Bonjour
J'ai un problème d'isolation entre des VM connectés à un OpenVSwitch et
utilisant des VLAN. Les vlan ne jouent pas leur rôle de cloisement. Je
copie ci-dessous le post stackoverflow que j'ai effectué, resté sans
réponse à ce jour.
I have 3 VM (qemu), 2 on vlan 10 and 1 on vlan 66 on the same lab1
OpenVSwitch.
The first VM is connected via a tap interface on port lab1vm1. The
second has 2 network interfaces connected on port lab1dhcp and
lab1dhcpmaster and the third VM on port dhcpmaster.
```
------------- ----------------------- --------------
| VM 1 | | VM2 | | VM3 |
|10.10.10.3 | |10.8.6.1 10.10.10.13| | 10.10.10.2 |
------------- ----------------------- --------------
| | | |
| | | |
------------------------------------------------------------------
|lab1vm1 lab1dhcp lab1dhcpadm dhcpmaster OVS lab1|
|tag 10 tag 10 tag 66 tag 66 |
------------------------------------------------------------------
```
The OpenVSwitch is configured as follow :
```bash
Bridge "lab1"
Port "lab1vm1"
tag: 10
Interface "lab1vm1"
Port "lab1"
tag: 10
Interface "lab1"
type: internal
Port "lab1dhcp"
tag: 10
Interface "lab1dhcp"
Port "lab1dhcpadm"
tag: 66
Interface "lab1dhcpadm"
Port dhcpmaster
tag: 66
Interface dhcpmaster
ovs_version: "2.9.2"
```
The problem: VM1 can ping VM3!
- If I power off VM2 or shutdown lab1dhcp or lab1dhcpadm interface,
the ping doesn't work.
- If I shutdown the two network interfaces of VM2, ping works !
Why VM2 relay ICMP packet from VM1 to VM3 ?
Merci pour votre aide.
Florent
---------------------------
Liste de diffusion du FRnOG
http://www.frnog.org/
