Virtio-Vsock - Configuration-Agnostic Guest/Host Communication - - PowerPoint PPT Presentation

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Virtio-Vsock - Configuration-Agnostic Guest/Host Communication

Johannes Wiesböck

Friday 19th July, 2019 Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Introduction

Common Problems

• J. Wiesböck — virtio-vsock

2

Introduction

Use-cases for Guest/Host Communication

Host Host Service Agent Agent VM1 VM2

Possible Use Cases [2]

• SSH (configuration, file transfer, etc.)
• file sharing
• qemu-guest-agent (shutdown, suspend, etc.)
• J. Wiesböck — virtio-vsock

3

Traditional Solutions

Networking

Create a virtual network between host and virtual machines.

Pros

• Can be used by existing applications.
• Also used for networking between hosts and internet access.

Cons

• Setup can be complex and requires high maintenance.
• Invasive on both host and VMs.

Serial Interface

Create a virtual serial device for communication between guest and host (virtio-serial).

Cons

• Porting of network applications to serial device is more complex.
• Limited number of channels.
• slow
• J. Wiesböck — virtio-vsock

4

Virtio-Vsock

Concept

Communication channel between host and guests based on the addressing scheme AF_VSOCK.

History

• virtual machine sockets introduced to Linux by VMware in 2013
• virtio-vsock in the mainline Linux kernel since version 4.8

Features

• zero-configuration guest/host communication
• stream-based
• flow-control
• safe ordering
• J. Wiesböck — virtio-vsock

5

Virtio-Vsock

AF_VSOCK

• Address format used by virtual machine sockets (VMWare vSockets, virtio-vsock).
• Machines are identified by 32 bit Context Identifier (CID).
• Services are identified by 32 bit Port numbers.

/* Creating an IPv6 socket */ int ip6_sock = socket(AF_INET6, SOCK_STREAM, 0); /* Creating a virtual socket */ int vsock = socket(AF_VSOCK, SOCK_STREAM, 0);

• J. Wiesböck — virtio-vsock

6

Virtio-Vsock

New topology with Virtio-Vsock

Host (CID 2) Host Service Agent v:4711 Agent v:4711 VM1 (CID 3) VM2 (CID 4)

• J. Wiesböck — virtio-vsock

7

Implementation

Overview

Problem

Discover the ability to use various applications over virtio-vsock, e.g. SSH, HTTP , SMB.

Considerations

Characteristics Native Implementation Inetd-Style Applicability to many applications ✗ ✓ Consideration of special application features ✓ ✗ Simple implementation ✗ ✓

• J. Wiesböck — virtio-vsock

8

Implementation

SSH

Server: Inetd-Style

The SSH server sshd can be started through systemd socket activation:

• Systemd listens to port 22 for incoming connections.
• Once a connections arrives, systemd accepts the connection and passes the connected

socket to sshd. ⇒ Socket activation can be used for vsock connections.

• J. Wiesböck — virtio-vsock

9

Implementation

SSH

Server: Inetd-Style

The SSH server sshd can be started through systemd socket activation:

• Systemd listens to port 22 for incoming connections.
• Once a connections arrives, systemd accepts the connection and passes the connected

socket to sshd. ⇒ Socket activation can be used for vsock connections.

Client: SSH ProxyCommand

• Problem: The ssh client only supports to connect to servers using IP

.

• Solution: ProxyCommand allows to start a proxy application when starting a SSH connection.
• All SSH traffic is passed through the proxy application and relayed to the server over vsock.

ssh -o ProxyCommand='socat - SOCKET-CONNECT:40:0:x0000x16000000x04000000x00000000' user@vm

• J. Wiesböck — virtio-vsock

9

Implementation

Inetd-Style

IPv6 Unique-Local Unicast Addresses

IPv6 addresses in the subnet fc00::/7 are intended to be used locally and are not routed on the internet [1].

Address Mapping

• Choose a random /64 prefix, e.g. fd00:abcd:ef12::/64.
• Add destination CID to the prefix, e.g.:
• CID 3 → fd00:abcd:ef12::3
• CID 1024 → fd00:abcd:ef12::400
• J. Wiesböck — virtio-vsock

10

Implementation

Inetd-Syle

Host (CID 2) Samba [::1]:445 v:445 [fd00:abcd:ef12::2]:445 [fd00:abcd:ef12::2]:445 VM1 (CID 3) VM2 (CID 4)

• J. Wiesböck — virtio-vsock

11

Implementation

Inetd-Syle

Host (CID 2) Samba [::1]:445 v:445 cifs [fd00:abcd:ef12::2]:445 [fd00:abcd:ef12::2]:445 VM1 (CID 3) VM2 (CID 4) 1

• J. Wiesböck — virtio-vsock

11

Implementation

Inetd-Syle

Host (CID 2) Samba [::1]:445 v:445 cifs [fd00:abcd:ef12::2]:445 [fd00:abcd:ef12::2]:445 VM1 (CID 3) VM2 (CID 4) 1 socat 2

• J. Wiesböck — virtio-vsock

11

Implementation

Inetd-Syle

Host (CID 2) Samba [::1]:445 v:445 cifs [fd00:abcd:ef12::2]:445 [fd00:abcd:ef12::2]:445 VM1 (CID 3) VM2 (CID 4) 1 socat 2 3

• J. Wiesböck — virtio-vsock

11

Implementation

Inetd-Syle

Host (CID 2) Samba [::1]:445 v:445 cifs [fd00:abcd:ef12::2]:445 [fd00:abcd:ef12::2]:445 VM1 (CID 3) VM2 (CID 4) 1 socat 2 3 socat 4

• J. Wiesböck — virtio-vsock

11

Implementation

Inetd-Syle

Host (CID 2) Samba [::1]:445 v:445 cifs [fd00:abcd:ef12::2]:445 [fd00:abcd:ef12::2]:445 VM1 (CID 3) VM2 (CID 4) 1 socat 2 3 socat 4 5

• J. Wiesböck — virtio-vsock

11

Implementation

Demo

• J. Wiesböck — virtio-vsock

12

Conclusion

Virtio-Vsock

• zero-configuration guest/host communication
• stream-based communication mechanism using the socket API

Contributions

• SSH configuration interface resilient against faulty network configuration
• a simple and versatile way to use virtio-vsock in existing applications
• J. Wiesböck — virtio-vsock

13

Conclusion

• J. Wiesböck — virtio-vsock

14

Conclusion

• J. Wiesböck — virtio-vsock

15

Bibliography

[1]

• G. Carle, S. Günther, J. Naab, and H. Stubbe.

Grundlagen Rechnernetze und Verteilte Systeme (GRNVS) - Kapitel 3: Vermittlungsschicht. Technische Universität München, June 2019. [2]

• S. Hajnoczi.

virtio-vsock Zero-configuration host/guest communication.

• J. Wiesböck — virtio-vsock

16