[Qemu-devel] Reg: <VM LIVE Migration><conntrack entries>

[Qemu-devel] Reg: <VM LIVE Migration><conntrack entries>

[bharath paulraj]

Hi Team,

I am using QEMU/KVM for launching VMs and libvirt to govern those VMs.  I
would like to synchronise the connection tracking entries specific to the VM
 during the VM LIVE migrations. It is required when the firewall is
implemented at the host level like libvirt's "network filters".  Unless
these connection tracking entries are synchronised, all the connections to
the VM are lost and all TCP connections should be reestablished. Is there
any option already available? or do we need to develop the code? We can't
rely on the migration hooks as VM pause in the source hypervisor and VM on
in the destination hypervisor is done by QEMU and it does not wait for any
application that needs to sync-up some metadata — In my case, it is
conntrack entries.

If I like to add the code and contribute to the community, what could be
the best approach to take?
Approach-1: Add a new command in QEMU to configure "maximum waiting-time
allowed".  During the VM Migration, Invoke the hook in the source when the
VM is paused and wait till the time value configured is elapsed or the hook
returns success, then do VM on in the destination.  It is more generic and
its up to the application to synchronise whatever required with in the
specified time span.
Approach-2: Modify the migrate command to accept the list of IP-Address,
which should be an optional parameter. If the IP-Address is specified,
along the dirty page synchronisation, synchronise the conntrack entries
that matches the IP address in its source or destination address and in the
destination QEMU, the conntrack entries should be segregated and programmed
in the hypervisor.

Thank you,
Bharath Paulraj