[Users] users quota and limit ips

Itamar Heim iheim at redhat.com
Sat Apr 20 17:23:40 UTC 2013


On 04/18/2013 05:48 PM, Jiri Belka wrote:
> On Thu, 18 Apr 2013 16:15:38 +0200
> Andrej Bagon <andrej.bagon at arnes.si> wrote:
>
>> Hi all,
>>
>> we are wondering how can we limit a user to use IPs we give him and not
>> others.
>> Best is understood from an example:
>> - we give a user a quota (with x CPU, y memory and z disk space)
>> - a user can create one VirtualMachine with all the resources, or more
>> VirtualMachines with smaller resources.
>> - we want to give a user a pool of IPs. He should not use other IPs. If
>> he uses other IP it should not be routable.
>>
>> Is there a solution for this problem?
>
> Normal solution:
>
> * mirror port on your switch which is forwarded to a NIDS
>    and search for unauthoried IPs MACs pairs
>
> "Software foo can to everything" solution:
>
> * libvirt know nwfilter
> * vdsm has hooks
>
> thus combination of your own nwfilters, custom properties and vdsm
> hooks.
>
> Or raise a RFE so we could assing nwfilters to a VM.

my take is that as long as you use an external ip allocation mechanism 
(dhcp/static) - its up to you to limit.
once engine will do the allocations (IPAM, or L3), then quota's for IP 
addresses could be relevant.




More information about the Users mailing list