[ovirt-users] vlan-tagging on non-tagged network

Sven Kieske s.kieske at mittwald.de
Wed Aug 19 12:22:59 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



On 19/08/15 12:55, Juan Pablo Lorier wrote:
> 
> Hi,
> 
> My two cents is that shouldn’t be doing mac spoofing protection as
> a default. There are several use cases where you may use virtual
> nics defined withing the guest and this feature is going to create
> problems to users that may not know that there’s a mac spoofing
> protection withing ovirt. Think of keeaplived vmac option, openvpn
> and any tap adapter you need to create. If you need to protect
> against spoofing attacks, you should use the hook or more powerful
> tools and in any case, you must be aware that you used this kind of
> protection. Regards,


I disagree:

This violates the "secure by default" design pattern.

The default should be secure, furthermore, it was so in every ovirt
release before, so it would be a sudden change.

if you need such advanced network setups in your guests you should be
able to search the documentation.

- -- 
Mit freundlichen Grüßen / Regards

Sven Kieske

Systemadministrator
Mittwald CM Service GmbH & Co. KG
Königsberger Straße 6
32339 Espelkamp
T: +495772 293100
F: +495772 293333
https://www.mittwald.de
Geschäftsführer: Robert Meyer
St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhaus
en
Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad
Oeynhausen
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAEBAgAGBQJV1HUjAAoJEMby9TMDAbQR0yEP/0it0Mh2p3EeBUG32uprxGcb
BC0D6QIGIBBLaZutrXSsOYLOlwK+QMTYDneo7S8wbHMLnTgig2fgByF8EJ0f2hg8
ELRsDhGKaKPyGPevJ3i1VUg1A43sBVSAedFAdcpTQjtZKImrOROgu2uquwkeBsju
9+Lwp5nRa64vxeZkyc93Bof3K1LP0L0FV9y3WwoGVd7UdZ2hw+k/4tyVeTRBWybS
phiEPWY9zmfCGOsztfs2LfmVMXtHjgCKpqySlpKuMVFwN0w6jMXst7tK18OU+B1i
2hp0MY79jZQqTW/gc0RK7lQVZjZjphVeyQv9yKIfEA0y8DD2H7XgzfS860Htx+ng
JTRt+iI4VYVaxUtRr3oxPBPoUVG4y4MmtQYUtnG8m5aY9pgrYjeCQIeoyZS5AWxA
Y7gHJpdlBPFNxRdOYI1KNk2RvSxRuzZZ6AgP7gOJXHTylqo0DdIF5xI+vtGteyyX
xaeikGSo0Dcq+FYgwA/qfDRCTXl0TWobvVYcJLch71jJtqZKbcw8TNCbZs8pLJvD
bRM1hy2rLCXD51ieTo/r8uFhE6OuHjUTbRbrBqNlOVMRyCIZuYE0t0Ct5rGTH37t
TVge3Je4o+xF40TdbTA6I29Erl50oZZW+qZg/E2S36bQL7qV55+qvfzTvU64wK9i
pBqXJP7nAFV8vCCrxctX
=qWrQ
-----END PGP SIGNATURE-----



More information about the Users mailing list