[CentOS-virt] How to pass messages from dom0 to domU??

Thu Jul 23 08:53:38 UTC 2009
Christopher G. Stach II <cgs at ldsys.net>

----- "R P Herrold" <herrold at centos.org> wrote:

> The addition of a new private network segment seems like 
> overkill and needless additional fragility and complexity -- 
> if one to one, use a remote syslog setup (viz., over UDP); if 
> one to many (domU), use a multicast sender and listeners.
> Run either on the existing network seqment shared by the domUs 
> and dom0 already.

It's just RAM until you add a physical interface to the bridge, and then it's just Ethernet.  It would be difficult to argue that using either is fragile or complex.  Even compared against your suggestion, the only difference is isolation, the general rule for administrative networks.

If the skill level involved is negative, perhaps if the person is coming from the Device Manager space, maybe the steps of adding a bridge, a vif entry for each VM, and configuring the interface within each VM is way too much to handle.  However, IIRC, virtual network bridges are one of the documented Xen use cases and are entry level stuff.  The cost and added risk thereof are next to zero.  Being that worried about fragility in your basic set of capabilities is silly, unless you have evidence to the contrary.

If the messages are used to trigger things like shutdowns, scale back services, or be published in any way that could be dangerous (inadvertently notifying customers/competitors/attackers that your hardware sucks or what your system architecture looks like), you'll need to involve crypto unless you don't care if anyone inside shuts down your VMs.  syslogd would not help in this case, but at least SNMP could.

Christopher G. Stach II