Yep.  I had found that and applied it.  Great solution!   I actually wrote about it to the zen load balancer list.  I will add it here for semi-documentation:

------
 just wanted to follow-up so that it is documented on how to get this working on oVirt/RHEV.  I had to install a VDSM hook to allow mac-spoofing as a VM custom property like so (on each node):

yum install vdsm-hook-macspoof

That requires a restart of vdsmd on the node as well as a process on the oVirt/RHEV engine:

engine-config -s "UserDefinedVMProperties=macspoof=(true|false)"

Which then requires a restart of the oVirt/RHEV engine.

After that, there will be an available custom properly on the VM called 'macspoof' that can be set to 'true'.  Once I did this and shutdown/powered on the VMs, the cluster setup now completes successfully.  You learn something every day.

Thanks for pointing me in the right direction.  The one thing I wish I had on these VMs is the ovirt-guest-agent which would likely work except that Debian 6 doesn't seem to have python-ethtool package/deps.  If there are any plans to update the version of Debian that ZLB is based on, let me know.

-----

On Tue, May 12, 2015 at 5:43 AM, Dan Kenigsberg <danken@redhat.com> wrote:
On Mon, May 11, 2015 at 02:12:22PM -0400, Christopher Young wrote:
> I'm working on some load-balancing solutions and they appear to require MAC
> spoofing.  I did some searching and reading and as I understand it, you can
> disable the MAC spoofing protection through a few methods.
>
> I was wondering about the best manner to enable this for the VMs that
> require it and not across the board (if that is even possible).  I'd like
> to just allow my load-balancer VMs to do what they need to, but keep the
> others untouched as a security mechanism.
>
> If anyone has any advice on the best method to handle this scenario, I
> would greatly appreciate it.  It seems that this might turn into some type
> of feature request, though I'm not sure if this is something that has to be
> done at the Linux bridge level, the port level, or the VM level.  Any
> explanations into that would also help in my education.

You can enable mac spoofing per VM or per vNIC using vdsm-hook-macspoof.
See more details on the hook's README file

https://gerrit.ovirt.org/gitweb?p=vdsm.git;a=blob;f=vdsm_hooks/macspoof/README;h=6bd11c1cb8ba2603d432fc8826eeb35738136c92;hb=79781a1945ceff6849a6a2b66cb5c4a1a5f8d874