Hi,
Am Montag, 30. Januar 2006 01:20 schrieb Javier Guerra:
> On Sunday 29 January 2006 7:10 pm, Markus Hochholdinger wrote:
> > If i have the partition for my rootfs on multiple dom0s available it
> > could accidently be mounted. Or the same domU could be startet on
> > different dom0s. That is what i have fear of. But to be able to make live
> > migration the partitions have to be available.
> yeah, having several volumes on a "don't touch!" mode seems risky. i guess
> that as long as they're never mounted manually, just referenced in the domU
> definitions it should be safe enough.
well, and you shouldn't start the same domU on two different dom0s! Is xend
aware of this? If not, you can mess up your rootfs when running the same domU
on the same block device on different Xen hosts.
> also, if the domUs have access to the SAN environment, wouldn't that
> multiply several times the risk? I mean, if only the dom0 see the SAN,
> there are as many points of confusion as real boxes; but if the domUs see
> the SAN, any one of them could mess with anyone other.
That's right. In the point of security it should be better to have the SAN
only available in dom0.
> > But as my little network test shows it should be better for performance
> > to do it this way.
> yeah, very interesting that the dom0 CPU load is bigger as a router (20%)
> than as initiator (15%). it's also a neat coincidence that the total load
> adds to twice (20+10, opposed to 15).
> does anybody have a working bridged network to make a similar test? i'm
> guessing the overhead would be a bit lower, measurable but not too
> significant, maybe 15+10 instead of 20+10. any bets?
My figures are approximately. I run the tests a few minutes and looked at xen
top. When i have the new hardware i will test it more precise. Well, ok, i've
to test a lot...
--
greetings
eMHa
pgpG2ilXyupsr.pgp
Description: PGP signature
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|