On Sun, Sep 25, 2016 at 11:17 AM, Troels Arvin <troels@arvin.dk> wrote:
I would like to minimize the risk of virtual servers harming each other. As part of this, I would like to prevent them from changing their IP address to something different from what they are expected to have. In other words, I would like to prevent IP address spoofing in the guests. And I want to be able to do this without having to assign a different VLAN to each guest.
Setup: RHEV 3.6 with RH7-based RHEV-H hypervisor hosts.
Using virsh -r dumpxml <guest name> on a host, I can see that the guests have the "vdsm-no-mac-spoofing" network filter active for the virtual network interface.
But what if I want the "clean-traffic" filter to be active for the guests, as well (or instead): Is there a way to accomplish that in the RHEV-M/oVirt management interface? If so: Where's the option(s) to be found in the management interface? Can it be done globally, i.e. as a default when guests are started?
In 4.0 you can set this in the vnic profile (per network). With 3.6, you will need to create a hook to do it. See https://github.com/oVirt/vdsm/tree/master/vdsm_hooks/macspoof to get an idea how you could do it.
-- Regards, Troels Arvin
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users