nested virtualization and promiscuous mode

I want to run a VM, which will itself be the KVM host of a number of KVM guests. Each of the guests running in that nested environment will have a vNIC with an IP address on the same subnet as the top-level hypervisor (the ovirt node). In VMware vSphere environments I was able to do this by enabling promiscuous mode and forged transmits on the VMware distributed switch port group, as described in this medium article; https://williamlam.com/2013/11/why-is-promiscuous-mode-forged.html I've search a number of old threads here on the ovirt list archives. Many refer to vdsm hooks that don't appear to exist any longer in ovirt 4.5.1. How can I accomplish the same thing in ovirt?

I've search a number of old threads here on the ovirt list archives. Many refer to vdsm hooks that don't appear to exist any longer in ovirt 4.5.1. Nested VT can be switched on while you (re)install your host, or in modprobe (/etc/modprobe.d/vdsm-nestedvt.conf) on every host which runs
Hello, 2022. 07. 03. 7:02 keltezéssel, P F írta: the nested VMs. The mac spoofing protection however was moved, and you don't need special vdsm hooks now. Just go to the GUI, and in Network -> vNIC Profiles select the network which you want to turn off the protection, click on Edit, and in a network filter dropdown, select the "No Network Filter" option. Regards Peter -- *Erdősi Péter * /Informatikus, IKT Fejlesztési Főosztály / *Kormányzati Informatikai Fejlesztési Ügynökség * cím: 1134 Budapest, Váci út 35. tel: +36 1 450 3080 e-mail: erdosi.peter@kifu.gov.hu <mailto:erdosi.peter@kifu.gov.hu> KIFÜ - www.kifu.gov.hu <http://kifu.gov.hu/kifu/>

Once upon a time, P F <pat@patfruth.com> said:
I want to run a VM, which will itself be the KVM host of a number of KVM guests. Each of the guests running in that nested environment will have a vNIC with an IP address on the same subnet as the top-level hypervisor (the ovirt node). In VMware vSphere environments I was able to do this by enabling promiscuous mode and forged transmits on the VMware distributed switch port group, as described in this medium article; https://williamlam.com/2013/11/why-is-promiscuous-mode-forged.html
I've search a number of old threads here on the ovirt list archives. Many refer to vdsm hooks that don't appear to exist any longer in ovirt 4.5.1.
How can I accomplish the same thing in ovirt?
Make a new vNIC profile that allows it. The default profiles use the "vdsm-no-mac-spoofing" filter, which includes the standard "no-mac-spoofing" and "no-arp-mac-spoofing" profiles. You can probably just make a profile with no network filter applied. Then once the profile is created, apply it to the VM NIC(s) in question. -- Chris Adams <cma@cmadams.net>

Answering my own question... I don't know if it's the "correct" way, but I seem to have been able to achieve a desired result by changing the vNIC profile. I change the network filter drop-down from 'vdsm-no-mac-spoofing' (the default) to 'No Network Filter'.
participants (3)
-
Chris Adams
-
Erdősi Péter
-
P F