From: ashish mittal <ashmit602@gmail.com>
To: Stefan Hajnoczi <stefanha@gmail.com>
Cc: Ketan Nilangekar <Ketan.Nilangekar@veritas.com>,
Paolo Bonzini <pbonzini@redhat.com>,
"Daniel P. Berrange" <berrange@redhat.com>,
Jeff Cody <jcody@redhat.com>, qemu-devel <qemu-devel@nongnu.org>,
Kevin Wolf <kwolf@redhat.com>,
Markus Armbruster <armbru@redhat.com>,
Fam Zheng <famz@redhat.com>,
Ashish Mittal <Ashish.Mittal@veritas.com>,
Abhijit Dey <Abhijit.Dey@veritas.com>,
Buddhi Madhav <Buddhi.Madhav@veritas.com>,
"Venkatesha M.G." <Venkatesha.Mg@veritas.com>,
Nitin Jerath <Nitin.Jerath@veritas.com>,
Gaurav Bhandarkar <Gaurav.Bhandarkar@veritas.com>,
Abhishek Kane <Abhishek.Kane@veritas.com>,
Ketan Mahajan <Ketan.Mahajan@veritas.com>,
Niranjan Pendharkar <Niranjan.Pendharkar@veritas.com>,
Nirendra Awasthi <Nirendra.Awasthi@veritas.com>,
Rakesh Ranjan <Rakesh.Ranjan@veritas.com>
Subject: Re: [Qemu-devel] [PATCH v7 RFC] block/vxhs: Initial commit to add Veritas HyperScale VxHS block device support
Date: Tue, 13 Dec 2016 16:06:58 -0800 [thread overview]
Message-ID: <CAAo6VWMJAYeLdtEmyQ43vYeYjvNzCP80Wufe4=eNRUZum0rYdQ@mail.gmail.com> (raw)
Hi,
I am requesting feedback on the following design proposal for libqnio.
This adds an access control mechanism between libqnio client and
server. It is not a full client-server authentication model, and it is
not intended to substitute an authentication mechanism.
We wanted to check if the following would be acceptable for the first
version of VxHS patch while we design/implement a proper
authentication mechanism (possibly on a libqnio side branch)?
1. Client passes VM ID and vdisk ID to the server when it wants
to open a vdisk.
2. Server verifies whether the client/VM has access to open the
disk and passes/fails the open request.
3. Server returns unique token for every open vdisk.
4. Client passes this token with every request to server.
5. Server verifies this token for every request.
6. Server invalidates token when a client closes the corresponding vdisk.
Thanks,
Ashish
On Wed, Nov 30, 2016 at 1:01 AM, Stefan Hajnoczi <stefanha@gmail.com> wrote:
> On Mon, Nov 28, 2016 at 02:17:56PM +0000, Stefan Hajnoczi wrote:
>> Please take a look at vhost-user-scsi, which folks from Nutanix are
>> currently working on. See "[PATCH v2 0/3] Introduce vhost-user-scsi and
>> sample application" on qemu-devel. It is a true zero-copy local I/O tap
>> because it shares guest RAM. This is more efficient than cross memory
>> attach's single memory copy. It does not require running the server as
>> root. This is the #1 thing you should evaluate for your final
>> architecture.
>>
>> vhost-user-scsi works on the virtio-scsi emulation level. That means
>> the server must implement the virtio-scsi vring and device emulation.
>> It is not a block driver. By hooking in at this level you can achieve
>> the best performance but you lose all QEMU block layer functionality and
>> need to implement your own SCSI target. You also need to consider live
>> migration.
>
> To clarify why I think vhost-user-scsi is best suited to your
> requirements for performance:
>
> With vhost-user-scsi the qnio server would be notified by kvm.ko via
> eventfd when the VM submits new I/O requests to the virtio-scsi HBA.
> The QEMU process is completely bypassed for I/O request submission and
> the qnio server processes the SCSI command instead. This avoids the
> context switch to QEMU and then to the qnio server. With cross memory
> attach QEMU first needs to process the I/O request and hand it to
> libqnio before the qnio server can be scheduled.
