[ovirt-users] ?==?utf-8?q? 2 Vlans on one VM nic
Gianluca Cecchi
gianluca.cecchi at gmail.com
Fri Nov 18 10:15:24 UTC 2016
On Fri, Nov 18, 2016 at 10:28 AM, MOUCHOIR David <David.Mouchoir at isae.fr>
wrote:
> That's what I understood
> I don't have problem configuring VLANs on nics and switches, I've already
> done many times
> What I said is
> If I have 3 VMs
> VM1 needs vlan1 and 2
> VM2 needs vlan3 and 4
> VM3 needs vlan5 and vlan6
>
> for security reason I don't want any of these VM to be able to "see"
> traffic of other VLAN
> I will need 3 interfaces, one per trunk
>
> Could Vswitch be the solution ? It seems to be implemented in ovirt, but
> documentation looks very poor ( or I didn't find the documentation ;) )
>
I'm not a security expert.
For sure If you don't trust the sysadmin of the VMs operating system or if
anyone has access to the virtual console so it could attach a live distro
and so on.... you had better to have 3 different physical network adapters
on your hypervisors and create on them
trunk for id 1 and 2 on first
trunk for id 3 and 4 on second
trunk for id 5 and 6 on third
But from a functionality point of view (and also segregation if you don't
modify configuration of OS) you can have only one physical adapter on
hypervisor, allow id 1, 2, 3, 4, 5, 6 on it and then configure
on VM1 OS configure ifcfg-eth0.1 and ifcfg-eth0.2 files
on VM2 OS configure ifcfg-eth0.3 and ifcfg-eth0.4 files
on VM3 OS configure ifcfg-eth0.5 and ifcfg-eth0.6 files
It depends on who manages ovirt infrastructure, network infrastructure and
OS infrastructure and if they are different people...
I don't know if any virtualization vendor can provide the level of security
you want using only one physical adapter....
GIanluca
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20161118/22f66406/attachment-0001.html>
More information about the Users
mailing list