Open hoh opened 2 years ago
Solving this issue as well would be handy: https://github.com/aleph-im/aleph-vm/issues/18
I've been looking at point 1, on making the ip addresses RFC1918 compliant. The easy way obviously would be to limit the vm_id generated to be limited to 4096 (assigning /24 networks out of 172.16.0.0/12 gives 12 bits to work with) and then modifying the guest_ip and host_ip functions in firecracker/microvm.py to f"172.{16 + self.vm_id // 256}.{self.vm_id % 256}.1".
There are 2 issues with that:
I would propose as a solution to make two new settings, VM_ADDRESS_POOL and VM_NETWORK_SIZE. This would make everything more flexible on a host per host basis.
However, this would mean passing those settings to the MicroVM class, which doesn't seem to be cleanest either. Therefor I would propose to move the calculation of the ip addresses out of firecracker/microvm.py and into functions called by the create_a_vm() function. This seems cleaner as the VM logic itself has no business determining the IP addresses, but should be a function in the supervisor anyway.
Additionally, this would make it easier in the future when looking at using a single tap interface per user, as at that point more knowledge about other VMs is required to determine which IP address to hand out, which is clearly a supervisor task.
That reads like the right way to go ! :+1:
Did some research into sharing the tap interface between multiple hosts. As I understand it currently, this would require the tap interface to be set with the option multi_queue, but this currently is not supported by Firecracker:
https://github.com/firecracker-microvm/firecracker/issues/750
With contributions from @tomribbens
[x] 1. IP ranges used by VMs should be updated because they are not following RFC1918
[ ] 2. Network configuration commands are changed from
iptables
tonft
[ ] Port forwarding - from a public IPv4 port on the host to a port on the guest Dedicated issue: https://github.com/aleph-im/aleph-vm/issues/148 Related: https://github.com/aleph-im/aleph-message/pull/30
[ ] IPv6 access to every virtual machine Dedicated issue: https://github.com/aleph-im/aleph-vm/issues/221
[ ] A Wireguard VPN between virtual machines from the same user, across hosts.
Notes
Include (and improve) the cleanup of network configuration on VM stop and on supervisor crash/start.