>
> The vhost-user-scsi qnio server has shared memory access to guest RAM
> and is therefore able to do zero-copy I/O into guest buffers. Cross
> memory attach always incurs a memory copy.
>
> Using this high-performance architecture requires significant changes
> though. vhost-user-scsi hooks into the stack at a different layer so a
> QEMU block driver is not used at all. QEMU also wouldn't use libqnio.
> Instead everything will live in your qnio server process (not part of
> QEMU).
>
> You'd have to rethink the resiliency strategy because you currently rely
> on the QEMU block driver connecting to a different qnio server if the
> local qnio server fails. In the vhost-user-scsi world it's more like
> having a phyiscal SCSI adapter - redundancy and multipathing are used to
> achieve resiliency.
>
> For example, virtio-scsi HBA #1 would connect to the local qnio server
> process. virtio-scsi HBA #2 would connect to another local process
> called the "proxy process" which forwards requests to a remote qnio
> server (using libqnio?). If HBA #1 fails then I/O is sent to HBA #2
> instead. The path can reset back to HBA #1 once that becomes
> operational again.
>
> If the qnio server is supposed to run in a VM instead of directly in the
> host environment then it's worth looking at the vhost-pci work that Wei
> Wang <wei.w.wang@intel.com> is working on. The email thread is called
> "[PATCH v2 0/4] *** vhost-user spec extension for vhost-pci ***". The
> idea here is to allow inter-VM virtio device emulation so that instead
> of terminating the virtio-scsi device in the qnio server process on the
> host, you can terminate it inside another VM with good performance
> characteristics.
>
> Stefan
next reply other threads:[~2016-12-14 0:08 UTC|newest]
Thread overview: 79+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-12-14 0:06 ashish mittal [this message]
2016-12-14 7:23 ` [Qemu-devel] [PATCH v7 RFC] block/vxhs: Initial commit to add Veritas HyperScale VxHS block device support Stefan Hajnoczi
2016-12-16 1:42 ` Buddhi Madhav
2016-12-16 8:09 ` Stefan Hajnoczi
2017-02-01 23:59 ` Ketan Nilangekar
2017-02-02 9:53 ` Daniel P. Berrange
2017-02-02 10:07 ` Stefan Hajnoczi
2017-02-02 10:15 ` Daniel P. Berrange
2017-02-02 20:57 ` Ketan Nilangekar
2017-02-02 21:22 ` Ketan Nilangekar
2017-02-03 9:45 ` Daniel P. Berrange
2017-02-03 21:32 ` Ketan Nilangekar
2017-02-02 20:53 ` Ketan Nilangekar
-- strict thread matches above, loose matches on Subject: below --
2016-09-28 4:09 Ashish Mittal
2016-09-28 11:12 ` Paolo Bonzini
2016-09-28 11:13 ` Stefan Hajnoczi
2016-10-05 4:02 ` Jeff Cody
2016-10-11 7:56 ` ashish mittal
2016-10-18 19:10 ` Jeff Cody
2016-10-19 20:01 ` Ketan Nilangekar
2016-09-28 11:36 ` Stefan Hajnoczi
2016-09-28 12:06 ` Daniel P. Berrange
