14071dfb11
We are well above the required MIN_LIBVIRT_VERSION and MIN_QEMU_VERSION (4.4.0 and 2.11.0, respectively) to get QEMU-native TLS[1] support by default. So we can now deprecate (and later remove) the support for "tunnelled live migration", which has two inherent limitations: (a) it cannot handle live migration of disks in a non-shared storage setup (a.k.a. "block migration"); and (b) it has a huge performance overhead and latency, because it burns more CPU and memory bandwidth due to increased number of data copies, on both source and destination hosts. Both the above limitations are addressed by the QEMU-native TLS support `live_migration_with_native_tls`, which is the recommended approach for securing all live migration streams (guest RAM, device state, and disks). [1] https://docs.openstack.org/nova/latest/admin/secure-live-migration-with-qemu-native-tls.html Change-Id: I34fd5a4788a2ad4380d9a57b84512fa94a6f9c37 Signed-off-by: Kashyap Chamarthy <kchamart@redhat.com> |
||
---|---|---|
.. | ||
notes | ||
source |