Howdy, all. I'm looking at building NETMAP-like functionality into
libvirt, such that groups of guest VMs (each group on its own bridge)
can think they're sharing the same address space, but be separately
addressable from outside (including the VM host itself). This has
applications in automated QA -- being able to suspend a group of virtual
machines in-flight, create an arbitrary number of copy-on-write images
of these machines (each group of copies attached via a different bridge
device) connected to different bridges, and being immediately able to
separately address each copy via a distinct network address without
reconfiguration.
Unfortunately, the current behavior of NETMAP -- translating the source
address in POSTROUTING and the destination in PREROUTING -- doesn't
appear to work for this purpose: I still need the original destination
intact when routing to decide which bridge packets should go out.
How do 'yall suggest resolving this? I've played around with
xtables-addons somewhat, and am pondering building a target to do
translation in the mangle table on a packet-by-packet basis (as my
present understanding -- correct or otherwise -- is that translating the
destination post-routing with existing conntrack-based NAT functionality
simply isn't feasible)... but at present I don't know what roadblocks
are likely to be hit in the process.
Thoughts?
Thanks!
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