2016-09-28 21:45 ` Stefan Hajnoczi
2016-11-14 15:05 ` Stefan Hajnoczi
2016-11-14 18:01 ` ashish mittal
2016-11-15 22:38 ` ashish mittal
2016-11-16 8:12 ` Stefan Hajnoczi
2016-11-18 7:26 ` Jeff Cody
2016-11-18 8:57 ` Daniel P. Berrange
2016-11-18 10:02 ` Stefan Hajnoczi
2016-11-18 10:57 ` Ketan Nilangekar
2016-11-18 11:03 ` Daniel P. Berrange
2016-11-18 11:36 ` Ketan Nilangekar
2016-11-18 11:54 ` Daniel P. Berrange
2016-11-18 13:25 ` Ketan Nilangekar
2016-11-18 13:36 ` Daniel P. Berrange
2016-11-23 8:25 ` Ketan Nilangekar
2016-11-23 22:09 ` ashish mittal
2016-11-23 22:37 ` Paolo Bonzini
2016-11-24 5:44 ` Ketan Nilangekar
2016-11-24 11:11 ` Stefan Hajnoczi
2016-11-24 11:31 ` Ketan Nilangekar
2016-11-24 16:08 ` Stefan Hajnoczi
2016-11-25 8:27 ` Ketan Nilangekar
2016-11-25 11:35 ` Stefan Hajnoczi
2016-11-28 10:23 ` Ketan Nilangekar
2016-11-28 14:17 ` Stefan Hajnoczi
2016-11-30 0:45 ` ashish mittal
2016-11-30 4:20 ` Rakesh Ranjan
2016-11-30 8:35 ` Stefan Hajnoczi
2016-11-30 9:01 ` Stefan Hajnoczi
2016-11-28 7:15 ` Fam Zheng
2016-11-24 10:15 ` Daniel P. Berrange
2016-11-18 10:34 ` Ketan Nilangekar
2016-11-18 14:49 ` Markus Armbruster
2016-11-18 16:19 ` Jeff Cody
2016-09-29 1:46 ` Jeff Cody
2016-09-29 2:18 ` Jeff Cody
2016-09-29 17:30 ` ashish mittal
2016-09-30 8:36 ` Stefan Hajnoczi
2016-10-01 3:10 ` ashish mittal
2016-10-03 14:10 ` Stefan Hajnoczi
2016-10-20 1:31 ` Ketan Nilangekar
2016-10-24 14:24 ` Paolo Bonzini
2016-10-25 1:56 ` Abhijit Dey
2016-10-25 5:07 ` Ketan Nilangekar
2016-10-25 5:15 ` Abhijit Dey
2016-10-25 11:01 ` Paolo Bonzini
2016-10-25 21:53 ` Ketan Nilangekar
2016-10-25 21:59 ` Paolo Bonzini
[not found] ` <21994ADD-7BC5-4C77-8D18-C1D4F9A52277@veritas.com>
[not found] ` <ac0aa87f-702d-b53f-a6b7-2257b25a4a2a@redhat.com>
2016-10-26 22:17 ` Ketan Nilangekar
2016-11-04 9:49 ` Stefan Hajnoczi
2016-11-04 18:44 ` Ketan Nilangekar
2016-11-04 9:52 ` Stefan Hajnoczi
2016-11-04 18:30 ` Ketan Nilangekar
2016-11-07 10:22 ` Stefan Hajnoczi
2016-11-07 20:27 ` Ketan Nilangekar
2016-11-08 15:39 ` Stefan Hajnoczi
2016-11-09 12:47 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAAo6VWMJAYeLdtEmyQ43vYeYjvNzCP80Wufe4=eNRUZum0rYdQ@mail.gmail.com' \
--to=ashmit602@gmail.com \
--cc=Abhijit.Dey@veritas.com \
--cc=Abhishek.Kane@veritas.com \
--cc=Ashish.Mittal@veritas.com \
--cc=Buddhi.Madhav@veritas.com \
--cc=Gaurav.Bhandarkar@veritas.com \
--cc=Ketan.Mahajan@veritas.com \
--cc=Ketan.Nilangekar@veritas.com \
--cc=Niranjan.Pendharkar@veritas.com \
--cc=Nirendra.Awasthi@veritas.com \
--cc=Nitin.Jerath@veritas.com \
--cc=Rakesh.Ranjan@veritas.com \
--cc=Venkatesha.Mg@veritas.com \
--cc=armbru@redhat.com \
--cc=berrange@redhat.com \
--cc=famz@redhat.com \
--cc=jcody@redhat.com \
--cc=kwolf@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.