osv + golang + firecracker - vsock support?

[David Smith]

Hi all,

I can see that issue #1069 has been raised already to add support for vsock. Is there a plan to implement this in the next release? I would like to utilise a vsock mechanism to communicate configuration information between the host and my golang app running under a firecracker instance.

[Waldek Kozaczuk]

Hi,

Unfortunately, I do not have any bandwidth to work on it now (maybe in a couple of months). So we are looking for volunteers to help us with it. Are you interested?

As the mailing group conversation linked to #1069 indicates, adding vsock support would require implementing virtio socket device driver and wiring it up into network stack as a AF_VSOCK family socket. I have a hunch it should not be that difficult as there is some similarity to a network device in a sense that both have tx and rx virt queues so it might be possible to re-use some code or at least base the socket implementation on the network one. But the socket device has an extra event virt queue which has to be handled as well.

Also, vsock handles both host and guest initiated sessions. Would it make an effort smaller if we only implemented one of them for now? Which one do you need?

I have also found a nice document about vsock which might give more hints on how to implement it -  https://stefano-garzarella.github.io/posts/2019-11-08-kvmforum-2019-vsock/.

Regards,

Waldek

[Waldek Kozaczuk]

Base on page 26 in this slide - https://static.sched.com/hosted_files/kvmforum2019/50/KVMForum_2019_virtio_vsock_Andra_Paraschiv_Stefano_Garzarella_v1.3.pdf, it looks like there is a plan to use virtio-net device a transport for vsock. That would help us a lot, I guess.

Does anyone have any more insight?

Waldek

[David Smith]

Waldek,

many thanks for your detailed reply and I certainly understand the bandwidth issues. Unfortunately, I also have no bandwidth, plus I am not experienced working in the Linux kernel, so the level of effort for me to attempt this would be higher. To answer your question, in my particular scenario,  it would be a guest initiated vsock session, since I intend to use Firecracker as the host which means the host side is using and AF_UNIX socket type (as explained in Stefano's excellent document you linked to in your first reply).

Dave

[Gregory Burd]

--
You received this message because you are subscribed to the Google Groups "OSv Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to osv-dev+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/osv-dev/8c067fb3-3c42-48dc-ae54-bda13567bb1bn%40googlegroups.com.

[Gregory Burd]

With the introduction of Enclave instances which communicate via vsock and the security benefits of OSv/unikernel approach maybe this issue will warrant more attention as the two seem made for one another (OSv and Enclaves).  Any ideas?  This is on Nitro instances, I forget if OSv supports Nitro yet or not...

:)

https://aws.amazon.com/ec2/nitro/nitro-enclaves/

-greg

--

You received this message because you are subscribed to the Google Groups "OSv Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to osv-dev+u...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/osv-dev/93bd9dcf-814c-4f2e-87f8-d308f072f52bn%40googlegroups.com.

[Waldek Kozaczuk]

Greg,

OSv cannot run natively in Nitro instances (see https://github.com/cloudius-systems/osv/issues/924). 

I am not sure I understand enclaves well but can they be used across i3 (other "bare metal") instances and help communicate between OSv instances running under Firecracker on those? Would this even make sense and have any benefit?  

Regardless of this adding vsock support would be beneficial but we need volunteers.

Waldek