[Spice-devel] An overview of Network redirection in Spice
Gerd Hoffmann
kraxel at redhat.com
Tue Mar 2 08:46:18 PST 2010
>> Motivation
>> ----------
>> In many scenarios, the network that the Spice client resides in is not
>> accessible from the virtual machine. Thus, the user cannot access
>> resources that are located in the client's network (e.g., network
>> printers). The suggested solution provides an almost transparent
>> access to
>> this network.
> - Aren't you bypassing all network access controls en-route (firewalls,
> ACLs, content-filtering, etc.) ?
Yes.
>> Solution overview
>> -----------------
>> 1. An additional virtual network card (nic) is installed on the VM.
>> This network card is dedicated for communication with the client-side
>> network
>> 2. The nic's subnet is unique (henceforth, the virtual subnet).
>
> What about IPv6?
> Why go above layer 2?
I was about to ask the same question. Why bother processing the packets
in the spice server? Just pass the raw ethernet frames through the
tunnel channel over to the spice client. Then it is up to the client to
figure if and how it will hook up the virtual machine to the local
network. Using slirp in the spice client will be one (but not the only)
option then.
cheers,
Gerd
More information about the Spice-devel
mailing list