[Spice-devel] An overview of Network redirection in Spice

Gerd Hoffmann kraxel at redhat.com
Tue Mar 2 08:46:18 PST 2010


>> Motivation
>> ----------
>> In many scenarios, the network that the Spice client resides in is not
>> accessible from the virtual machine. Thus, the user cannot access
>> resources that are located in the client's network (e.g., network
>> printers). The suggested solution provides an almost transparent
>> access to
>> this network.

> - Aren't you bypassing all network access controls en-route (firewalls,
> ACLs, content-filtering, etc.) ?

Yes.

>> Solution overview
>> -----------------
>> 1. An additional virtual network card (nic) is installed on the VM.
>> This network card is dedicated for communication with the client-side
>> network
>> 2. The nic's subnet is unique (henceforth, the virtual subnet).
>
> What about IPv6?
> Why go above layer 2?

I was about to ask the same question.  Why bother processing the packets 
in the spice server?  Just pass the raw ethernet frames through the 
tunnel channel over to the spice client.  Then it is up to the client to 
figure if and how it will hook up the virtual machine to the local 
network.  Using slirp in the spice client will be one (but not the only) 
option then.

cheers,
   Gerd



More information about the Spice-devel mailing list