[ovirt-users] How to add the clean-traffic network-filter to a guest

Edward Haas ehaas at redhat.com
Sun Sep 25 12:36:39 UTC 2016


On Sun, Sep 25, 2016 at 11:17 AM, Troels Arvin <troels at arvin.dk> wrote:

> I would like to minimize the risk of virtual servers harming each other.
> As part of this, I would like to prevent them from changing their IP
> address to something different from what they are expected to have. In
> other words, I would like to prevent IP address spoofing in the guests.
> And I want to be able to do this without having to assign a different VLAN
> to each guest.
>
> Setup: RHEV 3.6 with RH7-based RHEV-H hypervisor hosts.
>
> Using virsh -r dumpxml  <guest name> on a host, I can see that the guests
> have the "vdsm-no-mac-spoofing" network filter active for the virtual
> network interface.
>
> But what if I want the "clean-traffic" filter to be active for the
> guests, as well (or instead): Is there a way to accomplish that in the
> RHEV-M/oVirt management interface? If so: Where's the option(s) to be
> found in the management interface? Can it be done globally, i.e. as a
> default when guests are started?
>
>
In 4.0 you can set this in the vnic profile (per network).

With 3.6, you will need to create a hook to do it.
See https://github.com/oVirt/vdsm/tree/master/vdsm_hooks/macspoof to get
an idea how you could do it.


> --
> Regards,
> Troels Arvin
>
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20160925/c224d4d4/attachment-0001.html>


More information about the Users mailing list