12:02 a.m.
I want to run a VM, which will itself be the KVM host of a number of KVM guests.
Each of the guests running in that nested environment will have a vNIC with an IP address
on the same subnet as the top-level hypervisor (the ovirt node).
In VMware vSphere environments I was able to do this by enabling promiscuous mode and
forged transmits on the VMware distributed switch port group, as described in this medium
article;
https://williamlam.com/2013/11/why-is-promiscuous-mode-forged.html
I've search a number of old threads here on the ovirt list archives. Many refer to
vdsm hooks that don't appear to exist any longer in ovirt 4.5.1.
How can I accomplish the same thing in ovirt?
4:06 a.m.
Hello,
2022. 07. 03. 7:02 keltezéssel, P F írta:
I've search a number of old threads here on the ovirt list
archives. Many refer to vdsm hooks that don't appear to exist any longer in ovirt
4.5.1.
Nested VT can be switched on while you (re)install your host, or in
modprobe (/etc/modprobe.d/vdsm-nestedvt.conf) on every host which runs
the nested VMs.
The mac spoofing protection however was moved, and you don't need
special vdsm hooks now.
Just go to the GUI, and in Network -> vNIC Profiles select the network
which you want to turn off the protection, click on Edit, and in a
network filter dropdown, select the "No Network Filter" option.
Regards
Peter
--
*Erdősi Péter
* /Informatikus, IKT Fejlesztési Főosztály /
*Kormányzati Informatikai Fejlesztési Ügynökség
* cím: 1134 Budapest, Váci út 35.
tel: +36 1 450 3080 e-mail: erdosi.peter(a)kifu.gov.hu
<mailto:erdosi.peter@kifu.gov.hu>
KIFÜ - www.kifu.gov.hu <http://kifu.gov.hu/kifu/>
9:39 a.m.
Once upon a time, P F <pat(a)patfruth.com> said:
Make a new vNIC profile that allows it. The default profiles use the
"vdsm-no-mac-spoofing" filter, which includes the standard
"no-mac-spoofing" and "no-arp-mac-spoofing" profiles. You can
probably
just make a profile with no network filter applied.
Then once the profile is created, apply it to the VM NIC(s) in question.
--
Chris Adams <cma(a)cmadams.net>
10:17 p.m.
Answering my own question... I don't know if it's the "correct" way, but
I seem to have been able to achieve a desired result by changing the vNIC profile. I
change the network filter drop-down from 'vdsm-no-mac-spoofing' (the default) to
'No Network Filter'.
975
days inactive
975
days old
3 comments
3 participants
participants (3)
-
Chris Adams -
Erdősi Péter -
P F