Red Hat Bugzilla – Bug 1301025
RFE: secure data transport between QEMU servers for migration
Last modified: 2018-02-23 10:18:31 EST
Description of problem:
The default QEMU migration transport runs a clear text TCP connection between the two QEMU servers. It is possible to tunnel the migration connection over libvirtd's secure connection but this imposes a significant performance penalty. It is also not possible to tunnel the NBD connection use for block migration at all.
As a step towards securing the management network we need to have Nova configure QEMU to use native TLS support on its migration and NBD data transports, without any tunnelling.