> On Thu, Dec 12, 2019 at 4:27 PM <k.betsis(a)gmail.com&gt; wrote:
>
>
>
> Not external logical networks, with vNIC profiles, have no network filter
> during the VM is started (or the vNIC is hotplugged),
> allows any MAC address. This works without any hook required.
> In most simple flow for a lab would be to remove the network filter from
> ovirtmgmt, attach ovirtmgmt to a VM and boot the VM.
>
Well this is where theory contradicts practice...
Based on what you say layer 2 frames would traverse the VM Network bridge and reach VyOS vnic, which they do not.
Layer 2 frames are dropped after leaving the VM and before reaching the VyOS vnic.
In theory if the VM bridge did not know where they should be forwarded it should broadcast them to all attached ports, which again it is not been done.
So i am not sure if it is a bug, or a feature...

>
>
> As I wrote above, layer 2 tunneling from one VM to another should work.
> Are you force to extend the network on layer 2? If not,
> two VMs connected by a tunnel or a VPN might be more straight and would
> even limit layer 2 broadcasts.
I agree Layer 3 would be the best way forward but we need layer 2 extension since the firewalls require it for high availability as well and we need pcsd VIPs attached to monitored services to have high availability.
_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-leave@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/WFV4A4YIDL7TFH2DQ3HYMO6UK5DLIIQT/