I'm working on some load-balancing solutions and they appear to require MAC spoofing. I did some searching and reading and as I understand it, you can disable the MAC spoofing protection through a few methods. I was wondering about the best manner to enable this for the VMs that require it and not across the board (if that is even possible). I'd like to just allow my load-balancer VMs to do what they need to, but keep the others untouched as a security mechanism. If anyone has any advice on the best method to handle this scenario, I would greatly appreciate it. It seems that this might turn into some type of feature request, though I'm not sure if this is something that has to be done at the Linux bridge level, the port level, or the VM level. Any explanations into that would also help in my education.

Yep. I had found that and applied it. Great solution! I actually wrote about it to the zen load balancer list. I will add it here for semi-documentation: ------ just wanted to follow-up so that it is documented on how to get this working on oVirt/RHEV. I had to install a VDSM hook to allow mac-spoofing as a VM custom property like so (on each node): yum install vdsm-hook-macspoof That requires a restart of vdsmd on the node as well as a process on the oVirt/RHEV engine: engine-config -s "UserDefinedVMProperties=macspoof=(true|false)" Which then requires a restart of the oVirt/RHEV engine. After that, there will be an available custom properly on the VM called 'macspoof' that can be set to 'true'. Once I did this and shutdown/powered on the VMs, the cluster setup now completes successfully. You learn something every day. Thanks for pointing me in the right direction. The one thing I wish I had on these VMs is the ovirt-guest-agent which would likely work except that Debian 6 doesn't seem to have python-ethtool package/deps. If there are any plans to update the version of Debian that ZLB is based on, let me know. ----- On Tue, May 12, 2015 at 5:43 AM, Dan Kenigsberg <danken(a)redhat.com&gt; wrote: > > On Mon, May 11, 2015 at 02:12:22PM -0400, Christopher Young wrote: > > I'm working on some load-balancing solutions and they appear to require > > MAC > > spoofing. I did some searching and reading and as I understand it, you > > can > > disable the MAC spoofing protection through a few methods. > > > > I was wondering about the best manner to enable this for the VMs that > > require it and not across the board (if that is even possible). I'd > > like > > to just allow my load-balancer VMs to do what they need to, but keep the > > others untouched as a security mechanism. > > > > If anyone has any advice on the best method to handle this scenario, I > > would greatly appreciate it. It seems that this might turn into some > > type > > of feature request, though I'm not sure if this is something that has to > > be > > done at the Linux bridge level, the port level, or the VM level. Any > > explanations into that would also help in my education. > > You can enable mac spoofing per VM or per vNIC using vdsm-hook-macspoof. > See more details on the hook's README file > > > https://gerrit.ovirt.org/gitweb?p=vdsm.git;a=blob;f=vdsm_hooks/macspoof/R...