc E. Fiuczynski';
> 'devel at lists.planet-lab.org'
> Subject: RE: [Planetlab-devel] IPv6 support for MyPLC
>
> Ack,  Did not associate the PLL work with Linux vserver until I saw your
> mail. Got it.
>
> What does this mean from the page below
>
> Networking is based on isolation rather than virtualization, so no
> additional overhead for packets.
>
> Confused now why does each vserver need its own IP address?
>
> thanks
> /jim
>
>> -----Original Message-----
>> From: McGeer, Patrick C
>> Sent: Tuesday, November 07, 2006 7:57 PM
>> To: Bound, Jim; 'Marc E. Fiuczynski'; 'devel at lists.planet-lab.org'
>> Subject: RE: [Planetlab-devel] IPv6 support for MyPLC
>>
>> Not even. A vserver is basically just a naming scheme:
>> isolation is provided by hiding names aside from the ones you're
>> supposed to see.  The vservers share a single pool of processes, and
>> so which process gets which port is decided the same way it is in any
>> Linux implementation.  See the wikipedia article
>> (http://en.wikipedia.org/wiki/Linux-VServer).
>>
>> Note that this article points out that no v6 support is a disadvantage
>
>> of vservers today (you think?).  Once this gets done by Marc and co,
>> this should back-port to the standard vserver distribution, and so one
>
>> nice side effect from this project is that all the ISPs using vservers
>
>> to do web hosting will be able to offer v6 web hosting to their
>> clients...
>>
>> Rick.
>>
>> -----Original Message-----
>> From: Bound, Jim
>> Sent: Tuesday, November 07, 2006 4:46 PM
>> To: McGeer, Patrick C; 'Marc E. Fiuczynski';
>> 'devel at lists.planet-lab.org'
>> Subject: RE: [Planetlab-devel] IPv6 support for MyPLC
>>
>> OK this is complex and VM issue interfacing to the network.
>>
>> ifconfig configures interfaces on NIC cards.  the interface is
>> typically a hardware interface.  So assume your assigning one address
>> to the interface but then have some form of custom handler that looks
>> at ports to determine or identify which VM Server gets the packet in
>> the IP Stack?
>>
>> For IPv6 for a link it can support multiple prefixes per link. So lets
>
>> say on PLL vserver is its own link.  There could be multple prefixes
>> for one NIC all using the same EUI for IPv6.  Depending on the PLL
>> prefix you select will identify what each link vserver uses.  Thus I
>> think stateless autoconfig can work just need good router that handles
>
>> the node discovery in front of PLL vserver node.  All the choices marc
>
>> listed for DNS are a decision to be made.  Just so you know years ago
>> we moved all the IPv6 node discovery ICMPv6 packets up to user space
>> and then from there did DynDNS (yours truly wrote that code :--)).
>>
>> But PLL is using Linux right not UNIX variant?
>>
>> Bottom line this is very doable but it will take some tinkering with
>> the interface to the vserver incantations and sounds like some code
>> changes?
>>
>> /jim
>>
>> > -----Original Message-----
>> > From: McGeer, Patrick C
>> > Sent: Tuesday, November 07, 2006 7:35 PM
>> > To: Bound, Jim; 'Marc E. Fiuczynski'; 'devel at lists.planet-lab.org'
>> > Subject: RE: [Planetlab-devel] IPv6 support for MyPLC
>> >
>> > 1. Yes, there are multiple (often, >= 20) vservers/machine.
>> > 2. I'll let Marc describe how IP config is done.  Or can we
>> get enough
>> > info just by logging into an arbitrary PL node and running ifconfig?
>> >
>> > -----Original Message-----
>> > From: Bound, Jim
>> > Sent: Tuesday, November 07, 2006 4:31 PM
>> > To: McGeer, Patrick C; 'Marc E. Fiuczynski';
>> > 'devel at lists.planet-lab.org'
>> > Subject: RE: [Planetlab-devel] IPv6 support for MyPLC
>> >
>> > Rick,
>> >
>> > OK yes v6 makes that much better.
