Re: Client separation on bridge level
We do have certain VLANs that all the VMs need as of now, we will be able to do this at some point but I need a solution until then.
On 16. Mar 2020, at 11:08, Staniforth, Paul <P.Staniforth@leedsbeckett.ac.uk> wrote:
Can't you put then on separate VLANs?
Regards, Paul S. From: Hendrik Peyerl <hpeyerl@plusline.net> Sent: 16 March 2020 09:24 To: users@ovirt.org <users@ovirt.org> Subject: [ovirt-users] Client separation on bridge level
Caution External Mail: Do not click any links or open any attachments unless you trust the sender and know that the content is safe.
Hello everyone,
is there a way to seperate the traffic between VMs on the same bridge on one oVirt-node with built-in tools from ovirt? We have VMs using the same bridge which should never be able to talk to each other.
We are currently using ebtables for that, but its not working very good anymore now that we upgraded to 4.3 with firewalld.
Any suggestions would be greatly appreciated.
Best regards, Hendrik _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ovirt.... oVirt Code of Conduct: https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ovirt.... List Archives: https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.ovir... To view the terms under which this email is distributed, please go to:- http://leedsbeckett.ac.uk/disclaimer/email/
Look at Network Filters in the vNIC profile for the network. I haven't tested it but there is one called clean-traffic-gateway, which I believe allows only communication between a VM and the designated gateway. ---- On Mon, 16 Mar 2020 10:11:57 +0000 Hendrik Peyerl <hpeyerl@plusline.net> wrote ---- We do have certain VLANs that all the VMs need as of now, we will be able to do this at some point but I need a solution until then.
On 16. Mar 2020, at 11:08, Staniforth, Paul <mailto:P.Staniforth@leedsbeckett.ac.uk> wrote:
Can't you put then on separate VLANs?
Regards, Paul S. From: Hendrik Peyerl <mailto:hpeyerl@plusline.net> Sent: 16 March 2020 09:24 To: mailto:users@ovirt.org <mailto:users@ovirt.org> Subject: [ovirt-users] Client separation on bridge level
Caution External Mail: Do not click any links or open any attachments unless you trust the sender and know that the content is safe.
Hello everyone,
is there a way to seperate the traffic between VMs on the same bridge on one oVirt-node with built-in tools from ovirt? We have VMs using the same bridge which should never be able to talk to each other.
We are currently using ebtables for that, but its not working very good anymore now that we upgraded to 4.3 with firewalld.
Any suggestions would be greatly appreciated.
Best regards, Hendrik _______________________________________________ Users mailing list -- mailto:users@ovirt.org To unsubscribe send an email to mailto:users-leave@ovirt.org Privacy Statement: https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ovirt.... oVirt Code of Conduct: https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ovirt.... List Archives: https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.ovir... To view the terms under which this email is distributed, please go to:- http://leedsbeckett.ac.uk/disclaimer/email/
Users mailing list -- mailto:users@ovirt.org To unsubscribe send an email to mailto:users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/4AZJIDGF5VR3RR...
Thank you for this, I think we can work with this solution (if it works) for most VLANs. We also have a different case where we have the VMs in a Layer2 VLAN for NFS Shares from a Storage Pool with no gateways, do you guys maybe have an idea how to seperate those VMs? Thanks, Hendrik
On 16. Mar 2020, at 14:08, Alan G <alan+ovirt@griff.me.uk> wrote:
Look at Network Filters in the vNIC profile for the network. I haven't tested it but there is one called clean-traffic-gateway, which I believe allows only communication between a VM and the designated gateway.
---- On Mon, 16 Mar 2020 10:11:57 +0000 Hendrik Peyerl <hpeyerl@plusline.net> wrote ----
We do have certain VLANs that all the VMs need as of now, we will be able to do this at some point but I need a solution until then.
On 16. Mar 2020, at 11:08, Staniforth, Paul <P.Staniforth@leedsbeckett.ac.uk> wrote:
Can't you put then on separate VLANs?
Regards, Paul S. From: Hendrik Peyerl <hpeyerl@plusline.net> Sent: 16 March 2020 09:24 To: users@ovirt.org <users@ovirt.org> Subject: [ovirt-users] Client separation on bridge level
Caution External Mail: Do not click any links or open any attachments unless you trust the sender and know that the content is safe.
Hello everyone,
is there a way to seperate the traffic between VMs on the same bridge on one oVirt-node with built-in tools from ovirt? We have VMs using the same bridge which should never be able to talk to each other.
We are currently using ebtables for that, but its not working very good anymore now that we upgraded to 4.3 with firewalld.
Any suggestions would be greatly appreciated.
Best regards, Hendrik _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ovirt.... oVirt Code of Conduct: https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ovirt.... List Archives: https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.ovir... To view the terms under which this email is distributed, please go to:- http://leedsbeckett.ac.uk/disclaimer/email/
Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/4AZJIDGF5VR3RR...
participants (2)
-
Alan G -
Hendrik Peyerl