On Tue, May 13, 2008 at 04:55:04PM -0700, snowcrash+xen@gmail.com wrote:
ouch! a large %age of the boxes we deploy have a firewall/DomU & and a NAS/Domu, each with dedicated, pass'd-thru NICs. without passthru, performance is lousy.
You're aware that PCI passthrough is insecure? Someone who gets root access to a guest can reprogram the NICs (trivially) to read or write any area of memory in any guest or the dom0. This might be pertinent information if you were expecting your firewall to provide isolation.
Rich.