>> >
>> > So are there multiple vservers per machine?
>> >
>> > If you have a paper that explains how IP config is done I
>> can go read
>> > that too?  If answer is yes to the above next questions :--)
>> >
>> > thx
>> > /jim
>> >
>> > > -----Original Message-----
>> > > From: McGeer, Patrick C
>> > > Sent: Tuesday, November 07, 2006 7:26 PM
>> > > To: Bound, Jim; Marc E. Fiuczynski; devel at lists.planet-lab.org
>> > > Subject: RE: [Planetlab-devel] IPv6 support for MyPLC
>> > >
>> > > Jim,
>> > > One of the problems that PlanetLab has is that we only
>> have one v4
>> > > address per machine (gee, think more address bits would
>> solve this
>> > > problem?).  So the ugly choices are to share the port
>> space (which
>> > > we're doing), or do some hideous on-box NAT thing.
>> > >
>> > > The cool thing about v6 (well, one cool thing about v6) is
>> > that we can
>> > > give each sliver (aka, each virtual machine) its own v6
>> > address.  So
>> > > we haven't faced this issue in v4 because
>> > > v4 is too limited to give us the possibility.
>> > >
>> > > -- Rick
>> > >
>> > > -----Original Message-----
>> > > From: devel-bounces at planet-lab.org
>> > > [mailto:devel-bounces at planet-lab.org] On Behalf Of Bound, Jim
>> > > Sent: Tuesday, November 07, 2006 3:35 PM
>> > > To: Marc E. Fiuczynski; devel at lists.planet-lab.org
>> > > Subject: RE: [Planetlab-devel] IPv6 support for MyPLC
>> > >
>> > > How does it work with IPv4 today?
>> > >
>> > > I don't how the vserver configures its IP address and if
>> it uses an
>> > > IPv6 implementation it must know node discovery thus
>> > stateless could
>> > > work.
>> > >
>> > > DHCPv6 assumes their is a DHCPv6 client on the vserver?
>> > >
>> > > /jim
>> > >
>> > > > -----Original Message-----
>> > > > From: devel-bounces at planet-lab.org
>> > > > [mailto:devel-bounces at planet-lab.org] On Behalf Of Marc E.
>> > > Fiuczynski
>> > > > Sent: Tuesday, November 07, 2006 5:59 PM
>> > > > To: devel at lists.planet-lab.org
>> > > > Subject: [Planetlab-devel] IPv6 support for MyPLC
>> > > >
>> > > > [This thread was on started on a separate mailing list.
>> > > I've shut down
>> > > > that mailing list and would like to continue on the
>> devel mailing
>> > > > list.]
>> > > >
>> > > > We are still plugging along on the required kernel fixes to
>> > > support a
>> > > > unique
>> > > > IPv6 address per sliver (i.e., a vserver or virtual machine) on
>> > > > PlanetLab.
>> > > > While this seems to be making happy progress, there are at
>> > > least two
>> > > > issues that we need to resolve for which it would be
>> great to get
>> > > > feedback /
>> > > > thoughts:
>> > > >
>> > > > 1) What IPv6 address should be assigned to a sliver (static or
>> > > > autoconf'd)?
>> > > >
>> > > > and
>> > > >
>> > > > 2) How to get the IPv6 addresses assigned to slivers into DNS?
>> > > >
>> > > > Marc
>> > > >
>> > > > _______________________________________________
>> > > > Devel mailing list
>> > > > Devel at lists.planet-lab.org
>> > > > https://lists.planet-lab.org/mailman/listinfo/devel
>> > > >
>> > >
>> > > _______________________________________________
>> > > Devel mailing list
>> > > Devel at lists.planet-lab.org
>> > > https://lists.planet-lab.org/mailman/listinfo/devel
>> > >
>> >
>>
>

More information about the Devel mailing list