On Tue, Mar 13, 2012 at 02:36:34PM -0300, Luiz Ozaki wrote: > I'm doing antispoof using OpenFlow here, but, is there any MAC/IP > antispoof in OpenVSwitch that is builtin ? > > How can I prevent one VM to get other VM MAC and IP and start using > the network ? > > I'm planning to put a controller to manage our flows, but since > it'll became a single "domain" of switches, any VM managed by that > controller could put others MAC/IP and start faking another VM. > > I could to a MAC match IP, but if someone discover the MAC-IP > relation, those traffic could be faked ?
The way I would suggest doing it is to have the controller track the VM that is supposed to be associated with a given OpenFlow port and drop any traffic originating from the port that claims a different source MAC or IP. It's possible to do the latter with OpenFlow. _______________________________________________ discuss mailing list [email protected] http://openvswitch.org/mailman/listinfo/discuss
