[ovirt-users] oVirt and VDSM isolatedprivatevlan hook

[Dan Kenigsberg]

On Thu, Jun 26, 2014 at 01:38:16PM +0000, Sven Kieske wrote:
> In short:
> I believe this hook is out of date,

Correct. It happens to have been broken quite long time ago (ovirt-3.1)
with the introduction of no-mac-spoof filtering.

I remember reviewing a gerrit post that aimed to change things there,
but I fail to find it now (could the author has retracted a draft?)

Basically, the hook should replace (and not add) a filterref. Anybody
cares to send a quick fix or file a BZ?

> you can define logical networks in ovirt and assign
> them v-lans, so you can go with one logical network
> per vm and assign a unique vlan to that, ovirt
> takes care of the complete deploy process, you need no
> hook.
> 
> the only thing you need of course is some network hardware
> which is capable of vlan tagging.

Alternatively, we can consume libvirt's "clean-traffic" filter. Given
the onslaght of requests regarding this, I've file
http://www.ovirt.org/Features/Avoid_IP_Spoofing; a user filing an RFE
could help, too.

Integrating this with Engine may take a while, so I'd be pleased if you
try out this suggestion for a noipspoof hook
http://gerrit.ovirt.org/29093

Regards,
Dan.