Networking Outside -- and Inside -- the Box

Submitted by Syscrusher on Tue, 2005/06/07 - 07:29.

Naturally, you'll want to have TCP/IP networking services running right away. The standard boot images from Marist College support the IBM "OSA" network adapter hardware which is in common use, but for now each Linux image running needs to have its own dedicated OSA port (fortunately, this is a multiport board, so that's usually possible). Several methods are being discussed as to how best to share the OSA adapter hardware across multiple Linux images.

Connecting one Linux image to another within the system itself is another matter entirely. Here IBM provides a low-level interface called the Inter User Communications Vehicle (IUCV) which allows memory-mapped messaging between virtual machines by transferring data from one address space to another. The IUCV in Linux can be mapped to a set of PPP-like (point-to-point) adapters called iucv0, iucv1, and so on. These can be given IP addresses and then used like any other point-to-point network connections. At the present time, the "other end" of this link must be tied to a specified virtual machine, which implies that one would probably dedicate a single virtual Linux machine with multiple IUCV links to serve as a router for all the other virtual Linux machines, thus saving physical network ports.

Some have discussed the possibility of making a virtual network adapter as a wrapper around IUCV, which would mean that all Linux instances on a single physical mainframe would communicate over an internal "virtual LAN" at gigabit speeds. Remember those multi-tiered client/server applications, or the ISP application, that I mentioned earlier? The IUCV virtual LAN would be an enormous benefit to such an installation.

By the way, there are some nice security implications to running multiple Linux instances on a single VM host. Even being root on Linux doesn't take you beyond being a normal user on the underlying host. So an intruder who cracks one of the Linux virtual machines doesn't automatically get access to others, or to the host operating system, unless the system administrator was nàive enough to use the same password everywhere. Systems on the Internet are often split across multiple machines to provide this level of isolation, but Linux under VM on an S/390 can do it all in one box.

( categories: )