On Thu, Dec 12, 2019 at 4:27 PM <k.betsis(a)gmail.com>
wrote:
Not external logical networks, with vNIC profiles, have no network filter
during the VM is started (or the vNIC is hotplugged),
allows any MAC address. This works without any hook required.
In most simple flow for a lab would be to remove the network filter from
ovirtmgmt, attach ovirtmgmt to a VM and boot the VM.
Well this is where theory contradicts practice...
Based on what you say layer 2 frames would traverse the VM Network bridge and reach VyOS
vnic, which they do not.
Layer 2 frames are dropped after leaving the VM and before reaching the VyOS vnic.
In theory if the VM bridge did not know where they should be forwarded it should broadcast
them to all attached ports, which again it is not been done.
So i am not sure if it is a bug, or a feature...
As I wrote above, layer 2 tunneling from one VM to another should work.
Are you force to extend the network on layer 2? If not,
two VMs connected by a tunnel or a VPN might be more straight and would
even limit layer 2 broadcasts.
I agree Layer 3 would be the best way forward but we
need layer 2 extension since the firewalls require it for high availability as well and we
need pcsd VIPs attached to monitored services to have high availability.